LibFuzzer
LibFuzzer is an in-process, coverage-guided, evolutionary fuzzing engine. LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entry point (or target function); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation. LibFuzzer is still fully supported in that important bugs will get fixed. The first step in using libFuzzer on a library is to implement a fuzz target, a function that accepts an array of bytes and does something interesting with these bytes using the API under test. Note that this fuzz target does not depend on libFuzzer in any way so it is possible and even desirable to use it with other fuzzing engines like AFL and/or Radamsa.
Learn more
Google OSS-Fuzz
OSS-Fuzz offers continuous fuzzing for open source software. Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community. OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz can run their own instances of ClusterFuzz or ClusterFuzzLite. Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, and Java/JVM code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
Learn more
Awesome Fuzzing
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.
Learn more
Atheris
Atheris is a coverage-guided Python fuzzing engine. It supports fuzzing of Python code, but also native extensions written for CPython. Atheris is based on libFuzzer. When fuzzing native code, Atheris can be used to catch extra bugs. Atheris supports Linux (32- and 64-bit) and Mac OS X, with Python versions 3.6-3.10. It comes with a built-in libFuzzer, which is fine for fuzzing Python code. If you plan to fuzz native extensions, you may need to build from source to ensure the libFuzzer version in Atheris matches your Clang version. Atheris relies on libFuzzer, which is distributed with Clang. Apple Clang doesn't come with libFuzzer, so you'll need to install a new version of LLVM. Atheris is based on a coverage-guided mutation-based fuzzer (LibFuzzer). This has the advantage of not requiring any grammar definition for generating inputs, making its setup easier. The disadvantage is that it will be harder for the fuzzer to generate inputs for code that parses complex data types.
Learn more