├── .gitignore ├── LICENSE ├── OVMF_CODE-pure-efi.fd ├── README.md ├── TechnicalDetails.md ├── compile-kvm.sh ├── copy_files_to_vm.sh ├── drivers ├── CPHarness │ ├── CPHarness.sln │ └── CPHarness │ │ ├── CPHarness.vcxproj │ │ ├── CPHarness.vcxproj.filters │ │ ├── Driver.c │ │ ├── Driver.h │ │ ├── Globals.h │ │ ├── KernelModules.c │ │ ├── KernelModules.h │ │ └── cpharness.inf └── CrashMonitoringDriver │ ├── CrashMonitoringDriver.sln │ └── CrashMonitoringDriver │ ├── CrashMonitoringDriver.inf │ ├── CrashMonitoringDriver.vcxproj │ ├── CrashMonitoringDriver.vcxproj.filters │ ├── hypercall.asm │ ├── main.c │ ├── module.cpp │ └── module.h ├── images └── Architecture.png ├── install.sh ├── kAFL-Fuzzer ├── .gitignore ├── banner.txt ├── common │ ├── __init__.py │ ├── color.py │ ├── config.py │ ├── debug.py │ ├── execution_result.py │ ├── qemu.py │ ├── qemu_protocol.py │ ├── self_check.py │ └── util.py ├── dict │ ├── http_sys.dict │ └── vuln.dict ├── fuzzer │ ├── __init__.py │ ├── bitmap.py │ ├── communicator.py │ ├── core.py │ ├── native │ │ ├── Makefile │ │ └── bitmap.c │ ├── node.py │ ├── process │ │ ├── __init__.py │ │ ├── master.py │ │ └── slave.py │ ├── queue.py │ ├── scheduler.py │ ├── state_logic.py │ ├── statistics.py │ └── technique │ │ ├── __init__.py │ │ ├── arithmetic.py │ │ ├── bitflip.py │ │ ├── grimoire_inference.py │ │ ├── grimoire_mutations.py │ │ ├── havoc.py │ │ ├── havoc_handler.py │ │ ├── helper.py │ │ ├── interesting_values.py │ │ ├── radamsa.py │ │ ├── redqueen │ │ ├── __init__.py │ │ ├── cmp.py │ │ ├── colorize.py │ │ ├── encoding.py │ │ ├── hash_fix.py │ │ ├── hash_patch.py │ │ ├── mod.py │ │ ├── parser.py │ │ └── workdir.py │ │ └── trim.py ├── info │ ├── __init__.py │ └── core.py ├── kafl_cov.py ├── kafl_debug.py ├── kafl_fuzz.py ├── kafl_gui.py ├── kafl_info.py ├── kafl_plot.py ├── kafl_user_prepare.py ├── redqueen_mut.py ├── seed │ ├── ext4 │ │ └── ext4.img │ ├── fat │ │ ├── fat_a │ │ ├── fat_b │ │ ├── fat_c │ │ ├── fat_d │ │ └── fat_e │ ├── kafl_vulntest │ │ └── seed_file │ ├── ntfs │ │ └── ntfs64 │ └── ntfs_win │ │ └── ntfs_header_64k ├── test.py └── tests │ ├── __init__.py │ ├── helper.py │ ├── test_deterministic.py │ ├── test_havoc_handler.py │ └── test_random.py ├── kAFL-LICENSES ├── AGPL-3.0 ├── Apache-2.0 ├── BSD-2-Clause ├── GPL-2.0 └── MIT ├── patches ├── kvm │ └── v5.12 │ │ ├── 0001-kAFL-hAFL1-Modifications.patch │ │ └── 0002-hAFL2-Modifications.patch └── qemu │ └── v6.0.0 │ ├── 0001-Ported-kAFL-hAFL2-to-QEMU-6.patch │ ├── 0002-Removed-libexplain-ioctl.h.patch │ └── 0003-Removed-SHUTDOWN-when-info-hypercall-is-called.patch ├── sha256sums.lst ├── targets ├── compile.sh ├── kafl_user.h ├── linux_x86_64-userspace │ ├── .gitignore │ ├── compile.sh │ ├── initrd │ │ ├── .gitignore │ │ ├── pack.sh │ │ ├── run_vm.sh │ │ └── template │ │ │ ├── dev │ │ │ └── .gitkeep │ │ │ ├── etc │ │ │ ├── nsswitch.conf │ │ │ └── passwd │ │ │ ├── init │ │ │ ├── lib │ │ │ ├── i386-linux-gnu │ │ │ │ └── .gitkeep │ │ │ └── x86_64-linux-gnu │ │ │ │ └── .gitkeep │ │ │ ├── lib64 │ │ │ └── .gitkeep │ │ │ ├── proc │ │ │ └── .gitkeep │ │ │ ├── sbin │ │ │ └── .gitkeep │ │ │ ├── sys │ │ │ └── .gitkeep │ │ │ ├── tmp │ │ │ └── .gitkeep │ │ │ └── usr │ │ │ └── sbin │ │ │ └── .gitkeep │ └── src │ │ ├── ld_preload_fuzz.c │ │ ├── ld_preload_info.c │ │ └── userspace_loader.c ├── linux_x86_64 │ ├── .gitignore │ ├── compile.sh │ └── src │ │ ├── fuzzer │ │ ├── fs_fuzzer.c │ │ ├── hprintf_test.c │ │ ├── kafl_vuln_json.c │ │ └── kafl_vuln_test.c │ │ ├── info │ │ └── info.c │ │ └── loader │ │ ├── loader.c │ │ └── stage2_loader.c ├── macOS_x86_64 │ ├── compile.sh │ ├── fuzzer │ │ └── vuln_test.c │ ├── info │ │ └── info.c │ └── loader │ │ └── loader.c ├── uefi_ovmf_64 │ ├── README.md │ ├── TestBMPPkg │ │ ├── TestBMP.c │ │ ├── TestBMP.dsc │ │ ├── TestBMP.inf │ │ └── TestBMPPkg.dec │ ├── TestDecompressPkg │ │ ├── TestDecompress.c │ │ ├── TestDecompress.dsc │ │ ├── TestDecompress.efi │ │ ├── TestDecompress.inf │ │ └── TestDecompressPkg.dec │ ├── compile.sh │ ├── edk2_kafl.patch │ ├── fake_hda │ │ └── startup.nsh │ ├── kAFLAgentPkg │ │ ├── Include │ │ │ └── Library │ │ │ │ └── kAFLAgentLib.h │ │ ├── Library │ │ │ └── kAFLAgentLib │ │ │ │ ├── kAFLAgentLib.c │ │ │ │ └── kAFLAgentLib.inf │ │ └── kAFLAgentPkg.dec │ └── seeds │ │ └── seed ├── windows_x86_64-userspace │ ├── compile.sh │ └── src │ │ ├── gdiplus.cpp │ │ ├── gdiplus_loadfont.cpp │ │ └── selffuzz_test.c ├── windows_x86_64 │ ├── compile.sh │ └── src │ │ ├── fuzzer │ │ ├── hprintf_test.c │ │ └── packet_sender.c │ │ ├── info │ │ └── info.cpp │ │ └── loader │ │ └── loader.c └── zephyr_x86_32 │ ├── .gitignore │ ├── CMakeLists.txt │ ├── README.md │ ├── compile.sh │ ├── prj.conf │ ├── seeds │ └── test.json │ └── src │ ├── kafl_user.h │ ├── main.c │ ├── target.h │ ├── target_fs.c │ ├── target_json.c │ └── target_test.c ├── tests ├── README.md ├── hard_cases │ ├── README.md │ ├── inputs │ │ ├── f_kafl │ │ ├── f_kasan │ │ ├── f_sergej │ │ ├── h_hash │ │ ├── j_hash2 │ │ ├── l_loop │ │ └── s_mult │ ├── linux_x86_64-userspace │ │ ├── .gitignore │ │ ├── Makefile │ │ └── main.c │ ├── linux_x86_64 │ │ ├── .gitignore │ │ ├── Makefile │ │ ├── kafl_vuln_test.c │ │ └── load.sh │ └── tests.h ├── test_cases │ ├── asan │ │ └── linux_x86_64-userspace │ │ │ ├── .gitignore │ │ │ ├── compile.sh │ │ │ └── src │ │ │ ├── loop.c │ │ │ └── vuln.c │ ├── json │ │ ├── linux_x86-64 │ │ │ ├── Makefile │ │ │ └── kafl_vuln_test_json.c │ │ ├── macOS_x86-64 │ │ │ ├── compile.sh │ │ │ ├── info.plist │ │ │ ├── load.sh │ │ │ ├── vuln.c │ │ │ └── vuln.xcodeproj │ │ │ │ └── project.pbxproj │ │ └── windows_x86-64 │ │ │ └── Driver.c │ └── simple │ │ ├── linux_x86-64 │ │ ├── Makefile │ │ ├── kafl_vuln_test.c │ │ └── load.sh │ │ ├── macOS_x86-64 │ │ ├── compile.sh │ │ ├── info.plist │ │ ├── load.sh │ │ ├── vuln.c │ │ └── vuln.xcodeproj │ │ │ └── project.pbxproj │ │ └── win10_x86-64 │ │ └── Driver.c └── user_bench │ ├── .gitignore │ ├── README.md │ ├── build.sh │ ├── run.sh │ └── seeds │ └── uninformed_seed ├── tools ├── cov.plot ├── gen_dict.sh ├── ghidra_cov_analysis.py ├── ghidra_cov_analysis.sh ├── ida_coverage_validate.py ├── ida_highlight_addrs.py ├── mcat.py ├── stats.plot └── unique_edges.sh └── tutorial.md /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/.gitignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/LICENSE -------------------------------------------------------------------------------- /OVMF_CODE-pure-efi.fd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/OVMF_CODE-pure-efi.fd -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/README.md -------------------------------------------------------------------------------- /TechnicalDetails.