37 个仓库
Tools and frameworks designed for automated bug discovery and kernel testing.
Explore 37 awesome GitHub repositories matching part of an awesome list · Fuzzing Frameworks. Refine with filters or upvote what's useful.
Syzkaller is an unsupervised, coverage-guided kernel fuzzer that automatically generates and mutates system call sequences to find bugs in operating system kernels. It operates without human intervention, using a closed feedback loop of input generation, execution, crash detection, and corpus refinement to continuously explore kernel code paths. The fuzzer distinguishes itself by supporting multiple operating system kernels, including Linux, FreeBSD, and Windows, through per-platform syscall harnesses that abstract system call interfaces behind a common driver. It uses declarative description
Distributed, coverage-guided fuzzer for Linux kernel syscalls.
go-fuzz 是一款覆盖率引导的随机测试工具,用于识别 Go 代码中的崩溃和逻辑错误。它由一个根据代码执行路径演化随机输入的模糊测试器(fuzzer)、一个用于跟踪覆盖率的二进制插桩工具以及一个种子语料库管理器组成。 该工具利用编译时二进制插桩来监控分支覆盖率,并采用反馈驱动的变异循环来优先处理到达代码库新部分的数据输入。它包括用于比较差异测试的功能,通过使用相同的随机输入执行同一逻辑的不同实现来识别逻辑错误。 该系统处理随机输入的生成以压力测试复杂的格式解析器,并提供用于种子语料库最小化和去重的实用程序。它可以导出插桩后的归档文件,以便在 Linux 上的模糊测试引擎中执行。
Coverage-guided testing tool for Go packages.
This is a public archive of vulnerability findings, proof-of-concept code, and technical reports detailing security flaws discovered in third-party software. It functions as a coordinated vulnerability disclosure platform, enabling private reporting to vendors and structured publication of advisories after a fix is released or a 90-day deadline passes. The repository provides modular security analysis tooling—standalone scripts and binaries each targeting a specific bug class for automated detection—alongside a cross-platform fuzzing framework that runs tests across multiple operating systems
Runs fuzz tests across multiple operating systems and architectures to uncover software defects.
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Easy-to-use fuzzer with coverage-guided feedback and analysis.
a general-purpose fuzzer
General-purpose fuzzer and test case generator.
Coverage-guided, in-process fuzzing for the JVM
Coverage-guided, in-process fuzzer for the Java Virtual Machine.
Linux kernel source tree
Library for running the kernel in userspace for fuzzing.
RetroWrite -- Retrofitting compiler passes through binary rewriting
Static instrumentation tool for binary fuzzing.
AFL/QEMU fuzzing with full-system emulation.
Hardware-assisted fuzzer for kernel testing.
Directed Greybox Fuzzing with AFL
Directed greybox fuzzer for targeting specific program locations.
🌪️ Application fuzzer
Transparent input fuzzer that intercepts and mutates file operations.
ANTLR v4 grammar-based test generator
Grammar-based file format fuzzer using ANTLR v4.
Peach is a fuzzing framework which uses a DSL for building fuzzers and an observer based architecture to execute and monitor them.
Framework for creating custom smart and dumb fuzzers.
Janus: a state-of-the-art file system fuzzer on Linux
Framework for filesystem fuzzing.
Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM
Binary code-coverage fuzzer for macOS based on libFuzzer.
SOSP'25 Automatic checker synthesis for system-level static analysis
Static analysis tool using LLM-synthesized checkers.
VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
Fuzzing framework for wireless stacks via VirtIO.
Bug hunting through fuzzer/*-sanitizer/etc...
Tools for kernel quality assurance and security.
Sloth 🦥 is a coverage guided fuzzing framework for fuzzing Android Native libraries that makes use of libFuzzer and QEMU user-mode emulation
Coverage-guided framework for fuzzing Android native libraries.
Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints
Virtual machine checkpointing for accelerated driver fuzzing.