fuzzing
Tutorials, examples, discussions, research proposals, and other resources related to fuzzing (by google)
javan-warty-pig
AFL-like fuzzer for the Java Virtual Machine (by cretz)
Our great sponsors
| fuzzing | javan-warty-pig | |
|---|---|---|
| 11 | 1 | |
| 3,342 | 49 | |
| 1.6% | - | |
| 2.2 | 0.0 | |
| 3 months ago | over 5 years ago | |
| C++ | Java | |
| Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fuzzing
Posts with mentions or reviews of fuzzing.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-14.
- Structure-Aware Fuzzing with Libfuzzer
- GitHub - google/fuzzing: Tutorials, examples, discussions, research proposals, and other resources related to fuzzing
-
ok so i am kinda new to fuzzin/security research and ive just done this
so I just wanted to start to fuzz a little bit and I used libfuzzer for that. and as you can tell in this tutorial https://github.com/google/fuzzing/blob/master/tutorial/libFuzzerTutorial.md it tells you that if you leave it running like that you will get a bounty. and so I did exactly this, I followed the exact instructions listed there(I fuzzed this woff thing they mentioned) and my fuzzer said "SUMMARY: AddressSanitizer: heap-buffer-overflow" can I report that? or is this woff thing just for testing?
- I found a bug in Intel Skylake processors
- SiliFuzz: Fuzzing CPUs by proxy
- SiliFuzz: Fuzzing CPUs by Proxy [pdf]
- SiliFuzz - a work-in-progress system that finds CPU defects by fuzzing software proxies, like CPU simulators or disassemblers, and then executing the accumulated test inputs on actual CPUs on a large scale.
-
An implementation of CBOR in C
For a project like this, fuzz testing is also crucial. The issue pointed out by gremolata would have been trivial to find with fuzzing.
-
Address Sanitizer for MSVC Now Generally Available | C++ Team Blog
Another is testing: Many C++ projects use sanitizers regularly together with fuzzing, https://github.com/google/fuzzing/blob/master/docs/why-fuzz.md, https://github.com/google/fuzzing/blob/master/docs/intro-to-fuzzing.md#sanitizers
-
Jazzer brings modern fuzz testing to the JVM
Maybe a bit biased opinion here, but you could start with this blog post, and see whether you go more into C/C++ fuzzing or web fuzzing from there:
https://blog.code-intelligence.com/the-magic-behind-feedback...
https://github.com/google/fuzzing
javan-warty-pig
Posts with mentions or reviews of javan-warty-pig.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-02-10.
-
Jazzer brings modern fuzz testing to the JVM
A little while back I wrote something similar[0]. Basically I applied AFL principles to the JVM by similarly implementing bytecode instrumentation in the lightest way I could and having "passes" of sorts that manipulated inputs using stages like AFL does. The readme explains the implementation details (I don't really maintain it or use it anymore).
0 - https://github.com/cretz/javan-warty-pig
What are some alternatives?
When comparing fuzzing and javan-warty-pig you can also consider the following projects:
CMake - Mirror of CMake upstream repository
JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
sandsifter - The x86 processor fuzzer
meson - The Meson Build System
cmake-init - The missing CMake project initializer
cbor - An implementation of CBOR in C
woff2