doubleback VS onefuzz

Compare doubleback vs onefuzz and see what are their differences.

doubleback

Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal. (by ironmeld)

onefuzz

A self-hosted Fuzzing-As-A-Service platform (by microsoft)
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
doubleback onefuzz
1 4
0 2,780
- -
0.0 0.0
over 2 years ago 6 months ago
C C#
GNU General Public License v3.0 or later MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

doubleback

Posts with mentions or reviews of doubleback. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-04-07.
  • What Is Fuzz Testing?
    5 projects | news.ycombinator.com | 7 Apr 2021
    The link below is a relatively simple example of differential fuzzing between implementations in different programming languages using AFL. It works by reading and writing to a second process it spawns and aborting on differences. Before writing this, I could not find any working examples of this technique, although I'm sure they are out there, somewhere.

    https://github.com/ironmeld/doubleback/blob/main/src/c/tests...

onefuzz

Posts with mentions or reviews of onefuzz. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-01-17.
  • Microsoft OneFuzz to Be Archived
    1 project | news.ycombinator.com | 24 Oct 2023
  • Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
    8 projects | news.ycombinator.com | 17 Jan 2022
    Learning how to is half the fun!

    There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).

    If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).

    There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)

    As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).

    Happy to answer any specifics of the sort :)

  • What Is Fuzz Testing?
    5 projects | news.ycombinator.com | 7 Apr 2021
    Microsoft’s OneFuzz is tackling some of these issues

    https://github.com/microsoft/onefuzz

    The biggest problem with fuzzing when it comes to “developer friendliness” isn’t just how to setup the fuzzer and the fact that you need to often write quite a bit of additional code to support fuzzing but that the results aren’t easily consumable.

    Getting a fuzzer to cause a crash or some unhandled exception isn’t particularly difficult understanding the actual implication of such crash is where these tools “fail”.

    SAST / DAST tools with all their issues such as false positives and relatively limited coverage at least provide actionable results.

    Fuzzing not only requires a much higher understanding of the code itself and of its execution but the results are often useless for many developers.

    Basically it doesn’t help you breach the gap between seeing a BSOD or a kernel panic and getting a working zero day.

  • Rnetsecs Q1 2021 Information Security Hiring
    1 project | /r/netsec | 3 Mar 2021
    To get a taste of our work, a few of the projects our group published recently: * Freta, a project to democratize full system memory forensics with trusted sensorsfor the cloud. * OneFuzz, a self hosted fuzzing as a service platform, used to scale fuzzing for multiple teams within Microsoft including Windows. * RESTler, the first stateful REST api fuzzer * RAFT, a self-hosted API testing orchestration engine, enabling developers to use RESTler and other api scanning & fuzzing tools in their CICD pipelines.

What are some alternatives?

When comparing doubleback and onefuzz you can also consider the following projects:

cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.

radamsa

beacon-fuzz - Differential Fuzzer for Ethereum 2.0

LuckyCAT - A distributed fuzzing management framework

American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer

fishnet - Distributed Stockfish analysis for lichess.org

i2p.i2p - I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.