Fuzzing101
sharpfuzz
Fuzzing101 | sharpfuzz | |
---|---|---|
5 | 1 | |
2,269 | 351 | |
- | - | |
0.0 | 6.5 | |
over 1 year ago | 2 months ago | |
C# | ||
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Fuzzing101
-
Gaining kernel code execution on an MTE-enabled Pixel 8
This work comes from GitHub's Security Lab https://securitylab.github.com/
-
How I Luckily Crashed Vim in 5 Minutes
So I came back to those reports, and saw that new ones were disclosed. Octavio Gianatiempo had reported some issues in Vim, and I decided to contact him, in order to see if I could get some insights. Luckily, besides some really good materials which I am going to be putting in the end of the post, he had exactly what I was looking for, a repository with challenges and solutions involving fuzzing. This repository is called Fuzzing101.
- Fuzzing-101: learn how to fuzz like a real expert
- Fuzzing 101 - Do you want to learn how to fuzz like a real expert, but don't know how to start? If so, this is the course for you!
- Fuzzing 101 by Antonio Morales and Van Hauser
sharpfuzz
-
When do you consider your unit tests be "enough"?
Because of the above I've generally been using tools like Stryker.NET and FsCheck to augment my testing suite. I'm still doing unit testing to find the more obvious "I haven't had my coffee, let's make sure I'm doing what I think I'm doing" bugs. I'm just using things like mutation testing, property testing, fuzzing, etc. to find the deeper issues in my code. There's a ton of libraries out there, including one that I've built for myself to help with testing but FsCheck and Stryker are just beautiful. And if you're interested in fuzzing, SharpFuzz is a great option. But that one isn't quite as easy of an on ramp compared to the other two that I mentioned.
What are some alternatives?
wtf - wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
Stryker.NET - Mutation testing for .NET core and .NET framework!
libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
FsCheck - Random Testing for .NET
clusterfuzzlite - ClusterFuzzLite - Simple continuous fuzzing that runs in CI.
AFLplusplus - The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
cfuzzer - url-fuzzer
libfuzzer - Rust bindings and utilities for LLVM’s libFuzzer