#----------------------------------------------------------------------- # Configuration for the BCF fuzzer #----------------------------------------------------------------------- [BCF] templates-path=/opt/nightmare/samples/av # Current options are: DynamoRIO, Pin bininst-tool=DynamoRIO # Use *ONLY* iterative algorithm instead of all algorithms? #iterative=1 # Use *ONLY* radamsa instead of all the implemented algorithms? #radamsa=1 #----------------------------------------------------------------------- # Configuration for Expat 2.0.1 tool #----------------------------------------------------------------------- [expat] # Command line to launch it command=/home/joxean/devel/expat/2.0.1/expat-2.0.1/examples/outline # Base tube name basetube=expat # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=15 # Environment environment=common-environment current-state-file=current-state-exapt generation-bottom-level=-300 hide-output=1 skip-bytes=4 #radamsa=1 #----------------------------------------------------------------------- # Configuration for radare's "rabin2" tool #----------------------------------------------------------------------- [rabin2] # Command line to launch it command=/usr/local/bin/rabin2 -A # Base tube name basetube=rabin # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=15 # Environment environment=common-environment generation-bottom-level=-100 hide-output=1 skip-bytes=4 non-uniques=True #----------------------------------------------------------------------- # Configuration for "readelf" tool #----------------------------------------------------------------------- [readelf] # Command line to launch it command=/usr/bin/readelf -a # Base tube name basetube=readelf # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=15 # Environment environment=common-environment current-state-file=current-state-readelf generation-bottom-level=-500 hide-output=1 skip-bytes=4 non-uniques=True radamsa=1 #iterative=1 #----------------------------------------------------------------------- # Configuration for libmagic "file" tool #----------------------------------------------------------------------- [file] # Command line to launch it command=/usr/bin/file # Base tube name basetube=file # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=15 # Environment environment=common-environment generation-bottom-level=-3000 non-uniques=True #iterative=1 #----------------------------------------------------------------------- # Configuration for the command line gpg tool #----------------------------------------------------------------------- [gpg] # Command line to launch it command=/usr/bin/gpg --verify # Base tube name basetube=gpg # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=60 # Environment environment=common-environment # File to load/save the state with BCF fuzzer state-file=gpg.dat current-state-file=current-gpg #----------------------------------------------------------------------- # Configuration for the command line openssl from LibreSSL #----------------------------------------------------------------------- [LibreSSL] # Command line to launch it command=/home/joxean/devel/libressl/libressl-2.0.0/apps/openssl asn1parse -in # Base tube name basetube=openssl # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=60 # Environment environment=common-environment current-state-file=current-libressl #----------------------------------------------------------------------- # Configuration for the command line openssl #----------------------------------------------------------------------- [OpenSSL] # Command line to launch it command=/home/joxean/devel/openssl/openssl-1.0.1g/apps/openssl asn1parse -in # Base tube name basetube=openssl # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=60 # Environment environment=common-environment # File to load/save the state with BCF fuzzer state-file=openssl.dat current-state-file=current-openssl #----------------------------------------------------------------------- # Configuration for F-Prot #----------------------------------------------------------------------- [FProt] # Command line to launch it command=/home/joxean/devel/fprot/f-prot/fpscan -r # Base tube name basetube=fprot # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=90 # Environment environment=common-environment # File to load/save the state with BCF fuzzer state-file=fprot.dat current-state-file=current-fprot #----------------------------------------------------------------------- # Configuration for BitDefender #----------------------------------------------------------------------- [BitDefender] # Command line to launch it command=/usr/bin/bdscan --no-list # Base tube name basetube=bitdefender # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=90 # Environment environment=common-environment # File to load/save the state with BCF fuzzer #state-file=state.dat current-state-file=current-state-bd generation-bottom-level=-25 skip-bytes=7 save-generations=1 [common-environment] MALLOC_CHECK_=2 [DynamoRIO] path=/opt/dynamorio [Pin] path=/home/b/tools/pin/ #----------------------------------------------------------------------- # Configuration for Evince document viewer (PDF) #----------------------------------------------------------------------- [Evince] # Command line to launch it command=/usr/bin/evince # Base tube name basetube=evince-pdf # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.pdf # Timeout for this fuzzer timeout=3 # Is debug enabled? debug=1 # Environment environment=evince-env [evince-env] DISPLAY=:1 MALLOC_CHECK_=3 #----------------------------------------------------------------------- # Configuration for clamav #----------------------------------------------------------------------- [clamav] # Command line to launch it command=/usr/bin/clamscan --quiet # Base tube name basetube=clamav # The tube the fuzzer will use to pull of samples tube=%(basetube)s-samples # The tube the fuzzer will use to record crashes crash-tube=%(basetube)s-crash # Extension for the files to be fuzzed extension=.fil # Timeout for this fuzzer timeout=90 # Environment environment=common-environment # File to load/save the state with BCF fuzzer #state-file=state.dat current-state-file=current-state-bd generation-bottom-level=-25 skip-bytes=7 save-generations=1 [common-environment] MALLOC_CHECK_=2 [DynamoRIO] path=/opt/dynamorio [Pin] path=/home/b/tools/pin/