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/TechnicalDetails.md -------------------------------------------------------------------------------- /compile-kvm.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/compile-kvm.sh -------------------------------------------------------------------------------- /copy_files_to_vm.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/copy_files_to_vm.sh -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness.sln -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/CPHarness.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/CPHarness.vcxproj -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/CPHarness.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/CPHarness.vcxproj.filters -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/Driver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/Driver.c -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/Driver.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/Driver.h -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/Globals.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/Globals.h -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/KernelModules.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/KernelModules.c -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/KernelModules.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/KernelModules.h -------------------------------------------------------------------------------- /drivers/CPHarness/CPHarness/cpharness.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CPHarness/CPHarness/cpharness.inf -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver.sln: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver.sln -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.inf -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.vcxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.vcxproj -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.vcxproj.filters: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/CrashMonitoringDriver.vcxproj.filters -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/hypercall.asm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/hypercall.asm -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/main.c -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/module.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/module.cpp -------------------------------------------------------------------------------- /drivers/CrashMonitoringDriver/CrashMonitoringDriver/module.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/drivers/CrashMonitoringDriver/CrashMonitoringDriver/module.h -------------------------------------------------------------------------------- /images/Architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/images/Architecture.png -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/install.sh -------------------------------------------------------------------------------- /kAFL-Fuzzer/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/.gitignore -------------------------------------------------------------------------------- /kAFL-Fuzzer/banner.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/banner.txt -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/color.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/color.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/config.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/debug.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/debug.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/execution_result.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/execution_result.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/qemu.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/qemu.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/qemu_protocol.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/qemu_protocol.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/self_check.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/self_check.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/common/util.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/common/util.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/dict/http_sys.dict: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/dict/http_sys.dict -------------------------------------------------------------------------------- /kAFL-Fuzzer/dict/vuln.dict: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/dict/vuln.dict -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/bitmap.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/bitmap.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/communicator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/communicator.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/core.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/native/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/native/Makefile -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/native/bitmap.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/native/bitmap.c -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/node.