#!/bin/sh # # american fuzzy lop - status check tool # -------------------------------------- # # Written and maintained by Michal Zalewski # # Copyright 2015 Google LLC All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at: # # http://www.apache.org/licenses/LICENSE-2.0 # # This tool summarizes the status of any locally-running synchronized # instances of afl-fuzz. # echo "status check tool for afl-fuzz by " echo if [ "$1" = "-s" ]; then SUMMARY_ONLY=1 DIR="$2" else unset SUMMARY_ONLY DIR="$1" fi if [ "$DIR" = "" ]; then echo "Usage: $0 [ -s ] afl_sync_dir" 1>&2 echo 1>&2 echo "The -s option causes the tool to skip all the per-fuzzer trivia and show" 1>&2 echo "just the summary results. See docs/parallel_fuzzing.txt for additional tips." 1>&2 echo 1>&2 exit 1 fi cd "$DIR" || exit 1 if [ -d queue ]; then echo "[-] Error: parameter is an individual output directory, not a sync dir." 1>&2 exit 1 fi CUR_TIME=`date +%s` TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1 ALIVE_CNT=0 DEAD_CNT=0 TOTAL_TIME=0 TOTAL_EXECS=0 TOTAL_EPS=0 TOTAL_CRASHES=0 TOTAL_PFAV=0 TOTAL_PENDING=0 if [ "$SUMMARY_ONLY" = "" ]; then echo "Individual fuzzers" echo "==================" echo fi for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP" . "$TMP" RUN_UNIX=$((CUR_TIME - start_time)) RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) if [ "$SUMMARY_ONLY" = "" ]; then echo ">>> $afl_banner ($RUN_DAYS days, $RUN_HRS hrs) <<<" echo fi if ! kill -0 "$fuzzer_pid" 2>/dev/null; then if [ "$SUMMARY_ONLY" = "" ]; then echo " Instance is dead or running remotely, skipping." echo fi DEAD_CNT=$((DEAD_CNT + 1)) continue fi ALIVE_CNT=$((ALIVE_CNT + 1)) EXEC_SEC=$((execs_done / RUN_UNIX)) PATH_PERC=$((cur_path * 100 / paths_total)) TOTAL_TIME=$((TOTAL_TIME + RUN_UNIX)) TOTAL_EPS=$((TOTAL_EPS + EXEC_SEC)) TOTAL_EXECS=$((TOTAL_EXECS + execs_done)) TOTAL_CRASHES=$((TOTAL_CRASHES + unique_crashes)) TOTAL_PENDING=$((TOTAL_PENDING + pending_total)) TOTAL_PFAV=$((TOTAL_PFAV + pending_favs)) if [ "$SUMMARY_ONLY" = "" ]; then echo " cycle $((cycles_done + 1)), lifetime speed $EXEC_SEC execs/sec, path $cur_path/$paths_total (${PATH_PERC}%)" if [ "$unique_crashes" = "0" ]; then echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, no crashes yet" else echo " pending $pending_favs/$pending_total, coverage $bitmap_cvg, crash count $unique_crashes (!)" fi echo fi done rm -f "$TMP" TOTAL_DAYS=$((TOTAL_TIME / 60 / 60 / 24)) TOTAL_HRS=$(((TOTAL_TIME / 60 / 60) % 24)) test "$TOTAL_TIME" = "0" && TOTAL_TIME=1 echo "Summary stats" echo "=============" echo echo " Fuzzers alive : $ALIVE_CNT" if [ ! "$DEAD_CNT" = "0" ]; then echo " Dead or remote : $DEAD_CNT (excluded from stats)" fi echo " Total run time : $TOTAL_DAYS days, $TOTAL_HRS hours" echo " Total execs : $((TOTAL_EXECS / 1000 / 1000)) million" echo " Cumulative speed : $TOTAL_EPS execs/sec" echo " Pending paths : $TOTAL_PFAV faves, $TOTAL_PENDING total" if [ "$ALIVE_CNT" -gt "1" ]; then echo " Pending per fuzzer : $((TOTAL_PFAV/ALIVE_CNT)) faves, $((TOTAL_PENDING/ALIVE_CNT)) total (on average)" fi echo " Crashes found : $TOTAL_CRASHES locally unique" echo exit 0