# google/afl

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/google-afl).**

4,064 stars · 668 forks · C · apache-2.0 · archived

## Links

- GitHub: https://github.com/google/AFL
- Homepage: https://lcamtuf.coredump.cx/afl/
- awesome-repositories: https://awesome-repositories.com/repository/google-afl.md

## Description

AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault.

The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sections of input files.

Its broader capabilities include binary and source code instrumentation for tracking execution paths, as well as crash path exploration to determine if faults are exploitable. The system provides automated software testing via binary fuzzing and a crash analysis workflow to simplify vulnerability debugging.

## Tags

### Security & Cryptography

- [Coverage-Guided Fuzzing](https://awesome-repositories.com/f/security-cryptography/coverage-guided-fuzzing.md) — Implements a core engine that discovers vulnerabilities by mutating inputs based on observed code coverage. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))
- [Binary Fuzzing](https://awesome-repositories.com/f/security-cryptography/binary-fuzzing.md) — Provides the ability to execute target binaries with mutated inputs to trigger crashes and memory bugs. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))
- [Dictionary-Based Mutations](https://awesome-repositories.com/f/security-cryptography/dictionary-based-mutations.md) — Improves mutation efficiency for complex file formats by using specific keywords or magic tokens as seeds. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))

### Testing & Quality Assurance

- [Coverage-Guided Mutation](https://awesome-repositories.com/f/testing-quality-assurance/code-coverage-analysis/coverage-guided-mutation.md) — Generates new test inputs by mutating existing seeds and keeping those that increase observed code coverage.
- [Fuzz Testing](https://awesome-repositories.com/f/testing-quality-assurance/fuzz-testing.md) — Executes programs with mutated inputs to trigger crashes and identify faults through coverage-guided fuzzing.
- [Test Case Minimizers](https://awesome-repositories.com/f/testing-quality-assurance/test-case-minimizers.md) — Reduces crashing test cases by iteratively removing bytes while ensuring the crash still occurs.
- [Test Case Minimization](https://awesome-repositories.com/f/testing-quality-assurance/test-case-minimization.md) — Reduces crashing input files to their smallest form while preserving the execution path to simplify debugging. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))

### Part of an Awesome List

- [General Purpose Fuzzers](https://awesome-repositories.com/f/awesome-lists/devtools/general-purpose-fuzzers.md) — Finds software bugs by mutating inputs based on the code paths executed during program runs.
- [Binary Analysis](https://awesome-repositories.com/f/awesome-lists/security/binary-analysis.md) — Tracks execution paths of black-box binaries using emulation to find memory bugs without original source code.
- [Security Vulnerability Scanners](https://awesome-repositories.com/f/awesome-lists/security/security-vulnerability-scanners.md) — Finds software bugs and security flaws by generating and mutating test inputs based on observed code coverage.
- [Parallel Fuzzing Distributions](https://awesome-repositories.com/f/awesome-lists/devtools/fuzzing-and-analysis/fuzzing-orchestrators/parallel-fuzzing-distributions.md) — Spreads fuzzing workloads across multiple CPU cores or networked machines to accelerate discovery.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Free software fuzzer for security testing.

### Operating Systems & Systems Programming

- [User-Mode Emulation](https://awesome-repositories.com/f/operating-systems-systems-programming/user-mode-emulation.md) — Monitors execution paths of pre-compiled binaries by running them through an emulator to intercept instructions.
- [Shared-Memory Coverage Bitmaps](https://awesome-repositories.com/f/operating-systems-systems-programming/shared-memory-coverage-bitmaps.md) — Tracks code execution paths using a globally accessible bit-map that records which basic blocks were visited.

### Programming Languages & Runtimes

- [Binary Instrumentation](https://awesome-repositories.com/f/programming-languages-runtimes/binary-instrumentation.md) — Tracks execution paths in compiled binaries using emulation to monitor behavior without source code.
- [Compiler-Based Instrumentation](https://awesome-repositories.com/f/programming-languages-runtimes/compiler-based-instrumentation.md) — Inserts tracking code into binaries during compilation by replacing the standard compiler toolchain.

### Development Tools & Productivity

- [Code Instrumentation Utilities](https://awesome-repositories.com/f/development-tools-productivity/code-instrumentation-utilities.md) — Injects coverage tracking into programs during compilation by replacing the standard C or C++ compiler. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))

### DevOps & Infrastructure

- [Corpus Management](https://awesome-repositories.com/f/devops-infrastructure/queue-management/corpus-management.md) — Organizes seed inputs in a queue to prioritize the mutation of inputs that explore new or rare code paths.

### System Administration & Monitoring

- [Crash Analysis Workflows](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/failure-analysis-tools/crash-reporters/crash-reproduction/crash-analysis-workflows.md) — Reduces crashing input files to their smallest form and enumerates reachable paths to simplify vulnerability debugging.
- [Crash Path Analysis](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/failure-analysis-tools/crash-reporters/crash-reproduction/crash-path-analysis.md) — Enumerates reachable code paths that maintain a crashing state to determine if a fault is exploitable. ([source](https://cdn.jsdelivr.net/gh/google/afl@master/README.md))