oss-fuzz
AFLplusplus
Our great sponsors
oss-fuzz | AFLplusplus | |
---|---|---|
31 | 16 | |
9,879 | 4,620 | |
4.1% | 3.0% | |
9.9 | 9.6 | |
7 days ago | 6 days ago | |
Shell | C | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
oss-fuzz
- Xz: Disable ifunc to fix Issue 60259
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
> because the ifunc code was breaking with all sorts of build options and obviously caused many problems with various sanitizers
for example, https://github.com/google/oss-fuzz/pull/10667
-
Ask HN: Any Good Fuzzer for gRPC?
Have you tried Googles grpc fuzzer?
https://github.com/google/oss-fuzz/blob/master/projects/grpc...
-
Pacemaker should be running open source software
https://www.fda.gov/medical-devices/digital-health-center-ex...
oss-fuzz: https://github.com/google/oss-fuzz :
> We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.
> Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
-
Fuzz Testing Is the Best Thing to Happen to Our Application Tests
I love fuzzing as a technique and use it quite regularly, but running AFL++ on even a single program occupies all threads of a high end AMD server for weeks. I'm running it locally so only paying for the electricity. If it was a cloud instance it would cost a small fortune. I think this is a reason it is not used more widely.
I will note that Google have a programme for doing fuzz testing on open source projects using computer from their cloud: https://google.github.io/oss-fuzz/
- Fixed Spelling Errors or Typos
- ELI5: How can downloading a pdf or word file give you a virus?
- OSS-Fuzz β continuous fuzzing for open source software
-
Mosh: An Interactive Remote Shell for Mobile Clients (2012) [pdf]
Yes, mosh has fuzz tests in oss-fuzz [1].
[1] https://github.com/google/oss-fuzz/tree/master/projects/mosh
-
Java Fuzzing with Jazzer compared to Symflower
We will explore how Jazzer is used to automatically generate malicious inputs for Java programs, and how it compares to Symflower, which can automatically generate unit tests to uncover bugs and errors in your code. With the help of Jazzer, many bugs - some of them even in the OpenJDK - were found already. Also, as of March 2021, Jazzer is officially part of OSS-Fuzz, Google's cloud fuzzing engine. It should be noted that Jazzer is a pure "bug detection" utility that finds reproducers for errors in user code. Symflower can do the same, but provides additional functionalities to boost developer productivity, like generating high coverage unit tests and providing test templates for the software developer or tester.
AFLplusplus
-
Decoding C/C++ Compilation Process: From Source Code to Binary
It could be cool to see some explanation of CFG representations or GIMPLE/LLVM here. GCC/Clang can print those out as text, or just compile to that code and not go lower if you ask them to. There are some interesting things you can do with bytecode, like Rellic, AFL++, or optview2. It seems a bit reductive imo to go straight from high-level code to disassembly without at all examining any layers in between. Especially if we use something like Polygeist or CIR.
-
Why is my fuzzer running so slow?
Honestly, I wouldn't bother writing your own fuzzer, and just use one of the existing solutions, like afl++. Contrary to popular belief, good fuzzers do not just generate random bytes; the way they generate data depends on a genetic algorithm based on the code paths taken by the program. AFL++ can also fuzz regular binaries that weren't instrumented, but according to the documentation it is much less effective.
-
Olive programming language
Be outside the loop? At least that's how they do it in their example https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/README.persistent_mode.md
-
How do you test compiler projects?
I use fuzzers, as every programmer should, and do not commit unless my compiler can be fuzzed for at least 24 hours without any crashes (if I were selling the software, I'd increase that period). I use AFL++ in LTO mode and comby-decomposer with a crappy script I made to collect crash test cases. I am also interested in afl-compiler-fuzzer, but have not yet tried it. Later, I'd like to try my hand at making a test generator that reaches codegen more often (no compile errors in the random source code). I use afl-tmin to minimize test cases, but the result is always illegible without manual work, and usually has extra junk the minimizer is incapable of deleting. Something like C-Reduce would be useful here.
-
November 2022 monthly "What are you working on?" thread
1: https://github.com/ArkScript-lang/Ark 2: https://github.com/AFLplusplus/AFLplusplus
-
AFLplusplus VS jazzer.js - a user suggested alternative
2 projects | 12 Sep 2022
- New Mode for AFL++
-
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications.
-
Fuzzing: Automated Bug Hunting in Software
I personally have not gone over any books over the topic so I cannot recommend books. However, there is a popular fuzzer known as AFL++ that specifies its technical workings and has a tutorial on its usage in the documentation. You can find it here. I found using the tool helped me gain a good understanding of the topic.
-
60x speed-up of Linux βperfβ
With AFL++ you can even determine exactly where the fork happens:
https://github.com/AFLplusplus/AFLplusplus/blob/stable/instr...
What are some alternatives?
fuzzilli - A JavaScript Engine Fuzzer
honggfuzz - Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
ffmpeg-libav-tutorial - FFmpeg libav tutorial - learn how media works from basic to transmuxing, transcoding and more. Translations: πΊπΈ π¨π³ π°π· πͺπΈ π»π³ π§π·
LibAFL - Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
libfuzzer - Thin interface for libFuzzer, an in-process, coverage-guided, evolutionary fuzzing engine.
syzkaller - syzkaller is an unsupervised coverage-guided kernel fuzzer
FFmpeg - Mirror of https://git.ffmpeg.org/ffmpeg.git
American Fuzzy Lop - american fuzzy lop - a security-oriented fuzzer
uafuzz - UAFuzz: Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities
sharpfuzz - AFL-based fuzz testing for .NET
ffmpeg-tutorial - A set of tutorials that demonstrates how to write a video player based on FFmpeg
panda - Platform for Architecture-Neutral Dynamic Analysis