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/node.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/process/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/process/master.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/process/master.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/process/slave.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/process/slave.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/queue.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/queue.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/scheduler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/scheduler.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/state_logic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/state_logic.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/statistics.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/statistics.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/arithmetic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/arithmetic.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/bitflip.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/bitflip.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/grimoire_inference.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/grimoire_inference.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/grimoire_mutations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/grimoire_mutations.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/havoc.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/havoc.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/havoc_handler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/havoc_handler.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/helper.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/interesting_values.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/interesting_values.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/radamsa.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/radamsa.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/__init__.py: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/cmp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/cmp.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/colorize.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/colorize.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/encoding.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/encoding.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/hash_fix.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/hash_fix.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/hash_patch.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/hash_patch.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/mod.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/mod.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/parser.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/redqueen/workdir.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/redqueen/workdir.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/fuzzer/technique/trim.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/fuzzer/technique/trim.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/info/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/info/core.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/info/core.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_cov.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_cov.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_debug.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_debug.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_fuzz.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_fuzz.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_gui.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_gui.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_info.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_info.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_plot.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_plot.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/kafl_user_prepare.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/kafl_user_prepare.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/redqueen_mut.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/redqueen_mut.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/ext4/ext4.img: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/ext4/ext4.img -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/fat/fat_a: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/fat/fat_a -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/fat/fat_b: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/fat/fat_b -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/fat/fat_c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/fat/fat_c -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/fat/fat_d: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/fat/fat_d -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/fat/fat_e: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/fat/fat_e -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/kafl_vulntest/seed_file: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/kafl_vulntest/seed_file -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/ntfs/ntfs64: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/ntfs/ntfs64 -------------------------------------------------------------------------------- /kAFL-Fuzzer/seed/ntfs_win/ntfs_header_64k: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/seed/ntfs_win/ntfs_header_64k -------------------------------------------------------------------------------- /kAFL-Fuzzer/test.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/test.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /kAFL-Fuzzer/tests/helper.