Skip to content

Fuzzing

Awesome Fuzzing Awesome

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!

Books

Talks

Papers

To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019. It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

Tools

Information about the various open source tools you can use to leverage fuzz testing. The items in this section have been organized and classified based on the standards set by the https://fuzzing-survey.org/ website. Although there are currently more than 35 categories, we have selected the most relevant ones to provide efficient information. Additionally, items that are outdated and deprecated have been excluded, and only those that are currently usable are listed.

File

  • AFL++ - AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
  • Angora - Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

Kernel

Network

API

  • IvySyn - IvySyn is a fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.
  • MINER - MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request generation quality, and capture the unique errors caused by incorrect parameter usage.
  • RestTestGen - RestTestGen is a robust tool and framework designed for automated black-box testing of RESTful web APIs.
  • GraphFuzz - GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.
  • Minerva - Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.
  • FANS - FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

JavaScript

Firmware

Hypervisor

CPU

  • DifuzzRTL - DifuzzRTL is a differential fuzz testing approach for CPU verification.
  • MorFuzz - MorFuzz is a generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.
  • SpecFuzz - SpecFuzz is a tool to enable fuzzing for Spectre vulnerabilities
  • Transynther - Transynther automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.

Lib

Web

  • TEFuzz - TEFuzz is a tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.
  • Witcher - Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.
  • CorbFuzz - CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.

DOM

Argument

Blockchain

  • Fluffy - Fluffy is a multi-transaction differential fuzzer for finding consensus bugs in Ethereum.
  • LOKI - LOKI is a blockchain consensus protocol fuzzing framework that detects the consensus memory related and logic bugs.

DBMS

  • Squirrel - Squirrel is a fuzzer for database managment systems (DBMSs).

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, cpuu has waived all copyright and related or neighboring rights to this work.