NoCodeFuzz is a powerful fuzzer tool based on the HonggFuzz project by Google. It utilizes side channels to fuzz unavailable code, making it ideal for black-box testing scenarios. This tool empowers security researchers and developers to discover vulnerabilities in software systems by exploring potential attack vectors through side channels.
NoCodeFuzz is designed to facilitate black-box testing by using side channels for fuzzing. It extends the capabilities of HonggFuzz to explore inaccessible code, enabling the discovery of vulnerabilities that might otherwise remain undetected. By leveraging side channels, NoCodeFuzz offers a unique approach to fuzzing that can uncover critical security issues in software systems.
- Utilizes side channels for fuzzing unavailable code
- Enables black-box testing scenarios
- Identifies vulnerabilities through exploration of potential attack vectors
- Extends the capabilities of the HonggFuzz project
To use NoCodeFuzz, follow these simple steps:
-
Clone the Repository:
git clone https://github.com/duri12/NoCodeFuzz.git
-
run this bash script
sudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang cd honggfuzz make cd ..
- Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev), clang-5.0 or higher
Ensure you meet the requirements and have installed the necessary dependencies. Then, follow these steps to use NoCodeFuzz:
- Prepare Target Application: Replace some_runable_code with the path to your target executable. for now some_runable_code should just be any executable and change the target is subproc.c file
- Run NoCodeFuzz:
taskset -c 1 honggfuzz/honggfuzz --linux_perf_instr -i Inputs/ -o outputs/ -s -n 1 -l log.txt -- some_runable_code
- Background Execution:
To run NoCodeFuzz in the background, use the following command:
nohup taskset -c 1 honggfuzz/honggfuzz --linux_perf_instr -i Inputs/ -o outputs/ -s -n 1 -l log.txt -- toRun &