GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fuzzuf → fuzzuf

fuzzuf / fuzzuf

Licence: AGPL-3.0 License
Fuzzing Unification Framework

Programming Languages

C++
36643 projects - #6 most used programming language
CMake
9771 projects
python
139335 projects - #7 most used programming language
shell
77523 projects
c
50402 projects - #5 most used programming language
Dockerfile
14818 projects

Labels

testingsecurityfuzzingfuzz-testingaflafl-fuzzfuzzerlibfuzzerfuzzing-frameworkvuzzer

Projects that are alternatives of or similar to fuzzuf

Aflplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Stars: ✭ 2,319 (+781.75%)
Mutual labels:  fuzzing, fuzz-testing, afl, afl-fuzz, fuzzer
afl-pin
run AFL with pintool
Stars: ✭ 64 (-75.67%)
Mutual labels:  fuzzing, afl, afl-fuzz, fuzzer
afl-dynamorio
run AFL with dynamorio
Stars: ✭ 32 (-87.83%)
Mutual labels:  fuzzing, afl, afl-fuzz, fuzzer
afl-dyninst
American Fuzzy Lop + Dyninst == AFL Fuzzing blackbox binaries
Stars: ✭ 65 (-75.29%)
Mutual labels:  fuzzing, afl, afl-fuzz, fuzzer
Jsfuzz
coverage guided fuzz testing for javascript
Stars: ✭ 532 (+102.28%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+1360.46%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Example Go
Go Fuzzit Example
Stars: ✭ 39 (-85.17%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Ansvif
A Not So Very Intelligent Fuzzer: An advanced fuzzing framework designed to find vulnerabilities in C/C++ code.
Stars: ✭ 107 (-59.32%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Pythonfuzz
coverage guided fuzz testing for python
Stars: ✭ 175 (-33.46%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Honggfuzz Rs
Fuzz your Rust code with Google-developed Honggfuzz !
Stars: ✭ 222 (-15.59%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Javafuzz
coverage guided fuzz testing for java
Stars: ✭ 193 (-26.62%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
e9afl
AFL binary instrumentation
Stars: ✭ 234 (-11.03%)
Mutual labels:  fuzzing, afl, afl-fuzz
Fuzzdicts
Web Pentesting Fuzz 字典,一个就够了。
Stars: ✭ 4,013 (+1425.86%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
Sharpfuzz
AFL-based fuzz testing for .NET
Stars: ✭ 185 (-29.66%)
Mutual labels:  fuzzing, fuzz-testing, fuzzer
LibAFL
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
Stars: ✭ 1,348 (+412.55%)
Mutual labels:  fuzzing, afl, afl-fuzz
Grammar-Mutator
A grammar-based custom mutator for AFL++
Stars: ✭ 133 (-49.43%)
Mutual labels:  fuzzing, afl, afl-fuzz
doona
Network based protocol fuzzer
Stars: ✭ 64 (-75.67%)
Mutual labels:  fuzzing, fuzzer
IEC61850-MMS-Fuzzer
Mutation Based Fuzzer for IEC61850 Server IED'S
Stars: ✭ 20 (-92.4%)
Mutual labels:  fuzzing, fuzzer
targets
🎯 A collection of fuzzing targets written in Rust.
Stars: ✭ 91 (-65.4%)
Mutual labels:  fuzzing, fuzz-testing
fuzza
Customizable TCP fuzzing tool to test for remote buffer overflows.
Stars: ✭ 29 (-88.97%)
Mutual labels:  fuzzing, fuzzer
View All Similar Projects ➔

fuzzuf

Build Status

fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives.

For build instructions and a tutorial, please follow building.md and tutorial.md.

Why use fuzzuf?

fuzzuf enables a flexible definition of a fuzzing loop defined in each fuzzer by describing it as combinations of building blocks with DSL notations while keeping extensibility for its original fuzzer. It already has various fuzzer implementations including AFL, VUzzer, and libFuzzer that can be further extended by users.

HierarFlow

fuzzuf utilizes its own DSL called HierarFlow for fuzzing loop statements. It is implemented on top of a C++ language with the grammar made to look like a tree structure to describe a fuzzing loop as a combination of building blocks.

With HierarFlow, we can write both existing and new fuzzers in a neat and tidy way, as the structure of a fuzzing loop can clearly be shown. For instance, we can divide an AFL fuzzer (which has already been implemented on fuzzuf as a template!) into multiple fuzzing primitives that include PUT executor, mutators (both deterministic and random), dictionary updater, and so on. Users can implement each primitive in C++ code and connect them together with HierarFlow's operator to eventually construct a fuzzing loop of a fuzzer they want to achieve.

