Skip to content
/ Lerneaver Public

πŸ‰ Crossplatform dynamic fuzzing framework for supermans πŸ‰

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

XXXRef/Lerneaver

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

69 Commits

CLI_UI

CLI_UI

Β 
Β 

Lerneaver

Lerneaver

Β 
Β 

TestFuzzer

TestFuzzer

Β 
Β 

TestLogger

TestLogger

Β 
Β 

TestOutputter

TestOutputter

Β 
Β 

.gitignore

.gitignore

Β 
Β 

CMakeLists.txt

CMakeLists.txt

Β 
Β 

README.md

README.md

Β 
Β 

Repository files navigation

πŸ‰ Lerneaver πŸ‰

Crossplatform dynamic fuzzing framework for supermans Current version: 1.0

Table of contents

What is it

Lerneaver is the thing that makes fuzzing process a joy. Lets dont rant about concurrency, platfrom independency, modularity, changing entities state/set on the fly - its obvious that Lerneaver has its all and many more, we'll just watch closer how it works. There are 3 main types of entities in Lerneaver system: fuzzer, logger, outputter. Fuzzer is the thing that generates data, runs in its own thread and is able to init/deinit/stop/resume. Logger somehow processes this data and stores it somewhere (file, stream, mailslot, whatever). And outputter transfers fuzz buffer to target, maybe after some its postprocessing. Its assumed that each entity object (fuzzer/logger/outputter) loaded from its own module (we wont talk about modularity and rebuilding structure during runtime you still remember?). So all you need to become fuzz superstar is to implement business logic of your fuzzers/loggers/outputters through convinient interfaces and then see your victims constantly crash cos of monstrous fuzzing speed ;3

I like to make shemes, so i visualized basic Lerneaver workflow:

Every logger/outputter can be linked with multiple fuzzers at the same time. Here is the example of logger-fuzzer-outputter links configuration:

NOTES:

How to build

Lerneaver uses CMake as build system.

git clone https://github.com/XXXRef/Lerneaver.git
cd Lerneaver
mkdir BUILD
cd BUILD
cmake ..

All subprojects will be produced. Ofc you can build Lerneaver lib / Lerneaver CLI / test modules separately. Or by manipulating FLAG_ADD_LERNEAVER/FLAG_ADD_CLI_UI/FLAG_ADD_TESTFUZZER/FLAG_ADD_TESTLOGGER/FLAG_ADD_TESTOUTPUTTER CMake build options.

NOTES:

  • For now only x86-Debug build configuration tested

How to use

Creating entities To create your own entity(fuzzer/logger/outputter) copy "inc" folder from appropriate entity subproject(TestFuzzer/TestLogger/TestOutputter) and implement entity interface:

  • inc/i_fuzzer.hpp for fuzzer entity
  • inc/i_logger.hpp for logger entity
  • inc/i_outputter.hpp for outputter entity

TestFuzzer/TestLogger/TestOutputter projects also act as example how to implement fuzzing entities.

Using Lerneaver as library

Lerneaver is shipped mainly as static library so you can simply incorporate it into your project.

  1. Add/copy "Lerneaver/src/inc/" as include folder into your project
  2. Include "Lerneaver/src/inc/fuzzingmanager.hpp"
  3. Create CFuzzingManager object
  4. Use it's interface in code to perform fuzzing business. Methods names are self-explanatory
  5. Link your program with Lerneaver library (Lerneaver.lib/Lerneaver.a/...)

Using CLI_UI

CLI_UI is command-line interface to Lerneaver.

  • Add fuzzer with fuzzer ID = < fuzzerID > (simply string) and from module with path = < fuzzer_module_path >
ADD <fuzzerID> <fuzzer_module_path>
  • Remove fuzzer with fuzzer ID = < fuzzerID >
RM <fuzzerID>
  • Init fuzzer with fuzzer ID = < fuzzerID > and from config file with path = < cfg_file_path >
INIT <fuzzerID> <cfg_file_path>
  • Deinit fuzzer with fuzzer ID = < fuzzerID >
DEINIT <fuzzerID>
  • Start fuzzer with fuzzer ID = < fuzzerID >
START <fuzzerID>
  • Stop fuzzer with fuzzer ID = < fuzzerID >
STOP <fuzzerID>
  • Add logger with logger ID = < loggerID > (simply string) and from module with path = < logger_module_path >
ADD_LOGGER <loggerID> <logger_module_path>
  • Remove logger with logger ID = < loggerID >
RM_LOGGER <loggerID>
  • Init logger with logger ID = < loggerID > and from config file with path = < cfg_file_path >
INIT_LOGGER <loggerID> <cfg_file_path>
  • Deinit logger with logger ID = < loggerID >
DEINIT_LOGGER <loggerID>
  • Link logger with logger ID = < loggerID > to fuzzer with fuzzer ID = < fuzzerID >
LINK_LOGGER <fuzzerID> <loggerID>
  • Unink logger with logger ID = < loggerID > from fuzzer with fuzzer ID = < fuzzerID >
UNLINK_LOGGER <fuzzerID> <loggerID>
  • Add outputter with outputter ID = < outputterID > (simply string) and from module with path = < outputterer_module_path >
ADD_OUTPUTTER <outputterID> <outputter_module_path>
  • Remove outputter with outputter ID = < outputterID >
RM_OUTPUTTER <outputterID>
  • Init outputter with outputter ID = < outputterID > and from config file with path = < cfg_file_path >
INIT_OUTPUTTER <outputterID> <cfg_file_path>
  • Deinit outputter with outputter ID = < outputterID >
DEINIT_OUTPUTTER <outputterID>
  • Link outputter with outputter ID = < outputterID > to fuzzer with fuzzer ID = < fuzzerID >
LINK_OUTPUTTER <fuzzerID> <outputterID>
  • Unlink outputter with outputter ID = < outputterID > from fuzzer with fuzzer ID = < fuzzerID >
UNLINK_OUTPUTTER <fuzzerID> <outputterID>
  • Get fuzzers info
LS

NOTES:

  • Config file may contain whatever additional info you want for your entity to initialize itself

About

πŸ‰ Crossplatform dynamic fuzzing framework for supermans πŸ‰

Topics

concurrency fuzzing fuzz-testing fuzzer

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v1.0 Latest
May 1, 2022

Packages

No packages published

Languages