Skip to content

Latest commit

 

History

History
168 lines (121 loc) · 18.4 KB

README.md

File metadata and controls

168 lines (121 loc) · 18.4 KB

Mayhem Examples

Hello World! of Mayhem Docker Images

Mayhem example templates for programming languages and fuzzers that you love! Like a "Hello World!" but for fuzzing!

visitors CI


Quickstart

Use the Mayhem CLI to execute a new Mayhem run (via the mayhem run command) for any mayhem-examples target directory with a valid Mayhemfile. Alternatively, Mayhem users can use the Mayhem UI to execute a new Mayhem run by selecting and fuzzing a mayhem-examples target Docker image uploaded to either the private Mayhem Docker Registry or the public Docker Hub.

Note: Before executing a Mayhem run on the mayhem-examples, you'll need to first upload the below mayhem-example targets to either a private Mayhem Docker Registry or to the public Docker Hub. Read the How to Get Started section for more details.

Target List by Language/Fuzzer

Order is alphabetical.

Target Name Language Environment Fuzzer Image Size Link
forallsecure/ada-base-executable Ada Ada2012 Base-Executable docker-logo
forallsecure/android-base-executable C C99 Base-Executable docker-logo
forallsecure/c-afl-clang C C99 AFL-clang docker-logo
forallsecure/c-afl-gcc C C99 AFL-gcc docker-logo
forallsecure/c-aflpp-clang C C99 AFL++-clang docker-logo
forallsecure/c-aflpp-gcc C C99 AFL++-gcc
forallsecure/c-base-executable C C99 Base-Executable docker-logo
forallsecure/c-honggfuzz-clang C C99 Honggfuzz-clang docker-logo
forallsecure/c-honggfuzz-gcc C C99 Honggfuzz-gcc docker-logo
forallsecure/c-libfuzzer C C99 libFuzzer
forallsecure/cpp-afl-clang C++ C++11 AFL-clang docker-logo
forallsecure/cpp-afl-gcc C++ C++11 AFL-gcc docker-logo
forallsecure/cpp-aflpp-clang C++ C++11 AFL++-clang docker-logo
forallsecure/cpp-aflpp-gcc C++ C++11 AFL++-gcc
forallsecure/cpp-base-executable C++ C++11 Base-Executable docker-logo
forallsecure/cpp-honggfuzz-clang C++ C++11 Honggfuzz-clang docker-logo
forallsecure/cpp-honggfuzz-gcc C++ C++11 Honggfuzz-gcc docker-logo
forallsecure/cpp-libfuzzer C++ C++11 libFuzzer docker-logo
forallsecure/csharp-sharpfuzz C# .NET 6.0 sharpfuzz docker-logo
forallsecure/fortran-base-executable Fortran Fortran 8.3.0 Base-Executable docker-logo
forallsecure/go-base-executable Go Go 1.13 Base-Executable docker-logo
forallsecure/go-go-fuzz Go Go 1.13 go-fuzz docker-logo
forallsecure/java-base-executable Java Openjdk11 Base-Executable docker-logo
forallsecure/java-jazzer Java Openjdk11 jazzer docker-logo
forallsecure/kotlin-jazzer Kotlin Openjdk11 jazzer docker-logo
forallsecure/obj-c-base-executable Objective-C Objective-C 2.0 Base-Executable docker-logo
forallsecure/ocaml-afl OCaml OCaml 4.0 AFL docker-logo
forallsecure/ocaml-base-executable OCaml OCaml 4.0 Base-Executable docker-logo
forallsecure/python-atheris Python Python3.8 Atheris docker-logo
forallsecure/rust-afl Rust Rust 1.44 afl.rs docker-logo
forallsecure/rust-base-executable Rust Rust 1.44 Base-Executable docker-logo
forallsecure/rust-cargo-fuzz Rust Rust 1.44 cargo-fuzz docker-logo
forallsecure/swift-libfuzzer Swift Swift 5.4.2 libFuzzer docker-logo

