American Fuzzy Lop vs boofuzz

American Fuzzy Lop

american fuzzy lop - a security-oriented fuzzer (by google)

Suggest topics

DISCONTINUED

Suggest alternative

Edit details

boofuzz

A fork and successor of the Sulley Fuzzing Framework (by jtpereyda)

Fuzzing Python Security

Source Code

Suggest alternative

Edit details

Our great sponsors

WorkOS - The modern identity platform for B2B SaaS

InfluxDB - Power Real-Time Data Analytics at Scale

SaaSHub - Software Alternatives and Reviews

Our great sponsors

American Fuzzy Lop		boofuzz
	Project
21	Mentions	1
2,903	Stars	1,954
-	Growth	-
0.0	Activity	7.2
almost 3 years ago	Latest Commit	9 days ago
C	Language	Python
Apache License 2.0	License	GNU General Public License v3.0 only

The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

American Fuzzy Lop

Posts with mentions or reviews of American Fuzzy Lop. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-02-01.

Prefer table driven tests (2019)
6 projects | news.ycombinator.com | 1 Feb 2024

There's some efforts to guide test generation for property based testing to make the instruction pointer explore as large a space as possible.
This effort is more mature in the fuzzing community. See eg American Fuzzy Lop https://github.com/google/AFL
C++ Faker library
4 projects | /r/cpp | 4 Jul 2023

What you're describing, just generating random input to test a program, is sometimes called "blind fuzzing" but the state-of-the-art is far beyond that. Maybe try reading through the documentation of e.g. https://github.com/google/AFL to see what a fuzzer does and why just producing random input isn't even scratching the surface.
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
2 projects | /r/netsec | 19 Nov 2022

for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
How to fuzz java code with jazzar?
7 projects | dev.to | 22 Jul 2022

Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
One year ago I wrote a buddy memory allocator - project update
3 projects | /r/C_Programming | 19 Jul 2022

I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
Beariish/little: A small, easily embedded language implemented in a single .c file
2 projects | /r/C_Programming | 18 Jul 2022

afl, which is trivial to apply to this program:
TCL like interpreter suitable for embedded use
2 projects | /r/Tcl | 14 Jul 2022

I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
What's in your tool belt?
6 projects | /r/C_Programming | 7 Jul 2022

On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
Afl - American fuzzy lop - a security-oriented fuzzer
1 project | /r/github_trends | 11 Jun 2022
Difficulty of CSCA48 compared to other first year cs/math courses
1 project | /r/UTSC | 1 Apr 2022

b-, https://lcamtuf.coredump.cx/afl/

boofuzz

Posts with mentions or reviews of boofuzz. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-04-07.

Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
2 projects | /r/sysadmin | 7 Apr 2021

The one thing that's not really fully encapsulated in a lot of these comment chains below is the role of custom written fuzzers for competitions like this. Frameworks like AFL, BooFuzz, etc. A properly written test file will allow for most of the hunting to happen automagically by tampering with function calls or inputs until something crashes. By configuring an environment appropriately, you can run millions of test cases, and get the crashes logged to parse through later. This allows the researchers/exploit writers to only focus on the exceptions/traces that seem the most fruitful. This is one methodology, it's not the case for everyone, but most codebases are too big to go through the ASM by hand these days.

What are some alternatives?

When comparing American Fuzzy Lop and boofuzz you can also consider the following projects:

honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.

Cppcheck - static analysis of C/C++ code

CrossHair - An analysis tool for Python that blurs the line between testing and type systems.

PHP CPP - Library to build PHP extensions with C++

dirsearch - Web path scanner

HTTP Parser - http request/response parser for c

FDsploit - File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.

ZXing - ZXing ("Zebra Crossing") barcode scanning library for Java, Android

hypothesis - Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

netzob - Netzob: Protocol Reverse Engineering, Modeling and Fuzzing