Skip to main content

Awesome Fuzzing

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!

Contents

Books

Talks

Papers

To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019. It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

Tools

Information about the various open source tools you can use to leverage fuzz testing.

General-purpose

  • radamsa - A general-purpose fuzzer.
  • zzuf - A transparent application input fuzzer.
  • FireCracker - BLST CLI tool takes your HTTP logs, uses them to map your API flows and find risks.

Binary

  • American Fuzzy Lop plus plus (AFL++) - A superior fork to Google's AFL. more speed, more and better mutations, more and better instrumentation, custom module support, etc. paper
  • American fuzzy lop - A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
  • WinAFL - A fork of AFL for fuzzing Windows binaries.
  • libFuzzer - A library for coverage-guided fuzz testing. Tutorial from Google.
  • Driller - An implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer.
  • shellphish fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality.
  • Eclipser - A binary-based fuzz testing tool that improves upon classic coverage-based fuzzing by leveraging a novel technique called grey-box concolic testing.
  • Jazzer - A coverage-guided, in-process fuzzer for the Java Virtual Machine. It is based on libFuzzer and can be applied directly to compiled applications.

Web, JavaScript

Network protocol

  • dtls-fuzzer - A Java tool which performs protocol state fuzzing of DTLS servers.
  • T-Fuzz - T-Fuzz leverages a coverage guided fuzzer to generate inputs.
  • TLS-Attacker - A Java-based framework for analyzing TLS libraries.
  • DELTA - SDN Security evaluation framework.
  • boofuzz - Network Protocol Fuzzing for Humans. Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides.
  • LL-Fuzzer - An automated NFC fuzzing framework for Android devices.
  • tlsfuzzer - A SSL and TLS protocol test suite and fuzzer.
  • TumbleRF - A framework that orchestrates the application of fuzzing techniques to RF systems.
  • PULSAR - A method for stateful black-box fuzzing of proprietary network protocols.
  • SPIKE - A fuzzer development framework like sulley, a predecessor of sulley.
  • PROTOS - Security testing of protocol implementations.
  • MTF - A Modbus/TCP Fuzzer for testing internetworked industrial systems
  • MTF-Storm - A high performance fuzzer for Modbus/TCP.

Driver

  • Charm - A system solution that facilitates dynamic analysis of device drivers of mobile systems.

Platform

  • certfuzz - It contains the source code for the CMU CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
  • Peach Fuzzer Platform - An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.
  • Blackhat USA 2018 AFL workshop training materials - From @wrauner at Samsung Research.
  • CI Fuzz - A CI/CD-agnostic platform for feedback-based fuzz testing of both native applications and Java web apps.

Contribute

Contributions welcome! Read the contribution guidelines first.

License

http://creativecommons.org/publicdomain/zero/1.0

To the extent possible under law, cpuu has waived all copyright and related or neighboring rights to this work.

Contribute to this list: https://github.com/cpuu/awesome-fuzzing