Supported Fuzzers

Fuzzer dictionary max_length sanitizers
mCode
AFL
honggfuzz
libFuzzer

Use the Mayhemfile parameters as follows:

  • Dictionary: The path to an AFL-compatible dictionary file. The path should be relative to the root of the container. For instance, if the dictionary is under /etc/foo/bar/http.dict inside the image, the dictionary path in the Mayhemfile should be /etc/foo/bar/http.dict.

    dictionary: /tmp/my-dictionary
  • Max Length: Maximum length (in bytes) that will be provided as input to the fuzz target and should not exceed 100MB, otherwise the Mayhemfile will fail to validate. Test cases in the starting testsuite larger than the specified maximum length will be truncated to the value set.

    max_length: 8192
  • Sanitizers: Set to true only if the target executable is compiled with a sanitizer

    sanitizer: false

How can I contribute?

Don't see your language/fuzzer in the list above? Let us know or better yet send us a PR adding it! Checkout our CONTRIBUTING.md guidelines.

How to Get Started

Navigate to each Language/Fuzzer folder and follow the individual build instructions. Alternatively, you can use the included Makefile in the root directory of the mayhem-examples GitHub repository to build the compilation of Dockerfiles and then tag and push the resulting Docker images to the Docker registry of your choice (private or public such as Docker Hub) all in one go!

You'll need to first log into your desired Docker registry using the docker login command and then set a MAYHEM_DOCKER_REGISTRY environment variable to the URL of the specified Docker registry.

For example, for a private Docker registry you'll want the following:

export MAYHEM_DOCKER_REGISTRY=tutorial.forallsecure.com:5000

Alternatively, for a public Docker registry like Docker Hub, you'll want the following:

export MAYHEM_DOCKER_REGISTRY=docker.io

Once complete, just run the following commands:

make build
make push

With the Docker images now pushed to a private or public Docker registry, just use either the Mayhem CLI or the Mayhem UI to create a new run and start fuzzing!

For example, you'll need to set a Mayhemfile with a image parameter similar to the following for a private Docker registry, where $MAYHEM_DOCKER_REGISTRY represents the URL of the private Mayhem Docker registry:

image: $MAYHEM_DOCKER_REGISTRY/forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
  - cmd: /mayhemit @@

Otherwise, you can set the Mayhemfile with a image parameter to a public Docker Hub URL like so:

image: forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
  - cmd: /mayhemit @@

Why Use Docker?

Mayhem performs behavioral testing where the application is dynamically ran and analyzed. In order to do so, Mayhem needs the complete application, including executable, libraries, and configuration files.

Docker is popular because it solves the problem of creating a reproducible environment. To quote from Docker:

Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers. The use of Linux containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.

A container runs natively on Linux, and shares the underlying runtime. Three key benefits of Docker that Mayhem leverages include:

  1. Isolation: Docker provides a convenient way to isolate different apps, each of which may have different dependencies.
  2. Configuration-as-Code: When you create a Docker image, you write a Dockerfile, which gives the exact commands to build the image. The Dockerfile can be edited and revision controlled like any other text file.
  3. Efficiency: Docker uses a layered file system, which means if two applications share the same files, you only need one copy.

Fuzzing Docker Targets with Mayhem

Given a Docker image, Mayhem will spin up and tear down Docker containers as needed to run the specified application in the containerized environment.

Mayhem can run Docker images stored on either the included private Docker registry (as a part of your Mayhem deployment) or through Docker Hub, which hosts tens of thousands of public Docker images. If you are storing your images on your private registry, you will need to specify this in the Mayhemfile.

About Us

ForAllSecure was founded with the mission to make the world’s critical software safe. The company has been applying its patented technology from over a decade of CMU research to solving the difficult challenge of making software safer. ForAllSecure has partnered with Fortune 1000 companies in aerospace, automotive and high-tech industries, as well as the US Department of Defense to integrate Mayhem into software development cycles for continuous security. Profitable and revenue-funded, the company is scaling rapidly.