Dharma - A generation-based, context-free grammar fuzzer
Requirements
None
Examples
Generate a single test-case.
% ./dharma.py -grammars grammars/webcrypto.dg
Generate a single test case with multiple grammars.% ./dharma.py -grammars grammars/canvas2d.dg grammars/mediarecorder.dg
Generating test-cases as files.% ./dharma.py -grammars grammars/webcrypto.dg -storage . -count 5
Generate test-cases, send each over WebSocket to Firefox, observe the process for crashes and bucket them.% ./dharma.py -server -grammars grammars/canvas2d.dg -template grammars/var/templates/html5/default.html
% ./framboise.py -setup inbound64-release -debug -worker 4 -testcase ~/dev/projects/fuzzers/dharma/grammars/var/index.html
Benchmark the generator.% time ./dharma.py -grammars grammars/webcrypto.dg -count 10000 > /dev/null
Grammar Cheetsheet
Comment
%%% comment
Controls
%const% name := value
Sections
%section% := value
%section% := variable
%section% := variance
Extension methods
%range%(0-9)
%range%(0.0-9.0)
%range%(a-z)
%range%(!-~)
%range%(0x100-0x200)
%repeat%(+variable+)
%repeat%(+variable+, ", ")
%uri%(path)
%uri%(lookup_key)
%block%(path)
%choice%(foo, "bar", 1)
Assigning values
digit :=
%range%(0-9)
sign :=
+
-
value :=
+sign+%repeat%(+digit+)
Using values
+value+
Assigning variables
variable :=
@variable@ = new Foo();
Using variables
value :=
!variable!.bar();
Referencing values from common.dg
value :=
attribute=+common:number+
Calling javascript library functions
foo :=
Random.pick([0,1]);
Dharma - A generation-based, context-free grammar fuzzer
Reviewed by Zion3R
on
7:03 PM
Rating: