AFL

Features

Coverage-Guided Fuzzing - Implements a core engine that discovers vulnerabilities by mutating inputs based on observed code coverage.

Coverage-Guided Mutation - Generates new test inputs by mutating existing seeds and keeping those that increase observed code coverage.

General Purpose Fuzzers - Finds software bugs by mutating inputs based on the code paths executed during program runs.

Binary Analysis - Tracks execution paths of black-box binaries using emulation to find memory bugs without original source code.

Security Vulnerability Scanners - Finds software bugs and security flaws by generating and mutating test inputs based on observed code coverage.

User-Mode Emulation - Monitors execution paths of pre-compiled binaries by running them through an emulator to intercept instructions.

Binary Instrumentation - Tracks execution paths in compiled binaries using emulation to monitor behavior without source code.

Binary Fuzzing - Provides the ability to execute target binaries with mutated inputs to trigger crashes and memory bugs.

Fuzz Testing - Executes programs with mutated inputs to trigger crashes and identify faults through coverage-guided fuzzing.

Test Case Minimizers - Reduces crashing test cases by iteratively removing bytes while ensuring the crash still occurs.

Parallel Fuzzing Distributions - Spreads fuzzing workloads across multiple CPU cores or networked machines to accelerate discovery.

Code Instrumentation Utilities - Injects coverage tracking into programs during compilation by replacing the standard C or C++ compiler.

Corpus Management - Organizes seed inputs in a queue to prioritize the mutation of inputs that explore new or rare code paths.

Shared-Memory Coverage Bitmaps - Tracks code execution paths using a globally accessible bit-map that records which basic blocks were visited.

Compiler-Based Instrumentation - Inserts tracking code into binaries during compilation by replacing the standard compiler toolchain.

Dictionary-Based Mutations - Improves mutation efficiency for complex file formats by using specific keywords or magic tokens as seeds.

Crash Analysis Workflows - Reduces crashing input files to their smallest form and enumerates reachable paths to simplify vulnerability debugging.

Crash Path Analysis - Enumerates reachable code paths that maintain a crashing state to determine if a fault is exploitable.

Test Case Minimization - Reduces crashing input files to their smallest form while preserving the execution path to simplify debugging.

Security Tools - Free software fuzzer for security testing.

AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault.

The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sections of input files.

Its broader capabilities include binary and source code instrumentation for tracking execution paths, as well as crash path exploration to determine if faults are exploitable. The system provides automated software testing via binary fuzzing and a crash analysis workflow to simplify vulnerability debugging.

Features