forked from ex0dus-0x/fuzzable
-
Notifications
You must be signed in to change notification settings - Fork 0
/
__init__.py
135 lines (120 loc) · 3.51 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/usr/bin/env python3
"""
__init__.py
Plugin module used for Binary Ninja
"""
import dataclasses
from binaryninja.plugin import PluginCommand
from binaryninja.settings import Settings
from .fuzzable.analysis import binja, DEFAULT_SCORE_WEIGHTS
from .fuzzable.config import AnalysisKnobs
# TODO register settings from a config of analysis flags
Settings().register_group("fuzzable", "Fuzzable")
Settings().register_setting(
"fuzzable.list_ignored",
"""
{
"title" : "List Ignored Symbols",
"description" : "If set, will also additionally output and/or export ignored symbols.",
"type" : "boolean",
"default" : false
}
""",
)
Settings().register_setting(
"fuzzable.include_sym",
"""
{
"title" : "Symbols to Include",
"description" : "Comma-seperated list of symbols to absolutely be considered for analysis.",
"type" : "array",
"elementType" : "string",
"default" : []
}
""",
)
Settings().register_setting(
"fuzzable.include_nontop",
"""
{
"title" : "Include non-top level calls",
"description" : "If set, won't filter out only on top-level function definitions.",
"type" : "boolean",
"default" : false
}
""",
)
Settings().register_setting(
"fuzzable.skip_sym",
"""
{
"title" : "Symbols to Exclude",
"description" : "Exclude symbols from being considered for analysis.",
"type" : "array",
"elementType" : "string",
"default" : []
}
""",
)
Settings().register_setting(
"fuzzable.skip_stripped",
"""
{
"title" : "Skip Stripped Symbols",
"description" : "Ignore stripped symbols.",
"type" : "boolean",
"default" : false
}
""",
)
Settings().register_setting(
"fuzzable.ignore_metrics",
"""
{
"title" : "Ignoring Displaying Metrics",
"description" : "If set, include individual metrics' scores for each function target analyzed.",
"type" : "boolean",
"default" : true
}
""",
)
Settings().register_setting(
"fuzzable.score_weights",
"""
{{
"title" : "Override Score Weights",
"description" : "Change default score weights for each metric.",
"type" : "array",
"elementType" : "string",
"default" : {}
}}
""".format(
DEFAULT_SCORE_WEIGHTS
),
)
PluginCommand.register(
"Fuzzable\\Analyze and Rank Functions",
"List out functions we've determined to be the best candidates for fuzzing."
"This will exclude functions that is determined to not be directly usable for a harness.",
binja.run_fuzzable,
)
PluginCommand.register(
"Fuzzable\\Export Fuzzability Report\\CSV (.csv)",
"Identify and generate targets for fuzzing",
binja.run_export_csv,
)
PluginCommand.register(
"Fuzzable\\Export Fuzzability Report\\JSON (.json)",
"Identify and generate targets for fuzzing",
binja.run_export_json,
)
PluginCommand.register(
"Fuzzable\\Export Fuzzability Report\\Markdown (.md)",
"Identify and generate targets for fuzzing",
binja.run_export_md,
)
PluginCommand.register_for_function(
"Fuzzable\\Harness Generation\\Generate binary fuzzing harness (Linux ONLY at the moment)",
"For a target function, generate a AFL-QEMU/libFuzzer C++ harness",
binja.run_harness_generation,
)