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/tests/helper.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/tests/test_deterministic.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/tests/test_deterministic.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/tests/test_havoc_handler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/tests/test_havoc_handler.py -------------------------------------------------------------------------------- /kAFL-Fuzzer/tests/test_random.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-Fuzzer/tests/test_random.py -------------------------------------------------------------------------------- /kAFL-LICENSES/AGPL-3.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-LICENSES/AGPL-3.0 -------------------------------------------------------------------------------- /kAFL-LICENSES/Apache-2.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-LICENSES/Apache-2.0 -------------------------------------------------------------------------------- /kAFL-LICENSES/BSD-2-Clause: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-LICENSES/BSD-2-Clause -------------------------------------------------------------------------------- /kAFL-LICENSES/GPL-2.0: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-LICENSES/GPL-2.0 -------------------------------------------------------------------------------- /kAFL-LICENSES/MIT: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/kAFL-LICENSES/MIT -------------------------------------------------------------------------------- /patches/kvm/v5.12/0001-kAFL-hAFL1-Modifications.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/patches/kvm/v5.12/0001-kAFL-hAFL1-Modifications.patch -------------------------------------------------------------------------------- /patches/kvm/v5.12/0002-hAFL2-Modifications.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/patches/kvm/v5.12/0002-hAFL2-Modifications.patch -------------------------------------------------------------------------------- /patches/qemu/v6.0.0/0001-Ported-kAFL-hAFL2-to-QEMU-6.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/patches/qemu/v6.0.0/0001-Ported-kAFL-hAFL2-to-QEMU-6.patch -------------------------------------------------------------------------------- /patches/qemu/v6.0.0/0002-Removed-libexplain-ioctl.h.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/patches/qemu/v6.0.0/0002-Removed-libexplain-ioctl.h.patch -------------------------------------------------------------------------------- /patches/qemu/v6.0.0/0003-Removed-SHUTDOWN-when-info-hypercall-is-called.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/patches/qemu/v6.0.0/0003-Removed-SHUTDOWN-when-info-hypercall-is-called.patch -------------------------------------------------------------------------------- /sha256sums.lst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/sha256sums.lst -------------------------------------------------------------------------------- /targets/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/compile.sh -------------------------------------------------------------------------------- /targets/kafl_user.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/kafl_user.h -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/compile.sh -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/.gitignore: -------------------------------------------------------------------------------- 1 | *.cpio.gz 2 | initrd/ 3 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/pack.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/initrd/pack.sh -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/run_vm.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/initrd/run_vm.sh -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/dev/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/etc/nsswitch.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/initrd/template/etc/nsswitch.conf -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/etc/passwd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/initrd/template/etc/passwd -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/init: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/initrd/template/init -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/lib/i386-linux-gnu/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/lib/x86_64-linux-gnu/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/lib64/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/proc/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/sbin/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/sys/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/tmp/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/initrd/template/usr/sbin/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/src/ld_preload_fuzz.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/src/ld_preload_fuzz.c -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/src/ld_preload_info.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/src/ld_preload_info.c -------------------------------------------------------------------------------- /targets/linux_x86_64-userspace/src/userspace_loader.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64-userspace/src/userspace_loader.c -------------------------------------------------------------------------------- /targets/linux_x86_64/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /targets/linux_x86_64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/compile.sh -------------------------------------------------------------------------------- /targets/linux_x86_64/src/fuzzer/fs_fuzzer.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/fuzzer/fs_fuzzer.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/fuzzer/hprintf_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/fuzzer/hprintf_test.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/fuzzer/kafl_vuln_json.