13 open-source projects similar to aflplusplus/aflplusplus, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best AFLplusplus alternative.
ClusterFuzz is an automated platform that runs coverage-guided fuzzers at scale to find security and stability bugs in software. It orchestrates libFuzzer and AFL++ across distributed clusters of worker bots, collecting coverage feedback to guide input mutation and discover crashes. The platform provides a web-based dashboard for configuring fuzzing jobs, monitoring progress, and inspecting crash reports, with role-based access control to restrict sensitive features. The system automates the full fuzzing lifecycle, from build pipeline integration and corpus management to crash triage and bug
AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault. The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sect
go-fuzz is a coverage-guided randomized testing tool for identifying crashes and logic bugs in Go code. It consists of a fuzzer that evolves random inputs based on code execution paths, an instrumentation tool that produces binaries for tracking coverage, and a seed corpus manager. The tool utilizes compile-time binary instrumentation to monitor branch coverage and employs a feedback-driven mutation loop to prioritize inputs that reach new sections of the codebase. It includes capabilities for comparative differential testing to identify logic errors by executing different implementations of
Syzkaller is an unsupervised, coverage-guided kernel fuzzer that automatically generates and mutates system call sequences to find bugs in operating system kernels. It operates without human intervention, using a closed feedback loop of input generation, execution, crash detection, and corpus refinement to continuously explore kernel code paths. The fuzzer distinguishes itself by supporting multiple operating system kernels, including Linux, FreeBSD, and Windows, through per-platform syscall harnesses that abstract system call interfaces behind a common driver. It uses declarative description
LoadLibrary is a binary instrumentation framework that loads and executes Windows PE/COFF DLLs natively within Linux processes. It provides a cross-platform binary execution layer that maps Windows portable executable files into Linux memory, resolving imports and relocations so that exported functions can be called as if they were native Linux library routines. The framework enables runtime interception and modification of Windows DLL function behavior, including redirecting API calls to Linux-native implementations through a binary patching hook engine. It includes a code coverage auditor t
OSS-Fuzz is a distributed, containerized platform for continuous fuzzing and memory safety analysis. It functions as a bug hunting infrastructure that identifies security vulnerabilities and stability bugs through automated, coverage-guided fuzz testing across a scalable cluster of containers. The system provides a continuous security testing pipeline that manages the entire lifecycle of vulnerability discovery, from bootstrapping project templates and compiling targets to executing long-running batch tests. It specifically focuses on memory safety, utilizing sanitizers to detect buffer overf
This project is a suite of runtime diagnostic tools designed to detect memory leaks, concurrency races, and language-specification violations during software execution. It provides a collection of dynamic analysis tools that identify addressability issues, uninitialized memory usage, and memory safety bugs in applications. The toolset includes a thread safety analyzer to identify data races and deadlocks in concurrent code, as well as an undefined behavior sanitizer to detect operations that violate language specifications. The system covers broad capabilities in memory safety monitoring and
Hypothesis is a Python property-based testing library and data generation engine. It enables the discovery of edge cases and bugs by generating a wide range of randomized inputs based on defined strategies and shrinking complex failing examples to their smallest possible form. It also functions as a state machine testing framework to verify system behavior across sequences of interdependent operations. The project features a fuzzing integration layer that converts raw byte buffers from coverage-guided fuzzers into structured test cases. It includes a persistence mechanism to store and synchro
rr is a deterministic record and replay framework and reverse debugger for Linux processes. It provides a deterministic execution environment that captures program execution, allowing bugs and crashes to be reproduced exactly through replay. The tool enables reverse program execution, allowing a developer to move the program counter backward through recorded history to trace a bug from its effect back to its source. It utilizes a recording mechanism that ensures a process run can be replayed with identical memory and register states. The framework covers low-level software analysis and nativ
Schemathesis is a property-based testing tool and fuzzer for schema-based APIs. It analyzes OpenAPI and JSON Schema specifications to automatically generate test cases that identify crashes, schema violations, and validation bypasses. The project functions as a contract validator and security scanner, verifying that a live server strictly adheres to its defined specifications. The framework distinguishes itself through stateful API testing, which chains multiple related requests together to uncover bugs that only emerge during complex, multi-step user workflows. It also utilizes response-driv
fast-check is a property-based testing framework and random data generator designed to verify software invariants by producing a wide range of randomized input data. It functions as a test data fuzzer that executes predicates against high volumes of random inputs to uncover edge cases and critical bugs. The project is distinguished by its ability to perform input-shrinking searches, which reduce complex failing inputs to their simplest form to isolate the exact cause of failure. It provides deterministic seed replay to exactly reproduce specific test failures and includes a concurrency testin
Wasm3 is a WebAssembly interpreter designed for embedded runtime integration. It enables the execution of portable binary logic on microcontrollers and resource-constrained hardware, providing support for modules that utilize the WebAssembly System Interface to interact with system resources. The runtime employs register-based bytecode interpretation and direct-threaded dispatch to map virtual registers to physical CPU registers. It includes a host-call interface to map imports to C functions and utilizes static module validation to ensure bytecode follows specification rules before execution