-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the AutoVulnDetect (AVD) wiki!
The program AutoVulnDetect provides a way to execute a binary (x86 32-bit or 64-bit) symbolically.
./AutoVulnDetector [-e] [-s] [-c] [-v/-nv] [-no-show-trace] [--allRam] [--args] binary
If you want to run more than one instance of AutoVulnDetect please provide a different port (aka other than 9999) for gdbserver with the flag --GDB_PORT.
This tells AVD to generate exploits whenever possible. Exploits will be saved on the file exploit.py and ready to run. They will most likely use pwntools to interact with the binary.
This tells AVD to not check safety policies. Safety policies allow AVD to detect vulnerabilities by validating them on each path found.
Execute binary concretely (not symbolically). The binary will pause for input whenever an input function like fgets or scanf is called.
During execution, the progress will be shown to you (literally a print with the instructions being executed). This may cause extreme IO overhead for complex programs so you can just disable that.
RAM usage is currently limited to 90% of the available memory. If you think AVD just needs that extra 10%, you may disable the limit. You probably don't want to enable this flag.
This takes a list (whitespace separated words) with the arguments to be fed to the binary.
IMPORTANT: Arguments can be symbolic! If you want to feed a 4-byte symbolic argument to the binary you can just pass --args Sym4. Now you may wonder: What if I want to pass the string "Sym4" as an actual argument? You can't :D
AVD uses summaries to emulate some libc functions (to achieve a faster analysis). There are a lot of summaries already implemented (in srcAVD/summaries.py) but not nearly enough to consider this stable. I'll accept pull requests for summaries anytime!
AVD uses safety policies to detect vulnerabilities (most implemented in srcAVD/safetyPolicies.py). The more the better! Although using a lot of safety policies might slow down analysis a bit.