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/fuzzer/kafl_vuln_json.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/fuzzer/kafl_vuln_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/fuzzer/kafl_vuln_test.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/info/info.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/info/info.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/loader/loader.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/loader/loader.c -------------------------------------------------------------------------------- /targets/linux_x86_64/src/loader/stage2_loader.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/linux_x86_64/src/loader/stage2_loader.c -------------------------------------------------------------------------------- /targets/macOS_x86_64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/macOS_x86_64/compile.sh -------------------------------------------------------------------------------- /targets/macOS_x86_64/fuzzer/vuln_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/macOS_x86_64/fuzzer/vuln_test.c -------------------------------------------------------------------------------- /targets/macOS_x86_64/info/info.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/macOS_x86_64/info/info.c -------------------------------------------------------------------------------- /targets/macOS_x86_64/loader/loader.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/macOS_x86_64/loader/loader.c -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/README.md -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestBMPPkg/TestBMP.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestBMPPkg/TestBMP.c -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestBMPPkg/TestBMP.dsc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestBMPPkg/TestBMP.dsc -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestBMPPkg/TestBMP.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestBMPPkg/TestBMP.inf -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestBMPPkg/TestBMPPkg.dec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestBMPPkg/TestBMPPkg.dec -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.c -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.dsc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.dsc -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.efi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.efi -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestDecompressPkg/TestDecompress.inf -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/TestDecompressPkg/TestDecompressPkg.dec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/TestDecompressPkg/TestDecompressPkg.dec -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/compile.sh -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/edk2_kafl.patch: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/edk2_kafl.patch -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/fake_hda/startup.nsh: -------------------------------------------------------------------------------- 1 | reconnect -r 2 | fs0:harness.efi 3 | -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/kAFLAgentPkg/Include/Library/kAFLAgentLib.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/kAFLAgentPkg/Include/Library/kAFLAgentLib.h -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/kAFLAgentPkg/Library/kAFLAgentLib/kAFLAgentLib.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/kAFLAgentPkg/Library/kAFLAgentLib/kAFLAgentLib.c -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/kAFLAgentPkg/Library/kAFLAgentLib/kAFLAgentLib.inf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/kAFLAgentPkg/Library/kAFLAgentLib/kAFLAgentLib.inf -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/kAFLAgentPkg/kAFLAgentPkg.dec: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/uefi_ovmf_64/kAFLAgentPkg/kAFLAgentPkg.dec -------------------------------------------------------------------------------- /targets/uefi_ovmf_64/seeds/seed: -------------------------------------------------------------------------------- 1 | ;-) 2 | -------------------------------------------------------------------------------- /targets/windows_x86_64-userspace/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64-userspace/compile.sh -------------------------------------------------------------------------------- /targets/windows_x86_64-userspace/src/gdiplus.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64-userspace/src/gdiplus.cpp -------------------------------------------------------------------------------- /targets/windows_x86_64-userspace/src/gdiplus_loadfont.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64-userspace/src/gdiplus_loadfont.cpp -------------------------------------------------------------------------------- /targets/windows_x86_64-userspace/src/selffuzz_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64-userspace/src/selffuzz_test.c -------------------------------------------------------------------------------- /targets/windows_x86_64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64/compile.sh -------------------------------------------------------------------------------- /targets/windows_x86_64/src/fuzzer/hprintf_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64/src/fuzzer/hprintf_test.c -------------------------------------------------------------------------------- /targets/windows_x86_64/src/fuzzer/packet_sender.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64/src/fuzzer/packet_sender.c -------------------------------------------------------------------------------- /targets/windows_x86_64/src/info/info.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64/src/info/info.cpp -------------------------------------------------------------------------------- /targets/windows_x86_64/src/loader/loader.