30 open-source projects similar to google/afl, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best AFL alternative.
AFL++ is a coverage-guided fuzzing framework that discovers crashes and hangs in software by mutating inputs while tracking which code paths are exercised. It functions as both a fuzzing engine and a campaign manager, supporting targets with or without source code through compile-time instrumentation, dynamic binary instrumentation, and emulation. The framework includes tools for crash triage and analysis, test case minimization, and campaign deployment across local or distributed environments. The framework distinguishes itself through its breadth of instrumentation backends, allowing users
ClusterFuzz is an automated platform that runs coverage-guided fuzzers at scale to find security and stability bugs in software. It orchestrates libFuzzer and AFL++ across distributed clusters of worker bots, collecting coverage feedback to guide input mutation and discover crashes. The platform provides a web-based dashboard for configuring fuzzing jobs, monitoring progress, and inspecting crash reports, with role-based access control to restrict sensitive features. The system automates the full fuzzing lifecycle, from build pipeline integration and corpus management to crash triage and bug
go-fuzz is a coverage-guided randomized testing tool for identifying crashes and logic bugs in Go code. It consists of a fuzzer that evolves random inputs based on code execution paths, an instrumentation tool that produces binaries for tracking coverage, and a seed corpus manager. The tool utilizes compile-time binary instrumentation to monitor branch coverage and employs a feedback-driven mutation loop to prioritize inputs that reach new sections of the codebase. It includes capabilities for comparative differential testing to identify logic errors by executing different implementations of
Syzkaller is an unsupervised, coverage-guided kernel fuzzer that automatically generates and mutates system call sequences to find bugs in operating system kernels. It operates without human intervention, using a closed feedback loop of input generation, execution, crash detection, and corpus refinement to continuously explore kernel code paths. The fuzzer distinguishes itself by supporting multiple operating system kernels, including Linux, FreeBSD, and Windows, through per-platform syscall harnesses that abstract system call interfaces behind a common driver. It uses declarative description
Schemathesis is a property-based testing tool and fuzzer for schema-based APIs. It analyzes OpenAPI and JSON Schema specifications to automatically generate test cases that identify crashes, schema violations, and validation bypasses. The project functions as a contract validator and security scanner, verifying that a live server strictly adheres to its defined specifications. The framework distinguishes itself through stateful API testing, which chains multiple related requests together to uncover bugs that only emerge during complex, multi-step user workflows. It also utilizes response-driv
Angr is a binary analysis framework and static analysis tool used for reverse engineering compiled binaries. It serves as a binary decompiler and a lifting platform that translates machine code into a common intermediate representation to enable cross-architecture analysis. The framework integrates a symbolic execution engine and constraint solvers to determine the inputs required to reach specific program states. It also employs untrusted code sandboxing to isolate guest code from the host environment during analysis. Its capabilities cover control flow and data flow analysis, including the
pwndbg is a GDB plugin and binary analysis framework designed for reverse engineering, exploit development, and low-level program analysis. It extends the core functionality of the debugger to provide advanced memory inspection and automation tools. The project distinguishes itself with specialized capabilities for heap analysis across glibc, jemalloc, and musl, as well as a comprehensive kernel debugging toolkit for inspecting Linux kernel tasks and slab allocators. It includes an integrated ROP gadget searcher for constructing exploit chains and an LLM-powered debugging assistant that provi
fast-check is a property-based testing framework and random data generator designed to verify software invariants by producing a wide range of randomized input data. It functions as a test data fuzzer that executes predicates against high volumes of random inputs to uncover edge cases and critical bugs. The project is distinguished by its ability to perform input-shrinking searches, which reduce complex failing inputs to their simplest form to isolate the exact cause of failure. It provides deterministic seed replay to exactly reproduce specific test failures and includes a concurrency testin
Box64 is a cross-architecture runtime and user-mode emulation layer that allows Linux and Windows software to run on non-native hardware. It functions as an x86-64 instruction emulator and binary translator, executing 64-bit binaries on different CPU architectures by translating machine code into native instructions. The project utilizes dynamic recompilation to accelerate execution and maps guest system calls to native host libraries to increase speed and hardware compatibility. It can simulate a 32-bit execution environment to support legacy software and integrates with the operating system
