Skip to content

Latest commit

 

History

History
175 lines (123 loc) · 5.59 KB

README.md

File metadata and controls

175 lines (123 loc) · 5.59 KB

The PASTIS project is a fuzzing framework aiming at combining various software testing techniques within the same workflow to perform collaborative fuzzing also called ensemble fuzzing. At the moment it supports the following fuzzing engines:

  • Honggfuzz (greybox fuzzer)
  • AFL++ (greybox fuzzer)
  • TritonDSE (whitebox fuzzer)

[Documentation]


Overview

Note The video highlight the use-case driven by SAST alerts. However, the main use-case the standard fuzzing for coverage or bug research.


Quick start

Installation

The PASTIS framework can be installed with:

pip install pastis-framework

The pip package will install all dependencies and the tritondse engine.

AFL++

To install AFL++ please refer to the official documentation.

Honggfuzz (>= v2.6)

To install Honggfuzz please refer to the official documentation.

Usage

The main component is the broker that will serve the appropriate configurations to fuzzing engines and that will aggregate results. An example is the following:

tar xvf doc/figs/fsm-demo.tar.gz && cd fsm-demo
make
pastis-broker -b bin -s initial -w output

It will run the broker using binaries in the bin directory. Initial corpus is initial and the whole output workspace will be save in output. By default it will listen on the local interface on port 5555.

Then fuzzing engines can be launched to start testing the software.

pastis-aflpp online

Or:

pastis-tritondse online

Full documentation is available: here

Adding a Fuzzer

Integrating a fuzzer requires writing a Python driver using the libpastis library installed by the package. It requires implementing some callbacks to receive the initial configuration and also to receive inputs from the broker. Conversely the API enables sending newly generated inputs to the broker.

The process is further detailed in the documentation.

Note We warmly welcome any Pull Request to add the support for a new fuzzing engine.


Docker

You can also run PASTIS using Docker:

# Pull from GitHub's registry.
docker pull ghcr.io/quarkslab/pastis:latest

# Or build the image.
docker build -t pastis .

# And run a container.
docker run -v <HOST-WORKSPACE>:/workspace --cap-add=SYS_PTRACE --user $(id -u $USER):$(id -g $USER) -it ghcr.io/quarkslab/pastis # or pastis if you buily the image locally.

To open another terminal to an already running container:

docker exec -it $(docker ps | grep 'pastis' | awk '{print $1}') /bin/bash

The PASTIS Docker image has already installed all the needed dependencies such as AFL++ and Honggfuzz.


Papers and conferences

  • PASTIS: A Collaborative Approach to Combine Heterogeneous Software Testing Techniques Venue: SBFT 2023, Melbourne, Australia 🎥 slides Authors: Robin David, Richard Abou Chaaya, Christian Heitman

  • Symbolic Execution the Swiss-Knife of the Reverse Engineer Toolbox Venue: KLEE Workshop, 2022 📚 🎥 Authors: Robin David, Richard Abou Chaaya, Christian Heitman

  • From source code to crash test-case through software testing automation Venue: European Cyber Week, C&ESAR Workshop, 2021 paper slides Authors: Robin David, Jonathan Salwan, Justin Bourroux

Cite PASTIS

@inproceedings{david2023pastis,
  title={PASTIS: A Collaborative Approach to Combine Heterogeneous Software Testing Techniques},
  author={David, Robin and Abou Chaaya, Richard and Heitman, Christian},
  booktitle={2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT)},
  pages={17--24},
  year={2023},
  organization={IEEE}
}

Contributors

PASTIS is powered by Quarkslab and initially financed by DGA-MI.

All contributions