Distributed fuzzing mode of Honggfuzz

[Bharadwaj Machiraju]

Hi,

Are there any existing ways honggfuzz can be run on same target on multiple devices like a distributed fuzzer. clusterfuzz is very GCP dependent, I am looking for something that can be run on actual hardware on a LAN.

If there is no solution

• Is this even a good idea?
  
• How can corpus, coverage and state be synced across the nodes?
• Is there some part of documentation that can help with writing a thin wrapper for syncing it?

Thanks

[Robert Święcki]

śr., 2 paź 2019 o 19:39 Bharadwaj Machiraju <tunne...@gmail.com> napisał(a):

Hi,

 

Are there any existing ways honggfuzz can be run on same target on multiple devices like a distributed fuzzer. clusterfuzz is very GCP dependent, I am looking for something that can be run on actual hardware on a LAN.

I don't know anything public except the clusterfuzz. Maybe also this? - https://github.com/MozillaSecurity/FuzzManager - but I haven't looked at it yet.

 

If there is no solution

• Is this even a good idea?

Sure, if you have access to a few machines, then, yeah, the coverage increase should be optimistically increasing at a rate relative to the number of machines used.

 

• How can corpus, coverage and state be synced across the nodes?

If you have well fuzzed-out target, where coverage is already increasing slowly, exchanging/syncing corpus (even with scp/rsync or sth similar) at such a slow rate as once per minute or once every five minutes should work well.

 

• Is there some part of documentation that can help with writing a thin wrapper for syncing it?

Some form of rsync over ssh could work. You can restart honggfuzz over the input corpus each couple of minutes, it shouldn't affect  performance much if your Dry Run Mode Phase (I) doesn't take more than say 10 seconds.

Of course, creating a well-designed fuzzing manager can take a lot of time, with corpus minimization, graphs, stack-tracing, reproducing crashers etc etc..

--

Robert Święcki