xHook is a low-level instrumenter and hooking library for Android ELF binaries. It functions as a framework for intercepting native symbols and redirecting function calls by modifying the procedure linkage table. The tool utilizes regular expressions to filter specific binary files and symbols for interception. It enables the redirection of native calls toward custom function implementations without altering the original binary files. The framework covers dynamic symbol resolution, ELF table modification, and security analysis of native libraries. It also includes stability mechanisms that u
The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the security of mobile applications. It provides a standardized reference for identifying and validating common software security weaknesses and performing reverse engineering based on industry standards. The project provides a structured set of technical processes and checklists used to audit applications against established security weakness enumerations. It encompasses guidance for analyzing application binaries and runtime behavior to identify hidden functionality and security ga
A True Instrumentable Binary Emulation Framework
Dobby is a dynamic function hooking framework and binary instrumentation tool designed to intercept and redirect function calls in compiled binaries. It serves as a cross-platform and cross-architecture library that provides a unified interface for modifying program execution flow across different operating systems and CPU architectures. The library enables low-level binary instrumentation and runtime application instrumentation by injecting custom handlers into live processes. It is used for software reverse engineering to observe real-time data flow and logic by hooking internal functions.
Objection is a dynamic instrumentation framework and runtime exploration toolkit for mobile application security analysis. It provides a command-line interface to interact with the memory and state of iOS and Android applications during active execution, serving as a toolkit for runtime analysis and security testing. The project distinguishes itself by providing specialized capabilities to bypass common mobile security controls, including SSL pinning, biometric authentication, and root or jailbreak detection. It enables the extraction of sensitive credentials and data from secure storage syst
ipsw is a specialized toolkit for iOS firmware analysis, binary reverse engineering, and hardware interaction. It provides a suite of tools for downloading, extracting, and analyzing firmware images and kernel caches, alongside a MachO binary analysis tool for disassembling and patching executables. The project distinguishes itself through integrated language-model-powered code reconstruction to translate machine code into high-level source code. It also features an automation client for the App Store Connect API to manage certificates and application settings. The framework covers a broad r
Detours is a library for intercepting Win32 API calls and redirecting function calls at runtime on Windows, enabling binary-level instrumentation without requiring access to the original source code. It functions as an API hooking library and binary instrumentation toolkit, allowing developers to monitor or modify the behavior of compiled Windows binaries by hooking into their function execution paths. The project achieves this through detour-based function interception, where the first few instructions of a target function are replaced with a jump to a user-supplied detour function, while pr
Ish is a Linux shell emulator for iOS that provides a local terminal environment for running shell commands and managing files. It functions as an instruction-level emulator that enables the execution of Linux binaries on mobile devices by simulating an Alpine Linux environment. The project distinguishes itself by combining user-mode Linux emulation with a virtual root filesystem. This allows the software to map Linux kernel system calls to host functions and execute scripts and toolsets directly on an iPhone or iPad. The emulator also provides low-level program debugging capabilities, inclu
Fishhook is a binary instrumentation library for iOS and iOS simulators. It functions as a Mach-O symbol rebinder and instrumenter, allowing for the replacement of system library implementations with custom logic at runtime. The project redirects function calls by updating lazy and non-lazy symbol pointers within Mach-O binary data segments. This approach enables the interception and modification of existing function behavior without altering the original binary on disk. The toolset covers binary instrumentation and dynamic hooking for iOS applications, facilitating the monitoring and altera
This project is a suite of runtime diagnostic tools designed to detect memory leaks, concurrency races, and language-specification violations during software execution. It provides a collection of dynamic analysis tools that identify addressability issues, uninitialized memory usage, and memory safety bugs in applications. The toolset includes a thread safety analyzer to identify data races and deadlocks in concurrent code, as well as an undefined behavior sanitizer to detect operations that violate language specifications. The system covers broad capabilities in memory safety monitoring and
