4 Repos
Executing compiled binaries with mutated inputs to trigger memory corruption and crashes.
Distinct from Binary Corpus Distillation: None of the candidates cover the act of fuzzing binaries; they cover standard input, corpus distillation, or remote execution.
Explore 4 awesome GitHub repositories matching security & cryptography · Binary Fuzzing. Refine with filters or upvote what's useful.
AFL++ is a coverage-guided fuzzing framework that discovers crashes and hangs in software by mutating inputs while tracking which code paths are exercised. It functions as both a fuzzing engine and a campaign manager, supporting targets with or without source code through compile-time instrumentation, dynamic binary instrumentation, and emulation. The framework includes tools for crash triage and analysis, test case minimization, and campaign deployment across local or distributed environments. The framework distinguishes itself through its breadth of instrumentation backends, allowing users
Applies dynamic binary instrumentation or emulation to fuzz programs without source code.
ClusterFuzz is an automated platform that runs coverage-guided fuzzers at scale to find security and stability bugs in software. It orchestrates libFuzzer and AFL++ across distributed clusters of worker bots, collecting coverage feedback to guide input mutation and discover crashes. The platform provides a web-based dashboard for configuring fuzzing jobs, monitoring progress, and inspecting crash reports, with role-based access control to restrict sensitive features. The system automates the full fuzzing lifecycle, from build pipeline integration and corpus management to crash triage and bug
Defines the execution parameters for fuzzing jobs, including binary names, arguments, and timeouts.
AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault. The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sect
Provides the ability to execute target binaries with mutated inputs to trigger crashes and memory bugs.
This project is a comprehensive software fuzzing knowledge base and technical guide designed for discovering software bugs and vulnerabilities. It serves as a resource for implementing coverage-guided, structure-aware, and hybrid fuzzing across various targets, including compiled binaries and hardware kernels. The resource provides specialized guidance on using grammars and defined data formats to generate syntactically valid inputs for complex APIs. It also details methods for combining grey-box fuzzing with symbolic execution to reach deep execution paths and utilizes binary instrumentation
Provides technical guidance on performing coverage-guided fuzzing on compiled binaries without access to source code.