Pangr: A Behavior-based Automatic Vulnerability Detection and Exploitation Framework

Nowadays, with the size and complexity of software increasing rapidly, vulnerabilities are becoming diversified and hard to identify. It is unpractical to detect and exploit vulnerabilities by manual construction. Therefore, an efficient automatic method of detecting and exploiting software vulnerability is in critical demand. This paper implements Pangr, an entire system for automatic vulnerability detection, exploitation, and patching. Pangr builds a complete vulnerability model based on its triggering behavior to identify vulnerabilities and generate exp or exploit schemes. According to the type and feature of the vulnerability, Pangr can generate the specific patch for the software. In the experiment, we tested 20 vulnerable programs on 32-bit Linux machine. Pangr detected 16 vulnerabilities, generated 10 exp, and patched 14 programs.