BEACON的使用
官方文档:https://outstanding-hydrogen-2d1.notion.site/Beacon-documentation 8480ed4e7fff452a989f7e77ce749951
1. docker 拉取Beacon的镜像
docker pull yguoaz/beacon
2. 运行Beacon
sudo docker run -dit --name beacon yguoaz/beacon:latest /bin/bash -c "while true; do sleep 30; done"
确认下是否已经启动beacon
sudo docker ps
进入容器
sudo docker exec -it beacon bash
运行beacon中的example
/Beacon/precondInfer /Beacon/Test/swftophp-2017-7578.bc -target-file=/Beacon/Test/cstest.txt -join-bound=5
其中,
- /Beacon/Test/swftophp-2017-7578.bc is the bitcode file for the target project.
- /Beacon/Test/cstest.txt has the following content:
parser.c:66
meaning that the target for directed fuzzing is at Line 66 of parser.c.
The target file must contain a single line of the form “fileName:lineNum”. (一般通过CVE数据库里的崩溃报告来获取。)
执行上面命令后会输出三个文件:
- bbreaches_Beacon_Test_cstest.txt : 能到达目标指令的基本块集合。
- range_res.txt : 范围分析结果。
- transed.bc : 转换后的字节码用于后续的处理。