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/windows_x86_64/src/loader/loader.c -------------------------------------------------------------------------------- /targets/zephyr_x86_32/.gitignore: -------------------------------------------------------------------------------- 1 | build 2 | -------------------------------------------------------------------------------- /targets/zephyr_x86_32/CMakeLists.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/CMakeLists.txt -------------------------------------------------------------------------------- /targets/zephyr_x86_32/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/README.md -------------------------------------------------------------------------------- /targets/zephyr_x86_32/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/compile.sh -------------------------------------------------------------------------------- /targets/zephyr_x86_32/prj.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/prj.conf -------------------------------------------------------------------------------- /targets/zephyr_x86_32/seeds/test.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/seeds/test.json -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/kafl_user.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/kafl_user.h -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/main.c -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/target.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/target.h -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/target_fs.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/target_fs.c -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/target_json.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/target_json.c -------------------------------------------------------------------------------- /targets/zephyr_x86_32/src/target_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/targets/zephyr_x86_32/src/target_test.c -------------------------------------------------------------------------------- /tests/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/README.md -------------------------------------------------------------------------------- /tests/hard_cases/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/README.md -------------------------------------------------------------------------------- /tests/hard_cases/inputs/f_kafl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/f_kafl -------------------------------------------------------------------------------- /tests/hard_cases/inputs/f_kasan: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/f_kasan -------------------------------------------------------------------------------- /tests/hard_cases/inputs/f_sergej: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/f_sergej -------------------------------------------------------------------------------- /tests/hard_cases/inputs/h_hash: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/h_hash -------------------------------------------------------------------------------- /tests/hard_cases/inputs/j_hash2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/j_hash2 -------------------------------------------------------------------------------- /tests/hard_cases/inputs/l_loop: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/l_loop -------------------------------------------------------------------------------- /tests/hard_cases/inputs/s_mult: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/inputs/s_mult -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64-userspace/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64-userspace/.gitignore -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64-userspace/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64-userspace/Makefile -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64-userspace/main.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64-userspace/main.c -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64/.gitignore -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64/Makefile -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64/kafl_vuln_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64/kafl_vuln_test.c -------------------------------------------------------------------------------- /tests/hard_cases/linux_x86_64/load.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/linux_x86_64/load.sh -------------------------------------------------------------------------------- /tests/hard_cases/tests.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/hard_cases/tests.h -------------------------------------------------------------------------------- /tests/test_cases/asan/linux_x86_64-userspace/.gitignore: -------------------------------------------------------------------------------- 1 | bin/ 2 | -------------------------------------------------------------------------------- /tests/test_cases/asan/linux_x86_64-userspace/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/asan/linux_x86_64-userspace/compile.sh -------------------------------------------------------------------------------- /tests/test_cases/asan/linux_x86_64-userspace/src/loop.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/asan/linux_x86_64-userspace/src/loop.c -------------------------------------------------------------------------------- /tests/test_cases/asan/linux_x86_64-userspace/src/vuln.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/asan/linux_x86_64-userspace/src/vuln.c -------------------------------------------------------------------------------- /tests/test_cases/json/linux_x86-64/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/linux_x86-64/Makefile -------------------------------------------------------------------------------- /tests/test_cases/json/linux_x86-64/kafl_vuln_test_json.