How to use the fuzzer in FirmAE？

[MRLEE123456]

Thanks for the author's work。I don’t know how to use the fuzzer in FirmAE in the process of reproducing the paper.I don’t know how to use the fuzzer in FirmAE in the process of reproducing the paper.

[pr0v3rbs]

When after you successfully emulated the firmware images, you can analyze them by using -a option. Usage of the FirmAE

There are three analyzers in the FirmAE, first is the command injection mode, second is the buffer overflow mode, the final is the customized routersploit.

About the command injection mode, if the command injection vulnerability was triggered by the fuzzer, the [ANALYZE] hooking log which runs the a command exists in the emulation kernel log. The specific HTTP message information can be identified with a d34d signature of the [ANALYZE] in the emulation kernel log and analyses_log/$BRAND/$IID/fuzzer_log_ci.

About the buffer overflow mode, if the overflow has occurred, the crash log exists in the kernel log with the signature.

Finally, on the customized routersploit, the execution log exists in the analyses_log/$BRAND/$IID/rsf log file.

[docfate111]

So just running -a runs all the fuzzers and saves results to analyses_log/$BRAND/$IID/fuzzer_log_ci. If it fails then so file is made?

When I run the fuzzer with fuzzer/fuzzer.py it gives error about analyses_log/netgear/4/nmap_log.txt not being found. I then tried to create it with ./nmap.sh which then said found no target IP address. Where is nmap-basic-tcp? I can't find it in the work_dir path.

[rssample]

Is FUZZer only available on Netgear, Asus, dlink?