project awesome

Fuzzing

Automated software testing technique that involves feeding pseudo-randomly generated input data.

Collection 958 stars GitHub

Contents

IEEE Symposium on Security and Privacy (IEEE S&P)
USENIX Security
ACM Conference on Computer and Communications Security (ACM CCS)
ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

File
API
CPU
Web
Blockchain
DBMS

Books

Fuzzing-101 3.7k updated 1y ago

Papers

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles, 2021

https://beerkay.github.io/papers/Berkay2021PGFuzzNDSS.pdf

Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018

https://lifeasageek.github.io/papers/han:meds.pdf

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017 12.0k updated yesterday

HFL: Hybrid Fuzzing on the Linux Kernel, 2020

https://www.unexploitable.systems/publication/kimhfl/

HYPER-CUBE: High-Dimensional Hypervisor Fuzzing, 2020

https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2020/02/07/Hyper-Cube-NDSS20.pdf

IEEE Symposium on Security and Privacy (IEEE S&P)

FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 37 updated 3y ago

https://github.com/purseclab/fuzzusb/blob/main/paper/fuzzusb.pdf

USENIX Security

kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

ACM Conference on Computer and Communications Security (ACM CCS)

HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021

https://www.microsoft.com/en-us/research/uploads/prod/2021/09/hyperfuzzer-ccs21.pdf

ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

Complementing Model Learning with Mutation-Based Fuzzing, 2016

MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020

A Review of Machine Learning Applications in Fuzzing, 2019

Evolutionary Fuzzing of Android OS Vendor System Services, 2019

MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019

TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing, 2018

DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018

NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018

EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018 67 updated 6y ago

REST-ler: Automatic Intelligent REST API Fuzzing, 2018

Deep Reinforcement Fuzzing, 2018

Not all bytes are equal: Neural byte sieve for fuzzing, 2017

Faster Fuzzing: Reinitialization with Deep Neural Models, 2017

Learn&Fuzz: Machine Learning for Input Fuzzing, 2017

Complementing Model Learning with Mutation-Based Fuzzing, 2016

Tools

File

AFL++ 6.4k updated 3d ago

AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Angora 955 updated 3y ago

Angora is a mutation-based coverage guided fuzzer. The main goal of Angora is to increase branch coverage by solving path constraints without symbolic execution.

API

MINER 43 updated 3y ago

MINER is a REST API fuzzer that utilizes three data-driven designs working together to guide the sequence generation, improve the request generation quality, and capture the unique errors caused by incorrect parameter usage.

RestTestGen 62 updated 3mo ago

RestTestGen is a robust tool and framework designed for automated black-box testing of RESTful web APIs.

GraphFuzz 10 updated 3y ago

GraphFuzz is an experimental framework for building structure-aware, library API fuzzers.

Minerva 35 updated 2y ago

Minerva is a browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.

FANS 265 updated 5y ago

FANS is a fuzzing tool for fuzzing Android native system services. It contains four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

CPU

DifuzzRTL is a differential fuzz testing approach for CPU verification.

MorFuzz 49 updated 11mo ago

MorFuzz is a generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.

SpecFuzz is a tool to enable fuzzing for Spectre vulnerabilities

Transynther 19 updated 5y ago

Transynther automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.

Web

TEFuzz 17 updated 3y ago

TEFuzz is a tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.

Witcher 104 updated 2y ago

Witcher is a web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.

CorbFuzz 5 updated 4y ago

CorbFuzz is a state-aware fuzzer for generating as much reponses from a web application as possible without need of setting up database, etc.

Blockchain

Fluffy 62 updated 4y ago

Fluffy is a multi-transaction differential fuzzer for finding consensus bugs in Ethereum.

LOKI 20 updated 2y ago

LOKI is a blockchain consensus protocol fuzzing framework that detects the consensus memory related and logic bugs.

DBMS

Squirrel 210 updated 3y ago

Squirrel is a fuzzer for database managment systems (DBMSs).