Shulou(Shulou.com)05/31 Report--

Editor to share with you what kind of tool Manul is, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

Manul is a parallel fuzzy testing tool based on coverage guidance, which is developed by pure Python and has been completely open source. Researchers can use Manul to conduct fuzzy testing or black-box testing of target code on Windows, Linux and macOS platforms.

Install Radamsasudo apt-get install gcc make git wgetgit clone https://gitlab.com/akihe/radamsa.git & & cd radamsa & & make & & sudo make install now using pip3 install psutilgit clone https://github.com/mxmssh/manulcd manulmkdir inmkdir outecho "AAAAAA" > in/testpython3 manul.py-I in-o out-n 4 "linux/test_afl @ @"

If you are using the Windows platform, you do not need to install Radamsa, because the Radamsa library is already included in Manul's release package for the Windows platform.

Public CVE list CVE IDs product discoverer CVE-2019-9631 CVE-2019-7310 CVE-2019-9959PopplerMaksim ShudrakCVE-2018-17019 CVE-2018-16807 CVE-2019-12175Bro/ZeekMaksim Shudrak

If you successfully discover new vulnerabilities using Manul, you can add vulnerability information to this list.

Sample tool demo

Tool dependence

1. Python3 (Python2 has been out of date since January 1, 2020, but Manul can work normally in Python2)

2. Psutil: [portal]

3. Pywin32 (DBI persistence mode on Windows platform). The installation command is as follows:

Fuzzy testing of pip install pywin32 based on coverage guidance

The current version of Manul supports two types of operation instructions, namely, AFL-based instructions (afl-gcc, afl-clang, and afl-clang-fast) and DBI mode.

Fuzzy Test based on coverage guidance-AFL instruction Mode

You can use the afl-gcc, afl-clang-fast, or Address Sanitizer (recommended) commands to do this, as shown in the following example:

CC=afl-gcc CXX=afl-g++ CFLAGS=-fsanitize=address CXXFLAGS=-fsanitize=address cmake make-j 8USE_ASAN=1 CC=afl-clang-fast CXX=afl-clang-fast++ cmake make-j 8 Fuzzy Test based on coverage guidance-DBI Model

There is no need to use specific commands when using this mode, but we need to download the latest version of the DynamoRIO framework on the Windows or Linux platform.

Manul is released as a x86/x64 precompiled client on Linux and Windows platforms. You can find them in the following directories: linux/dbi_32 | dbi_64/libbinafl.so (DynamoRIO client) win/dbi_32 | dbi_64/binafl.dll

Unfortunately, DynamoRIO does not currently support use on macOS.

Use DynamoRIO to test the code with black box ambiguity

DynamoRIO:

Before using it, you need to uncomment the following lines of code from the manul.config file and provide the correct path to the DynamoRIO initiator and client:

# Choose DBI framework to provide coverage back to Manul ("dynamorio" or "pin") Example dbi = dynamoriodbi = dynamorio# If dbi parameter is not None the path to dbi engine launcher and dbi client should be specified.dbi_root = / home/max/DynamoRIO/bin64/drrundbi_client_root = / home/max/manul/linux/dbi_64/libbinafl.sodbi_client_libs = None

In addition, the majority of users can also use the continuous memory blur testing function to improve the performance of black box fuzzy testing. In this mode, you can control Manul to test specific functions and implement loop execution by uncommenting the following lines of code:

Dbi_persistence_mode = 1dbi_target_module = afl_testdbi_target_method = open_file#dbi_target_offset = 0x3198 # optionally you can provide offset of this function instead of namedbi_fuzz_iterations = 1000

The developers of winAFL described this pattern in great detail, while Manul refers to the code of most instruction libraries in winAFL to send instructions or communicate with the target under test.

Compile DynamoRIO client code

To compile the instruction library, we need to install the latest version of DynamoRIO. The instruction library source code can be found in "dbi_clients_src" under the Manul home directory.

64-bit Linuxcd dbi_clients_srcwget-download the latest DynamoRIOtar xvf DynamoRIO-x86_64-X.XX.XXXX-X.tar.gzmkdir client_64cd client_64cmake. / dr_cov/-DDynamoRIO_DIR=/home/max/manul/dbi_clients_src/DynamoRIO-x86_64-Linux-X.XX.XXXX-X.tar.gz/cmakeMake32-bit Linuxcd dbi_clients_srcwget-download the latest DynamoRIOtar xvf DynamoRIO-x86_64-X.XX.XXXX-X.tar.gzmkdir client_64cd Client_64CFLAGS=-m32 CXXFLAGS=-m32 cmake. / dr_cov/-DDynamoRIO_DIR=/home/max/manul/dbi_clients_src/DynamoRIO-i386-Linux-X.XX.XXXX-X.tar.gz/cmakeMake

Under Windows, you need to install Visual Studio (2017 or 2013), then start "VS20XX Cross Tools Command Prompt" and run the following command:

64-bit Windowscd dbi_clients_srcmkdir client_64cd client_64cmake-G "Visual Studio 15 Win64"..\ dr_cov\-DDynamoRIO_DIR=C:\ Users\ max\ manul\ dbi_clients_src\ DynamoRIO-Windows-XXXX.XX.X.X\ cmakecmake-- build. -- config RelWithDebInfo (or just Debug if needed) 32-bit Windowscd dbi_clients_srcmkdir client_32cd client_32cmake-G "Visual Studio 15"..\ dr_cov\-DDynamoRIO_DIR=C:\ Users\ max\ manul\ dbi_clients_src\ DynamoRIO-Windows-XXXX.XX.X.X\ cmakecmake-- build. -- config RelWithDebInfo (or just Debug if needed) tool command line argument Example: python3 manul.py-I corpus-o out_dir-n 40 "target @ @" positional arguments: target_binary The target binary and options to be executed (don't forget to include quotes e.g. "target e @ @") .optional arguments:-h -- help show this help message and exit-n NFUZZERS Number of parallel fuzzers-s Run dumb fuzzing (no code instrumentation)-c CONFIG Path to config file with additional options (see Configuration File Options section below)-r Restore previous sessionRequired parameters:-i INPUT Path to directory with initial corpus-o OUTPUT Path to output directory status view

The above is all the content of this article "what is Manul?" Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.