gosec is a static analysis security tool designed to scan Go source code for vulnerabilities and common coding flaws. It functions as a security analyzer that inspects the abstract syntax tree to identify insecure function calls, API usage, and potential security risks. The tool distinguishes itself by mapping detected vulnerabilities to Common Weakness Enumeration identifiers for standardized reporting and integrating with external AI models to suggest code fixes for identified issues. Its capabilities cover the detection of injection vulnerabilities, hardcoded credentials, weak cryptograph
proot-distro is a rootless container runtime and Linux distribution manager that allows users to install and run isolated guest environments without requiring administrative root privileges. It utilizes PRoot to simulate root access and filesystem redirection, enabling the deployment of full Linux distributions in a non-root space. The project functions as an OCI container image handler, capable of building, pulling, and pushing OCI-compatible images and manifests. It further serves as a cross-architecture execution layer, utilizing user-mode emulation to run binaries and containers built for
WeChatOpenDevTools-Python is a set of software utilities designed to bypass environment restrictions to enable debugging and element inspection for web and mini program applications. It functions as a developer tool unlocker and web inspector activator to force the activation of integrated inspection tools. The project provides specialized capabilities for debugging and reverse engineering WeChat mini programs. This includes the ability to access hidden developer consoles to analyze the structure, network requests, and behavior of active mini programs and web content. These utilities utilize
Byte Buddy is a runtime code generation and bytecode manipulation library for Java. It provides a fluent API for creating and modifying Java classes during execution, enabling developers to define class structures, methods, and fields programmatically without requiring a compiler or direct bytecode assembly. The library supports agent-based class transformation, allowing loaded classes to be modified during JVM startup or runtime through a Java agent that intercepts class loading. It offers bytecode-level method interception for fine-grained control over method behavior, annotation-based code
This project is a curated collection of guidelines and technical resources designed to improve C++ code safety, maintainability, and performance. It provides a comprehensive set of coding standards and best practices for establishing consistent naming, formatting, and structural patterns across C++ codebases. The guide offers specific technical advice on performance optimization, including methods for minimizing object copying, optimizing memory allocation, and reducing compilation cycles. It also provides a directory of tooling recommendations for implementing static analysis, fuzz testing,
nyc is a JavaScript code coverage tool and command-line interface that instruments source files to track the execution of lines, branches, and functions during test runs. It acts as a wrapper for Node.js test runners, intercepting the module loading process to collect coverage data. The tool functions as a coverage data merger and build gating tool, allowing users to combine results from multiple independent test runs or child processes into a single unified report. It can automatically fail the build process if code coverage percentages fall below defined minimum thresholds. The project sup
This is a Rust image processing library designed for encoding and decoding various image file formats and manipulating pixels. It provides a digital image manipulation toolkit and a set of image format codecs to read data from files and write memory buffers into standard formats. The library features a pure-Rust processing pipeline to ensure memory safety and cross-platform compatibility. It includes a pluggable hook system for dynamic format registration, allowing external crates to register custom decoders and encoders at runtime. The capability surface covers geometry manipulation for res
MBE is a security research educational resource providing binary exploitation courseware and a deployable CTF wargame environment. It functions as a structured curriculum of labs and materials designed for learning reverse engineering and memory corruption. The project provides containerized lab infrastructure and a binary analysis toolchain to ensure a controlled setting for vulnerability research. It utilizes isolated environments to deploy binary exploitation tasks, preventing interference and system instability. The system covers the provisioning of vulnerable environments through virtua
AsmJit is a runtime machine code generator and JIT compiler backend that translates high-level definitions into executable processor instructions. It provides a unified instruction emission API and an executable memory manager to allocate and protect virtual memory pages across multiple CPU architectures. The library functions as an assembly engine for x86 and ARM, supporting cross-platform assembly generation through a unified backend. It enables the creation of optimized machine code for different CPUs while maintaining a single codebase. The project covers low-level system abstractions in