8 repository-uri
Generating mutated test inputs based on the observed code paths to maximize program exploration.
Distinct from Coverage-Guided Fuzzing Integration: Candidates focus on integration with other tools or general coverage metrics rather than the core fuzzing engine mechanism.
Explore 8 awesome GitHub repositories matching security & cryptography · Coverage-Guided Fuzzing. Refine with filters or upvote what's useful.
Wasm3 este un interpretor WebAssembly conceput pentru integrarea în runtime-uri embedded. Acesta permite executarea logicii binare portabile pe microcontrolere și hardware cu resurse limitate, oferind suport pentru module care utilizează WebAssembly System Interface pentru a interacționa cu resursele sistemului. Runtime-ul folosește interpretarea bytecode bazată pe registre și dispatch-ul direct-threaded pentru a mapa registrele virtuale la registrele fizice ale CPU-ului. Include o interfață host-call pentru a mapa importurile la funcții C și utilizează validarea statică a modulelor pentru a se asigura că bytecode-ul respectă regulile specificațiilor înainte de execuție. Proiectul oferă gestionarea resurselor prin limite de alocare a memoriei liniare și contorizarea consumului de instrucțiuni (gas metering) pentru a preveni buclele infinite și epuizarea sistemului. Observabilitatea este gestionată prin tracing-ul execuției, monitorizarea fluxului și profilarea operațiunilor interpretorului. Pentru dezvoltare și asigurarea calității, runtime-ul include un REPL interactiv și suportă fuzzing ghidat de acoperire.
Supports detecting security vulnerabilities and crashes by feeding randomized input into the runtime using coverage-guided fuzzing.
AFL++ is a coverage-guided fuzzing framework that discovers crashes and hangs in software by mutating inputs while tracking which code paths are exercised. It functions as both a fuzzing engine and a campaign manager, supporting targets with or without source code through compile-time instrumentation, dynamic binary instrumentation, and emulation. The framework includes tools for crash triage and analysis, test case minimization, and campaign deployment across local or distributed environments. The framework distinguishes itself through its breadth of instrumentation backends, allowing users
Drives programs with mutated inputs while tracking code coverage to discover crashes and hangs.
Syzkaller is an unsupervised, coverage-guided kernel fuzzer that automatically generates and mutates system call sequences to find bugs in operating system kernels. It operates without human intervention, using a closed feedback loop of input generation, execution, crash detection, and corpus refinement to continuously explore kernel code paths. The fuzzer distinguishes itself by supporting multiple operating system kernels, including Linux, FreeBSD, and Windows, through per-platform syscall harnesses that abstract system call interfaces behind a common driver. It uses declarative description
Syzkaller guides fuzzing by using code coverage signals to steer input generation toward unexplored kernel paths and increase bug yield.
ClusterFuzz is an automated platform that runs coverage-guided fuzzers at scale to find security and stability bugs in software. It orchestrates libFuzzer and AFL++ across distributed clusters of worker bots, collecting coverage feedback to guide input mutation and discover crashes. The platform provides a web-based dashboard for configuring fuzzing jobs, monitoring progress, and inspecting crash reports, with role-based access control to restrict sensitive features. The system automates the full fuzzing lifecycle, from build pipeline integration and corpus management to crash triage and bug
An automated platform that runs coverage-guided fuzzers at scale to find security and stability bugs in software.
go-fuzz este un instrument de testare randomizată ghidat de acoperire (coverage-guided) pentru identificarea crash-urilor și a bug-urilor de logică în codul Go. Acesta constă într-un fuzzer care evoluează input-urile aleatorii pe baza căilor de execuție a codului, un instrument de instrumentare care produce binare pentru urmărirea acoperirii și un manager de corpus de semințe (seed corpus). Instrumentul utilizează instrumentarea binară la momentul compilării pentru a monitoriza acoperirea ramurilor și folosește o buclă de mutație bazată pe feedback pentru a prioritiza input-urile care ajung în secțiuni noi ale bazei de cod. Include capabilități pentru testarea diferențială comparativă pentru a identifica erorile de logică prin executarea unor implementări diferite ale aceleiași logici cu același input randomizat. Sistemul gestionează generarea de input-uri randomizate pentru a testa sub stres parserele de formate complexe și oferă utilitare pentru minimizarea și deduplicarea corpusurilor de semințe. Poate exporta arhive instrumentate pentru execuție în cadrul unui motor de fuzzing pe Linux.
A coverage-guided randomized testing tool specifically designed to find crashes and memory leaks in Go code.
AFL is a coverage-guided fuzzer and security vulnerability scanner used to identify software bugs and memory corruption by feeding programs mutated data. It functions as a binary instrumentation tool and a test case minimizer to locate crashes and isolate the smallest set of bytes causing a fault. The project distinguishes itself through its ability to operate as a parallel fuzzing orchestrator, distributing workloads across multiple CPU cores or networked machines. It utilizes dictionary-based mutation for complex file formats and performs input sensitivity analysis to identify critical sect
Implements a core engine that discovers vulnerabilities by mutating inputs based on observed code coverage.
Fuzzing101 is an educational resource providing a structured curriculum and containerized security labs for learning software fuzzing and vulnerability research. It functions as a training course that guides users through the process of identifying security flaws using systematic input manipulation and memory corruption analysis. The project distinguishes itself by providing isolated environments that ensure consistent build dependencies for practicing software instrumentation and crash triaging. It includes a practical tutorial on using evolutionary fuzzing engines and instrumentation tools
Provides a practical environment for using evolutionary fuzzing engines to discover memory corruption bugs in open source code.
This project is a comprehensive software fuzzing knowledge base and technical guide designed for discovering software bugs and vulnerabilities. It serves as a resource for implementing coverage-guided, structure-aware, and hybrid fuzzing across various targets, including compiled binaries and hardware kernels. The resource provides specialized guidance on using grammars and defined data formats to generate syntactically valid inputs for complex APIs. It also details methods for combining grey-box fuzzing with symbolic execution to reach deep execution paths and utilizes binary instrumentation
Implements coverage-guided fuzzing mechanisms that use executed code paths to drive input mutations.