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/linux_x86-64/kafl_vuln_test_json.c -------------------------------------------------------------------------------- /tests/test_cases/json/macOS_x86-64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/macOS_x86-64/compile.sh -------------------------------------------------------------------------------- /tests/test_cases/json/macOS_x86-64/info.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/macOS_x86-64/info.plist -------------------------------------------------------------------------------- /tests/test_cases/json/macOS_x86-64/load.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/macOS_x86-64/load.sh -------------------------------------------------------------------------------- /tests/test_cases/json/macOS_x86-64/vuln.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/macOS_x86-64/vuln.c -------------------------------------------------------------------------------- /tests/test_cases/json/macOS_x86-64/vuln.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/macOS_x86-64/vuln.xcodeproj/project.pbxproj -------------------------------------------------------------------------------- /tests/test_cases/json/windows_x86-64/Driver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/json/windows_x86-64/Driver.c -------------------------------------------------------------------------------- /tests/test_cases/simple/linux_x86-64/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/linux_x86-64/Makefile -------------------------------------------------------------------------------- /tests/test_cases/simple/linux_x86-64/kafl_vuln_test.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/linux_x86-64/kafl_vuln_test.c -------------------------------------------------------------------------------- /tests/test_cases/simple/linux_x86-64/load.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/linux_x86-64/load.sh -------------------------------------------------------------------------------- /tests/test_cases/simple/macOS_x86-64/compile.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/macOS_x86-64/compile.sh -------------------------------------------------------------------------------- /tests/test_cases/simple/macOS_x86-64/info.plist: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/macOS_x86-64/info.plist -------------------------------------------------------------------------------- /tests/test_cases/simple/macOS_x86-64/load.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/macOS_x86-64/load.sh -------------------------------------------------------------------------------- /tests/test_cases/simple/macOS_x86-64/vuln.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/macOS_x86-64/vuln.c -------------------------------------------------------------------------------- /tests/test_cases/simple/macOS_x86-64/vuln.xcodeproj/project.pbxproj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/macOS_x86-64/vuln.xcodeproj/project.pbxproj -------------------------------------------------------------------------------- /tests/test_cases/simple/win10_x86-64/Driver.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/test_cases/simple/win10_x86-64/Driver.c -------------------------------------------------------------------------------- /tests/user_bench/.gitignore: -------------------------------------------------------------------------------- 1 | packed/* 2 | targets/* 3 | builds 4 | -------------------------------------------------------------------------------- /tests/user_bench/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/user_bench/README.md -------------------------------------------------------------------------------- /tests/user_bench/build.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/user_bench/build.sh -------------------------------------------------------------------------------- /tests/user_bench/run.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tests/user_bench/run.sh -------------------------------------------------------------------------------- /tests/user_bench/seeds/uninformed_seed: -------------------------------------------------------------------------------- 1 | ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!"$%'&/()={[]}\*+~ -------------------------------------------------------------------------------- /tools/cov.plot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/cov.plot -------------------------------------------------------------------------------- /tools/gen_dict.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/gen_dict.sh -------------------------------------------------------------------------------- /tools/ghidra_cov_analysis.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/ghidra_cov_analysis.py -------------------------------------------------------------------------------- /tools/ghidra_cov_analysis.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/ghidra_cov_analysis.sh -------------------------------------------------------------------------------- /tools/ida_coverage_validate.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/ida_coverage_validate.py -------------------------------------------------------------------------------- /tools/ida_highlight_addrs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/ida_highlight_addrs.py -------------------------------------------------------------------------------- /tools/mcat.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/mcat.py -------------------------------------------------------------------------------- /tools/stats.plot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/stats.plot -------------------------------------------------------------------------------- /tools/unique_edges.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tools/unique_edges.sh -------------------------------------------------------------------------------- /tutorial.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeBreach-Labs/hAFL2/HEAD/tutorial.md --------------------------------------------------------------------------------