JMPscare
tool for multi-execution jump coverage introspection
Install / Use
/learn @fgsect/JMPscareREADME
JMPscare
Toolkit for multi-execution jump coverage introspection: Analyze your fuzzing results by inspecting which conditional jumps you are missing.
This repository includes the following components:
- Collection
- Rust and Python 3 modules to easily collect execution traces with unicornafl
- Analysis
- tool to analyze multiple execution traces in order to find conditional jumps which are always/never taken
- works on any simple execution trace (file with one address per line)
- supports ARM32, x86_64 and MIPS32
- Potential New Coverage Analysis (ARM-only for now): Evaluate the number of new basic blocks behind a uni-directional jump, reachable in N branches
- Plugins
- Binary Ninja plugin to visualize analysis results
- concise overview of roadblock jumps
- instruction highlighting
- easy navigation and auto-patching (invert branch conditions for forced execution)
- Ghidra plugin WIP
- Binary Ninja plugin to visualize analysis results
For further information, please confer to the READMEs within each directory.
The Research Paper
For further information, refer to our paper at BAR 2021, "JMPscare: Introspection for Binary-Only Fuzzing" Read the paper preprint with in-depth details here.
Related Skills
next
A beautifully designed, floating Pomodoro timer that respects your workspace.
product-manager-skills
50PM skill for Claude Code, Codex, Cursor, and Windsurf: diagnose SaaS metrics, critique PRDs, plan roadmaps, run discovery, and coach PM career transitions.
devplan-mcp-server
3MCP server for generating development plans, project roadmaps, and task breakdowns for Claude Code. Turn project ideas into paint-by-numbers implementation plans.
