gazagnaire.org / monopampam
My own corner of monopam
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

monopampam / ocaml-crow /
at main 3 folders 8 files
bin
lib
test
.gitignore
.ocamlformat
LICENSE.md
README.md
crow.opam
crow.opam.template
dune
dune-project
README.md

Crow#

Crowbar campaign orchestrator for AFL fuzzing.

Crow orchestrates long-lived AFL fuzzing campaigns across multiple Crowbar fuzz targets in parallel. It discovers fuzz targets in your workspace, allocates CPU cores across them, and provides a unified interface for monitoring progress.

Installation#

Install with opam:

$ opam install crow

If opam cannot find the package, it may not yet be released in the public opam-repository. Add the overlay repository, then install it:

$ opam repo add samoht https://tangled.org/gazagnaire.org/opam-overlay.git
$ opam update
$ opam install crow

Quick Start#

$ # Discover and list fuzz targets
$ crow list

$ # Start a campaign with 8 CPUs
$ crow start --cpus=8

$ # Monitor progress
$ crow status

$ # View crashes
$ crow crashes

$ # Stop the campaign
$ crow stop

Commands#

crow list#

Discovers all Crowbar fuzz targets in your workspace. Targets are identified by looking for executables built from fuzz_*.ml files with Crowbar.

crow start [--cpus=N] [--duration=SECS] [--targets=T1,T2,...]#

Starts a new fuzzing campaign. Uses MAB-style scheduling to rotate targets based on coverage progress - targets finding new paths get higher priority.

Options:

  • --cpus: Number of CPU cores to use (default: all available)
  • --duration: Maximum campaign duration in seconds
  • --targets: Comma-separated list of targets (default: all)
  • --output: Output directory (default: _fuzz)

crow status#

Shows real-time status of all targets including:

  • Execution speed (execs/sec)
  • Total executions
  • Paths discovered
  • Crashes and hangs found

crow crashes#

Lists all unique crashes found across all targets with their input files.

crow stop#

Gracefully stops all running fuzzers.

Workspace Setup#

Crow requires a dune-workspace file with an afl profile for instrumented builds. If missing, crow start will create one:

(context
 (default
  (name afl)
  (profile afl)))

(env
 (afl
  (ocamlopt_flags (:standard -afl-instrument))))

Library API#

let () =
  Eio_main.run @@ fun env ->
  Eio.Switch.run @@ fun sw ->
  let fs = Eio.Stdenv.fs env in
  let process_mgr = Eio.Stdenv.process_mgr env in
  let stdout = Eio.Stdenv.stdout env in
  let stderr = Eio.Stdenv.stderr env in
  let verbose = false in
  let targets = Crow.list_targets ~fs in
  Crow.build_targets ~sw ~process_mgr ~stdout ~stderr ~verbose targets;
  let campaign, processes =
    Crow.start_campaign ~sw ~process_mgr ~fs ~stdout ~stderr
      ~verbose ~cpus:8 ()
  in
  let status = Crow.status ~fs () in
  Fmt.pr "%a@." Crow.pp_target_table status;
  Crow.stop_campaign processes

Licence#

ISC License. See LICENSE.md for details.