In the past, it was necessary to initialize submodules containing build dependencies. This is only necessary now if you need to build those dependencies. You can get started with VMF without this step, as long as you have a standard Ubuntu 18.04, 20.04, or 22.04 distribution of Linux.
See external and submodules for details. See docs/external_projects.md/#klee for more information on klee installation.
As of now, VMF can be run on the Ubuntu 18.04, 20.04, and 22.04 distributions of Linux, or in Docker.
For more information about VMF's dependencies, and the included packages, see External Projects
Either initialize Docker with Dockerfile or run the equivalent commands within Ubuntu to install the VMF dependencies (these command can even be copied from the Dockerfile).
If you are new to fuzzing, read these documents:
- Intro to Fuzzing: A basic overview of what fuzzing is and how it works.
- Glossary: Definitions for common fuzzing & VMF terminology.
If you want to use VMF to fuzz your own System Under Test (SUT), read these documents:
- Getting Started with VMF: More details on running VMF and creating configuration files.
- Core Modules: More details on the provided VMF core modules.
If you want to use VMF in distributed mode, with multiple VMF instances working together to fuzz a SUT, read this document:
- Getting Started with Distributed Fuzzing: How to setup and run in distributed mode.
If you want to extend VMF by adding new modules, read these documents:
- Writing New Modules: How to write your own modules for VMF.
- VMF Software Design: An in-depth explainer on how VMF works, including the different types of modules it supports.
- Unit Test Documentation: How to write unit tests for new modules.
- Build System Documentation: More details on how to build & run VMF.
To run VFM from a pre-build copy, skip the build and install instructions.
VMF is build using CMake, see the Build System Documentation for details.
Execute the following commands to build VMF:
# from /path/to/vader/ directory:
mkdir build
cd build
cmake .. && makeThe VMF build binary artifacts, including supporting files for building VMF modules, can be installed into a tree for distribution. By default that tree is in the vmf_install directory under the build directory, but it can be moved anywhere. If you wish to configure the build from the start to set an install location, do this:
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=<your install path here> ..
makeTo install the VMF build, do this in the build directory:
make installThe installed tree is position independent, and can be copied anywhere.
VMF can be run in a standalone mode, with a single fuzzing instance, as well as in a distributed mode where multiple VMF instances work together to fuzz something.
To run VMF in standalone mode:
cd vmf_install
./bin/vader -c test/config/basicModules.yaml -c test/haystackSUT/haystack_stdin.yamlThis will run VMF with a simple System Under Test (SUT) called haystack, providing the fuzzed input to stdin. Alternatively, you may split the configuration into one or more files and provide as many as desired to VMF. See Getting Started #Running VMF Configurations for details.
To run VMF in distributed mode, you must first install the Campaign Data Management Server (CDMS). See detailed directions in docs/distributed_fuzzing.md. Once the server is installed, each individual VMF instance is started using the -d option, to indicated distributed mode. A small configuration file is provided that contains the information needed to connect to the server.
Note: The linux zip utility is also required for distributed mode. If the command which zip does not return a path to the zip executable, you will need to first install zip on your system:
sudo apt install zipTo run VMF in distributed mode:
cd vmf_install
./vader -d test/config/serverconfig.yamlThe samples directory contains samples of how to build a VMF module outside of the full VMF tree. This directory is installed with the VMF binaries in a distribution install.
In order to build VMF, the packages mentioned in the Installed Packages section of External Projects need to be installed.
VMF is licensed under GNU General Public License Version 2 See LICENSE