Audience
Developers in search of a tool for testing their apps and evaluate the impact of crashing bugs
About american fuzzy lop
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor or resource-intensive testing regimes down the road. Compared to other instrumented fuzzers, afl-fuzz is designed to be practical, it has a modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases, say, common image parsing or file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.
Other Popular Alternatives & Related Software
go-fuzz
Go-fuzz is a coverage-guided fuzzing solution for testing Go packages. Fuzzing is mainly applicable to packages that parse complex inputs (both text and binary) and is especially useful for hardening systems that parse inputs from potentially malicious users (anything accepted over a network). go-fuzz has recently added preliminary support for fuzzing Go Modules. If you encounter a problem with modules, please file an issue with details. Data is a random input generated by go-fuzz, note that in most cases it is invalid. The function must return 1 if the fuzzer should increase the priority of the given input during subsequent fuzzing if the input must not be added to the corpus even if it gives new coverage, and 0 otherwise; other values are reserved for future use. The fuzz function must be in a package that go-fuzz can import. This means the code you want to test can't be in package main. Fuzzing internal packages is supported, however.
Learn more
Defensics Fuzz Testing
Defensics Fuzz Testing is a comprehensive, versatile, automated black box fuzzer that enables organizations to efficiently and effectively discover and remediate security weaknesses in software. The generational fuzzer takes an intelligent, targeted approach to negative testing. Advanced file and protocol template fuzzers enable users to build their own test cases. The SDK allows expert users to use the Defensics framework to develop their own test cases. Defensics is a black box fuzzer, meaning it doesn’t require source code to run. With Defensics, users can secure their cyber supply chain to ensure the interoperability, robustness, quality, and security of software and devices before introducing them into IT or lab environments. Defensics fits nearly any development workflow, whether in a traditional SDL or CI environment. Its API and data export capabilities also enable it to integrate with surrounding technologies, making it a true plug-and-play fuzzer.
Learn more
afl-unicorn
afl-unicorn lets you fuzz any piece of binary that can be emulated by Unicorn Engine. If you can emulate the code you’re interested in using the Unicorn Engine, you can fuzz it with afl-unicorn. Unicorn Mode works by implementing the block-edge instrumentation that AFL’s QEMU mode normally does into Unicorn Engine. Basically, AFL will use block coverage information from any emulated code snippet to drive its input generation. The whole idea revolves around the proper construction of a Unicorn-based test harness. The Unicorn-based test harness loads the target code, sets up the initial state, and loads in data mutated by AFL from disk. The test harness then emulates the target binary code, and if it detects that a crash or error occurred it throws a signal. AFL will do all its normal stuff, but it’s actually fuzzing the emulated target binary code. Only tested on Ubuntu 16.04 LTS, but it should work smoothly with any OS capable of running both AFL and Unicorn.
Learn more
LibFuzzer
LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.
Learn more
Pricing
Starting Price:
Free
Free Version:
Free Version available.
Integrations
Company Information
Google
United States
github.com/google/AFL
Videos and Screen Captures
You Might Also Like
Gen AI apps are built with MongoDB Atlas
MongoDB Atlas provides built-in vector search and a flexible document model so developers can build, scale, and run gen AI apps without stitching together multiple databases. From LLM integration to semantic search, Atlas simplifies your AI architecture—and it’s free to get started.
Product Details
Platforms Supported
Mac
Linux
Training
Documentation
Support
Online