Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/kuleuven-cosic/threadfuzzer

https://github.com/kuleuven-cosic/threadfuzzer

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.5%) to scientific vocabulary
Last synced: 4 months ago · JSON representation

Repository

Basic Info
  • Host: GitHub
  • Owner: KULeuven-COSIC
  • License: agpl-3.0
  • Language: C++
  • Default Branch: main
  • Size: 78.7 MB
Statistics
  • Stars: 0
  • Watchers: 0
  • Forks: 0
  • Open Issues: 0
  • Releases: 0
Created 7 months ago · Last pushed 7 months ago
Metadata Files
Readme License

README.md

ThreadFuzzer

This guide covers the installation of the complete ThreadFuzzer framework.

To specifically test AFL++ fuzzing for OpenThread, refer to the instructions in AFL++_Comparison/README.md.

Installation Options

Option 1: Native Installation (Ubuntu 22.04)

Run the setup script to install dependencies, pull submodules, and apply necessary patches:

bash chmod +x setup.sh && sudo ./setup.sh

Option 2: Docker Installation

1. Build the Docker Image

bash sudo docker build --pull --progress=plain -t thread_fuzzer:latest .

2. Run the Container Interactively

bash sudo docker run --rm -it thread_fuzzer

Inside the container, all commands should be run without sudo.

Repository Structure

  • src/ — Source files
  • include/ — Header files
  • third-party/ — Third-party libraries
  • common/ — Common shared libraries
  • scripts/ — Utility scripts
  • seeds/ — Crash reproduction seeds
  • coverage_log/ — Coverage data from fuzzing runs
  • logs/ — Logs from fuzzer runs
  • configs/ — Configuration files:
    • Fuzzing_Settings/ — Core fuzzer settings
    • Fuzzing_Strategies/ — Fuzzing strategy configurations

Running the Fuzzer in Simulation Mode

bash sudo ./build/ThreadFuzzer [MAIN CONFIG] [FUZZ STRATEGY 1] ... [FUZZ STRATEGY N]

Example: Run Random Fuzzer

bash sudo ./build/ThreadFuzzer configs/Fuzzing_Settings/main_config.json configs/Fuzzing_Strategies/random_config.json

Reproducing Crashes

To reproduce predefined crashes (1–6), replace X with the crash number:

bash sudo ./build/ThreadFuzzer seeds/crash_seeds/Crash_X/main_config.json seeds/crash_seeds/Crash_X/none_config.json

Plotting Graphs from the Paper

Note: This cannot be done from within a Docker container.

Use the appropriate script to generate figures:

  • ./scripts/visualize_coverage_results_greybox.sh
  • ./scripts/visualize_coverage_results_blackbox.sh
  • ./scripts/visualize_coverage_results_tlv_fuzzer.sh
  • ./scripts/visualize_coverage_results_mtd.sh

Notes

Working with WDissector

WDissector is buggy, unorganized, and potentially unsafe. Always run with AddressSanitizer enabled due to possible memory leaks.

To use custom Wireshark profiles, place them in the bin/ws/ directory.

Owner

  • Name: KU Leuven - COSIC
  • Login: KULeuven-COSIC
  • Kind: organization

GitHub Events

Total
  • Member event: 2
  • Push event: 20
Last Year
  • Member event: 2
  • Push event: 20