Angora is a mutation-based, coverage-guided fuzzer designed to enhance branch coverage by efficiently solving path constraints without relying on full symbolic execution. It targets security researchers and developers seeking to uncover vulnerabilities in software by exploring deeper execution paths.

How It Works

Angora employs a novel approach that decouples constraint solving from the main fuzzing loop. It uses taint tracking to identify relevant constraints and then solves them using a dedicated constraint solver. This allows Angora to prioritize inputs that are more likely to satisfy complex path conditions, leading to increased coverage and bug discovery compared to traditional fuzzing techniques.

Quick Start & Requirements

• Install: Compile using ./build/build.sh.
• Prerequisites: Linux-amd64 (Ubuntu 16.04/18.04, Debian Buster), Rust stable (>= 1.31), LLVM 4.0.0 - 12.0.1. Requires setting PATH and LD_LIBRARY_PATH for LLVM.
• Setup: Disable system core dumps (echo core | sudo tee /proc/sys/kernel/core_pattern).
• Docs: docs/ directory.

Highlighted Details

• Mutation-based, coverage-guided fuzzing.
• Solves path constraints without symbolic execution for increased branch coverage.
• Supports taint tracking with libdft64 as an alternative to DFSan.
• Requires compiling target programs with specific Angora instrumentation (.taint and .fast binaries).

Maintenance & Community

The project was published in S&P 2018. Further community or maintenance details are not readily available in the README.

Licensing & Compatibility

The README does not explicitly state a license. Compatibility for commercial use or closed-source linking is not specified.

Limitations & Caveats

Angora is primarily tested on Linux and requires specific LLVM versions. The build process involves custom compilation of target programs, which may require adjustments for complex build systems.