Home

Awesome

<h1 align="center">Mayhem Examples</h1> <p align="center"> <img src=".images/mayhem-logo.png" alt="Hello World! of Mayhem Docker Images"/> </p>

Mayhem example templates for programming languages and fuzzers that you love! Like a "Hello World!" but for fuzzing!

visitors CI


Quickstart

Use the Mayhem CLI to execute a new Mayhem run (via the mayhem run command) for any mayhem-examples target directory with a valid Mayhemfile. Alternatively, Mayhem users can use the Mayhem UI to execute a new Mayhem run by selecting and fuzzing a mayhem-examples target Docker image uploaded to either the private Mayhem Docker Registry or the public Docker Hub.

Note: Before executing a Mayhem run on the mayhem-examples, you'll need to first upload the below mayhem-example targets to either a private Mayhem Docker Registry or to the public Docker Hub. Read the How to Get Started section for more details.

Target List by Language/Fuzzer

Order is alphabetical.

Target NameLanguageEnvironmentFuzzerImage SizeLink
forallsecure/ada-base-executableAdaAda2012Base-Executabledocker-logo
forallsecure/android-base-executableCC99Base-Executabledocker-logo
forallsecure/c-afl-clangCC99AFL-clangdocker-logo
forallsecure/c-afl-gccCC99AFL-gccdocker-logo
forallsecure/c-aflpp-clangCC99AFL++-clangdocker-logo
forallsecure/c-aflpp-gccCC99AFL++-gcc
forallsecure/c-base-executableCC99Base-Executabledocker-logo
forallsecure/c-honggfuzz-clangCC99Honggfuzz-clangdocker-logo
forallsecure/c-honggfuzz-gccCC99Honggfuzz-gccdocker-logo
forallsecure/c-libfuzzerCC99libFuzzer
forallsecure/cpp-afl-clangC++C++11AFL-clangdocker-logo
forallsecure/cpp-afl-gccC++C++11AFL-gccdocker-logo
forallsecure/cpp-aflpp-clangC++C++11AFL++-clangdocker-logo
forallsecure/cpp-aflpp-gccC++C++11AFL++-gcc
forallsecure/cpp-base-executableC++C++11Base-Executabledocker-logo
forallsecure/cpp-honggfuzz-clangC++C++11Honggfuzz-clangdocker-logo
forallsecure/cpp-honggfuzz-gccC++C++11Honggfuzz-gccdocker-logo
forallsecure/cpp-libfuzzerC++C++11libFuzzerdocker-logo
forallsecure/csharp-sharpfuzzC#.NET 6.0sharpfuzzdocker-logo
forallsecure/fortran-base-executableFortranFortran 8.3.0Base-Executabledocker-logo
forallsecure/go-base-executableGoGo 1.13Base-Executabledocker-logo
forallsecure/go-go-fuzzGoGo 1.13go-fuzzdocker-logo
forallsecure/java-base-executableJavaOpenjdk11Base-Executabledocker-logo
forallsecure/java-jazzerJavaOpenjdk11jazzerdocker-logo
forallsecure/kotlin-jazzerKotlinOpenjdk11jazzerdocker-logo
forallsecure/obj-c-base-executableObjective-CObjective-C 2.0Base-Executabledocker-logo
forallsecure/ocaml-aflOCamlOCaml 4.0AFLdocker-logo
forallsecure/ocaml-base-executableOCamlOCaml 4.0Base-Executabledocker-logo
forallsecure/python-atherisPythonPython3.8Atherisdocker-logo
forallsecure/rust-aflRustRust 1.44afl.rsdocker-logo
forallsecure/rust-base-executableRustRust 1.44Base-Executabledocker-logo
forallsecure/rust-cargo-fuzzRustRust 1.44cargo-fuzzdocker-logo
forallsecure/swift-libfuzzerSwiftSwift 5.4.2libFuzzerdocker-logo

Supported Fuzzers

Fuzzerdictionarymax_lengthsanitizers
mCode
AFL
honggfuzz
libFuzzer

Use the Mayhemfile parameters as follows:

How can I contribute?

Don't see your language/fuzzer in the list above? Let us know or better yet send us a PR adding it! Checkout our CONTRIBUTING.md guidelines.

How to Get Started

Navigate to each Language/Fuzzer folder and follow the individual build instructions. Alternatively, you can use the included Makefile in the root directory of the mayhem-examples GitHub repository to build the compilation of Dockerfiles and then tag and push the resulting Docker images to the Docker registry of your choice (private or public such as Docker Hub) all in one go!

You'll need to first log into your desired Docker registry using the docker login command and then set a MAYHEM_DOCKER_REGISTRY environment variable to the URL of the specified Docker registry.

For example, for a private Docker registry you'll want the following:

export MAYHEM_DOCKER_REGISTRY=tutorial.forallsecure.com:5000

Alternatively, for a public Docker registry like Docker Hub, you'll want the following:

export MAYHEM_DOCKER_REGISTRY=docker.io

Once complete, just run the following commands:

make build
make push

With the Docker images now pushed to a private or public Docker registry, just use either the Mayhem CLI or the Mayhem UI to create a new run and start fuzzing!

For example, you'll need to set a Mayhemfile with a image parameter similar to the following for a private Docker registry, where $MAYHEM_DOCKER_REGISTRY represents the URL of the private Mayhem Docker registry:

image: $MAYHEM_DOCKER_REGISTRY/forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
  - cmd: /mayhemit @@

Otherwise, you can set the Mayhemfile with a image parameter to a public Docker Hub URL like so:

image: forallsecure/c-base-executable:latest
duration: 90
project: mayhem-examples
target: c-base-executable
cmds:
  - cmd: /mayhemit @@

Why Use Docker?

Mayhem performs behavioral testing where the application is dynamically ran and analyzed. In order to do so, Mayhem needs the complete application, including executable, libraries, and configuration files.

Docker is popular because it solves the problem of creating a reproducible environment. To quote from Docker:

Docker is a platform for developers and sysadmins to develop, deploy, and run applications with containers. The use of Linux containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.

A container runs natively on Linux, and shares the underlying runtime. Three key benefits of Docker that Mayhem leverages include:

  1. Isolation: Docker provides a convenient way to isolate different apps, each of which may have different dependencies.
  2. Configuration-as-Code: When you create a Docker image, you write a Dockerfile, which gives the exact commands to build the image. The Dockerfile can be edited and revision controlled like any other text file.
  3. Efficiency: Docker uses a layered file system, which means if two applications share the same files, you only need one copy.

Fuzzing Docker Targets with Mayhem

Given a Docker image, Mayhem will spin up and tear down Docker containers as needed to run the specified application in the containerized environment.

Mayhem can run Docker images stored on either the included private Docker registry (as a part of your Mayhem deployment) or through Docker Hub, which hosts tens of thousands of public Docker images. If you are storing your images on your private registry, you will need to specify this in the Mayhemfile.

About Us

ForAllSecure was founded with the mission to make the world’s critical software safe. The company has been applying its patented technology from over a decade of CMU research to solving the difficult challenge of making software safer. ForAllSecure has partnered with Fortune 1000 companies in aerospace, automotive and high-tech industries, as well as the US Department of Defense to integrate Mayhem into software development cycles for continuous security. Profitable and revenue-funded, the company is scaling rapidly.