Question 1

how do i write a custom grammar file for domato

Accepted Answer

Start by creating a .txt file with symbols and rules using the basic syntax from the README, such as = constants and s, and use attributes like p for probability or nonrecursive for recursion control. Include Python functions with !begin function for dynamic logic, and test with generator.py to output samples.

Question 2

domato vs american fuzzy lop for fuzzing browsers

Accepted Answer

Domato is generation-based, using custom grammars to produce structured HTML/CSS/JS for deep DOM testing, while AFL is mutation-based with coverage feedback, better for general-purpose fuzzing. Domato excels in targeting specific browser engine vulnerabilities but requires more upfront grammar design compared to AFL's automatic mutation.

Question 3

can domato fuzz javascript engines directly

Accepted Answer

Yes, through its JavaScript grammar files (js.txt) that generate code with variable tracking and line guards, but it's primarily designed for DOM context in browsers. For pure JS engine fuzzing, you might need to adapt grammars or use it alongside other tools focused on V8 or SpiderMonkey.

Question 4

what are best practices for using domato to find chrome bugs

Accepted Answer

Use modular grammars to organize HTML, CSS, and JS rules, leverage Python integration for context-aware generation, and reference the Bug Showcase for patterns that led to CVEs. Generate large batches with --output_dir and analyze crashes with browser debugging tools to isolate vulnerabilities.

Question 5

how to prevent infinite loops in domato grammars

Accepted Answer

Use the nonrecursive attribute on safe rules and set !max_recursion to limit depth, as explained in the recursion control section. This forces the generator to fall back to non-recursive productions when max depth is reached, avoiding hangs during sample generation.

Question 6

is domato still maintained by google

Accepted Answer

The README lists CVEs up to 2018, and there's no recent update mentioned, suggesting it may be in maintenance mode. However, the grammar engine is stable and proven, so it's still valuable for security research, but users should check the GitHub repo for any new commits or issues.

domato

What is domato?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions