Awesome Fuzzing Awesome

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.

A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.

Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!

Contents

Books

Talks

Papers

To achieve a well-defined scope, I have chosen to include publications on fuzzing in the last proceedings of 4 top major security conferences and others from Jan 2008 to Jul 2019. It includes (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).

The Network and Distributed System Security Symposium (NDSS)

IEEE Symposium on Security and Privacy (IEEE S&P)

USENIX Security

ACM Conference on Computer and Communications Security (ACM CCS)

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

The others

Tools

Information about the various open source tools you can use to leverage fuzz testing. ### General-purpose - radamsa - A general-purpose fuzzer. - zzuf - A transparent application input fuzzer. ### Binary - American fuzzy lop - A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. - WinAFL - A fork of AFL for fuzzing Windows binaries. - libFuzzer - A library for coverage-guided fuzz testing. Tutorial from Google. - Driller - An implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer. - shellphish fuzzer - A Python interface to AFL, allowing for easy injection of testcases and other functionality. - Eclipser - A binary-based fuzz testing tool that improves upon classic coverage-based fuzzing by leveraging a novel technique called grey-box concolic testing. - Jazzer - A coverage-guided, in-process fuzzer for the Java Virtual Machine. It is based on libFuzzer and can be applied directly to compiled applications. ### Web, JavaScript - jsfunfuzz - JavaScript engine fuzzers. - IFuzzer - An Evolutionary Interpreter Fuzzer Using Genetic Programming. - domato - DOM fuzzer from Google Project Zero. Blog Post. - fuzzilli - A (coverage-)guided Javascript engine fuzzer, written by Samuel Groß. - CodeAlchemist - JavaScript engine fuzzer, written by KAIST SoftSec Lab. - test-each - Repeat tests using different inputs. - gremlins.js - gremlins.js is a monkey testing library written in JavaScript. ### Network protocol - dtls-fuzzer - A Java tool which performs protocol state fuzzing of DTLS servers. - T-Fuzz - T-Fuzz leverages a coverage guided fuzzer to generate inputs. - TLS-Attacker - A Java-based framework for analyzing TLS libraries. - DELTA - SDN Security evaluation framework. - boofuzz - Network Protocol Fuzzing for Humans. Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides. - LL-Fuzzer - An automated NFC fuzzing framework for Android devices. - tlsfuzzer - A SSL and TLS protocol test suite and fuzzer. - TumbleRF - A framework that orchestrates the application of fuzzing techniques to RF systems. - PULSAR - A method for stateful black-box fuzzing of proprietary network protocols. - SPIKE - A fuzzer development framework like sulley, a predecessor of sulley. - PROTOS - Security testing of protocol implementations. ### Driver - Charm - A system solution that facilitates dynamic analysis of device drivers of mobile systems. ## Platform - certfuzz - It contains the source code for the CMU CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE). - Peach Fuzzer Platform - An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems. - Blackhat USA 2018 AFL workshop training materials - From @wrauner at Samsung Research. - CI Fuzz - A CI/CD-agnostic platform for feedback-based fuzz testing of both native applications and Java web apps.

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, cpuu has waived all copyright and related or neighboring rights to this work.