Example: AFL in HierarFlow

The following short snippet represents AFL in HierarFlow:

    fuzz_loop << (
         cull_queue
      || select_seed
    );

    select_seed << (
         consider_skip_mut
      || retry_calibrate
      || trim_case
      || calc_score
      || apply_det_muts << (
             bit_flip1 << execute << (normal_update || construct_auto_dict)
          || bit_flip_other << execute.HardLink() << normal_update.HardLink()
          || byte_flip1 << execute.HardLink() << (normal_update.HardLink()
                                               || construct_eff_map)
          || byte_flip_other << execute.HardLink() << normal_update.HardLink()
          || arith << execute.HardLink() << normal_update.HardLink()
          || interest << execute.HardLink() << normal_update.HardLink()
          || user_dict_overwrite << execute.HardLink() << normal_update.HardLink()
          || auto_dict_overwrite << execute.HardLink() << normal_update.HardLink()
         )
       || apply_rand_muts << (
               havoc << execute.HardLink() << normal_update.HardLink()
            || splicing << execute.HardLink() << normal_update.HardLink()
          )
       || abandon_node
    );

This simply shows how flexible and powerful HierarFlow is. Please refer to the document for more details.

Benefits of using fuzzuf

There are mainly four advantages of writing fuzzers on fuzzuf framework:

  • Can describe a fuzzing loop with combinations of each fuzzing primitive
    fuzzuf constructs a fuzzing loop with a combination of fuzzing primitives (an individual step in a fuzzing loop) like building blocks. Since each block can be appended, removed, replaced, and resuable, fuzzuf can keep the high modularity of every fuzzing loop defined.

  • A flexible, user-definable fuzzing loops
    Since existing fuzzing frameworks tend to have fixed, or hard-coded fuzzing loops inside the frameworks themselves, their users could not manipulate their behaviors. fuzzuf can assign and implement a routine for each fuzzing primitive divided, and describe and modify the structure of a fuzzing loop as a user wants.

  • Easy to compare a derived fuzzer to its original
    It is not rare that fuzzing researchers and enthusiasts fork an existing fuzzer to implement their own idea on top of it. As a matter of fact, a lot of academic works have showcased numerous AFL-based fuzzers reflecting their idea. By leveraging fuzzuf DSL's building block-like characteristics and reusing existing fuzzing primitives, users can highly accelerate their new fuzzer's development process. Moreover, by comparing diffs of DSLs between the original fuzzer and its derivatives, the enhancements can smoothly be spotted at a glance (not only for users themselves, but also for reviewers and other researchers).

  • AFL fuzzer as a template
    On fuzzuf, AFL is available as a fuzzer (C++) template as well. This means that the cost to implement and review a new or existing AFL-based fuzzer has been lowered a lot by utilizing it. For example, fuzzuf's AFLFast is built upon this template. Only a few modifications in routines and a struct which records a fuzzer state are required to change, and it keeps its original's flow unchanged.

List of Currently Available Fuzzers

fuzzuf comes with the following fuzzers implemented by default. To see the overview and how to them from CLI, please follow the links provided below.
Note, when using fuzzuf from CLI, you have to separate global options (options available for all fuzzers) and local options (fuzzer specific options) with --.

Fuzzer Type Description CLI Usage Algorithm Overview Frida mode
AFL Greybox A re-implementation of general purpose fuzzer, representing a CGF. Also available as a template for its derivatives. How to use fuzzuf's AFL CLI Algorithm Overview
AFLFast Greybox An implementation of AFLFast, utilizing an AFL template.
The algorithm tries to increase its performance by manipulating the power schedule.		 CLI Usage Algorithm Overview
IJON Greybox A fuzzer that can fuzz PUTs in an internal-state-aware manner with manual annotations to PUTs. CLI Usage Algorithm Overview
VUzzer Greybox A mutation-based fuzzer guess data structures by analyzing the PUT control flow and the data flow. Read Prerequisite first, then Usage on CLI Algorithm Overview
libFuzzer Greybox CGF included in the LLVM project's compiler-rt libraries. How to use libFuzzer on fuzzuf What is libFuzzer?
Nezha Greybox A fuzzer originates from libFuzzer that tries to find defects in the program by executing programs having different implementations with the same input and compares its execution results (differential fuzzing). How to use Nezha on fuzzuf TBD
DIE Greybox A fuzzer for JavaScript engines preserving the aspect of the test cases through the mutation process Usage on CLI Overview of Algorithm
Nautilus Greybox A coverage-guided grammar-based fuzzer that generates test cases according to the user-defined grammar Usage on CLI Overview of Algorithm

Why not Rust?

We have considered migrating the framework from C++ to Rust because it is safer and has a neat ecosystem during development. However, despite the attempts and the discussions, we concluded that we would not switch the language. The reason why is explained in detail here.

API Reference

API reference generated by doxygen is available here.

License

fuzzuf is licensed under the GNU Affero General Public License v3.0. Some codes originate from external projects are licensed under their own licenses. Please refer to LICENSE for details.

Acknowledgements

This project has received funding from the Acquisition, Technology & Logistics Agency (ATLA) under the Innovative Science and Technology Initiative for Security 2020 (JPJ004596).

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].