Question 1

How does Angora compare to AFL in terms of performance?

Accepted Answer

Angora is designed to be more efficient by avoiding symbolic execution and using constraint-solving techniques, which can lead to better branch coverage in complex programs. However, it requires more setup with dual-instrumentation builds, whereas AFL might be simpler for quick fuzzing campaigns.

Question 2

What are the steps to compile a target program with Angora?

Accepted Answer

First, use angora-clang as the compiler with environment variables set, then build with USE_TRACK=1 for taint tracking and USE_FAST=1 for fast instrumentation, saving binaries with .taint and .fast postfixes. Refer to the build_target.md document for detailed instructions and troubleshooting with wllvm.

Question 3

Does Angora support fuzzing on Windows or macOS?

Accepted Answer

No, Angora is explicitly Linux-only, tested on Ubuntu 16.04/18.04 and Debian Buster. It relies on Linux-specific system configurations and LLVM toolchains, so cross-platform fuzzing is not supported.

Question 4

How to use libdft64 instead of DFSan for taint tracking?

Accepted Answer

Angora provides a pin mode option for libdft64 integration, documented in pin_mode.md. This allows taint analysis without DFSan, but it requires additional setup and might have performance implications compared to the default DFSan approach.

Question 5

What types of bugs is Angora best at finding?

Accepted Answer

Angora excels at discovering vulnerabilities like memory errors and crashes in C/C++ programs by increasing branch coverage with taint tracking. It's particularly effective for data-flow bugs due to its precise mutation capabilities guided by constraint solving.

Question 6

Is Angora good for fuzzing network protocols or file parsers?

Accepted Answer

Yes, Angora can fuzz network protocols or file parsers by mutating input data, but it requires the target to be compiled with its instrumentation. The coverage-guided approach helps explore diverse code paths, though complex stateful protocols might need additional harness setup.

Angora

What is Angora?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions