jazzer
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
radamsa
-
How to fuzz java code with jazzar?
Ex Radmasa
- Radamsa – test case generator for robustness testing
-
Anyone knows open source mutator support regex?
I used to use radamsa to make my own fuzzer, but it does not support regex to generate datas.
-
What Is Fuzz Testing?
At simplest and most straight forward level fuzz testing is pretty simple to get started with. Collect some input(API calls, files, etc.), pass it to fuzzer(for example radamsa[0]), throw it at program and observe...
Ofc, depending on system collecting input and sending it to system might be bit more complicated. Hardest part is often the observing and finding that an error happens.
Not that this gets you full coverage, for more complex things like protocols something custom that takes lot more effort is probably needed.
[0] https://gitlab.com/akihe/radamsa
- Radamsa: A general-purpose black-box fuzzer
jazzer
-
JQF Genetic Algorithm
Check out Jazzer, the code intelligence blog, and search for custom sanitizers for Java etc. https://github.com/CodeIntelligenceTesting/jazzer
-
Automated Fuzz Testing: The Power of Code Intelligence App
Input Generation: The tester uses a fuzzing tool such as CI Fuzz or Jazzer to generate random or unexpected inputs to the software application.
-
Java Fuzzing with Jazzer compared to Symflower
Fuzzing is a testing technique where random values are generated as inputs to find unexpected behavior such as crashes and security issues. Previously we looked at the new Golang release 1.18 which includes native fuzzing and our Core Technology blog series contained a post that compares symbolic execution to different other testing techniques, including fuzzing. Today, we will dive into the Java world and check out the most popular Java fuzzing solution: Jazzer.
-
jazzer.js alternatives - jazzer and cifuzz
3 projects | 12 Sep 2022
Coverage-guided fuzzer for Java
-
How to fuzz java code with jazzar?
$ git clone https://github.com/CodeIntelligenceTesting/jazzer $ cd jazzer $ ./bazelisk-linux-amd64 run //:jazzer Starting local Bazel server and connecting to it... INFO: Analyzed target //:jazzer (79 packages loaded, 1410 targets configured). INFO: Found 1 target... Target //:jazzer up-to-date: bazel-bin/jazzer INFO: Elapsed time: 43.920s, Critical Path: 7.21s INFO: 83 processes: 4 internal, 79 linux-sandbox. INFO: Build completed successfully, 83 total actions INFO: Build completed successfully, 83 total actions driver/jazzer_driver: error while loading shared libraries: libjvm.so: cannot open shared object file: No such file or directory
- How to Write Fuzz Targets with Jazzer
-
Fuzzing Java in OSS-Fuzz
One of the authors of Jazzer here. Feel free to ask any questions regarding Jazzer (https://github.com/CodeIntelligenceTesting/jazzer) or how to integrate Java/JVM projects into OSS-Fuzz.
- Jazzer: Coverage-Guided Fuzzing for JVM
- Jazzer is a coverage-guided, in-process fuzzer for the JVM platform (2021, github)
- Jazzer - a coverage-guided, in-process fuzzer for the JVM platform
What are some alternatives?
onefuzz - A self-hosted Fuzzing-As-A-Service platform
libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
beacon-fuzz - Differential Fuzzer for Ethereum 2.0
junit-quickcheck - Property-based testing, JUnit-style
winafl - A fork of AFL for fuzzing Windows binaries
PIT - State of the art mutation testing system for the JVM
doubleback - Doubleback provides round-trip parsing and printing of 64-bit double-precision floating-point numbers using the Ryu algorithm implemented in multiple programming languages. Doubleback is biased towards "human-friendly" output which round-trips consistently between binary and decimal.
jni-bind - JNI Bind is a set of advanced syntactic sugar for writing efficient correct JNI Code in C++17 (and up).
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
symflower - Symflower is a Java unit test generation tool for IntelliJ IDEA, Visual Studio Code, Android Studio, and CLI. Use it to write and maintain test code with ease. This repository is for providing community support.
nautilus - A grammar based feedback Fuzzer