Skip to content

0xbigshaq/apatchy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

308 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
framework
framework
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 

Repository files navigation

apatchy

    apatchy

    An in-process fuzzing framework for Apache HTTPD

apatchy lets you fuzz Apache's full HTTP request processing pipeline - parsing, hooks, filters, handlers - without any network I/O. It replaces Apache's socket layer with custom I/O filters, feeding raw bytes directly into the same code paths that handle real HTTP traffic.

Features

  • Manage different build-trees & configurations
  • Coverage reports generation
  • Custom Introspection: LLVM Call-tree Analysis
  • Manager for: Harness, Proto Mutators
  • Triage bugs / re-play payloads
  • Profiling (kcachegrind/qcachegrind) to analyze bottlenecks in your harness logic to get better perf.
  • Custom toolchain to verify depndencies
  • Compatability with older Apache versions
  • 1day re-production system
  • and more :D

main-view

Quick Start

Recommended to run this on WSL2 and/or docker container

docker build --build-arg UID=$(id -u) -t apatchy-dev .
docker run -it --rm -p 9000:9000 -v $(pwd):/repo apatchy-dev

then run these commands in this order:

# 1. activate environment
cd framework/
uv venv .venv
uv pip install --python .venv -e ".[all]"
source .venv/bin/activate

# 2. init setup (one-time setup)
apatchy setup check                            # verify dependencies
apatchy setup --force llvm --llvm-version 18   # install LLVM tools locally

# 3. download
apatchy download --version 2.4.65

# 4. configure (vanilla root tree)
apatchy configure --asan --ubsan --ubsan-ignorelist ./configs/ubsan.ignorelist

# 5. build vanilla tree (`--bear` for IDE navigation)
apatchy make --tree vanilla --bear

# 6. build libfuzzer branch (inherits sanitizers from root)
apatchy make --tree lf

# 7. setup for protobuf
apatchy setup lpm

# 8. list avail. harnesses
apatchy link --list-harnesses

# 9. link target harness
apatchy link --harness mod_fuzzy_proto_session --bear

# 10. fuzz
apatchy fuzz \
    --config configs/session-coverage.conf \
    --seed-dir fuzz-seeds/session/ \


# 11. build coverage branch and generate HTML cov report
apatchy make --tree cov
apatchy coverage report \
    --with-introspect \
    --config configs/session-coverage.conf \
    --harness mod_fuzzy_proto_session \
    --suppress configs/ubsan.supp

# 12. launch interactive gui w/ call-tree analysis
apatchy introspect \
    --entry session_crypto_decode,session_crypto_encode,session_crypto_init

Documentation

Note: This is still in progress/not complete. I know the CLI needs more attention.

License

See LICENSE.

About

Fuzzing Framework for Modules in Apache HTTPD Server

pwner.gg/apatchy/

Topics

apache fuzzing apache-module fuzzing-framework

Resources

Readme
Activity

Stars

19 stars

Watchers

0 watching

Forks

4 forks
Report repository

Releases

4 tags

Contributors

Languages