The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 8 Go Fuzzing Projects
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
bruter
Brutuer is an OSINT tooling, an experiment to build a reconnaissance simple app to have fun 🕵️♂️
Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17https://arxiv.org/abs/2402.09171 :
> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.
Coverage-guided unit test improvement might [with LLMs] be efficient too.
https://github.com/topics/coverage-guided-fuzzing :
- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller
- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...
- oss-fuzz, osv
Additional ways to improve tests:
Hypothesis and pynguin generate tests from type annotations.
There are various tools to generate type annotations for Python code;
> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198
icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:
I used this method successfully for my qjson package . It accepts as input a human readable json. It detected a condition I forgot to check in a few minutes. I used the go fuzzer go-fuzz from Dmitry Vyukov. Check the impressive list of trophies at the end of the README. These are bugs found by the fuzzer.
You can check the package here, in official GitHub repo. I recently found this amazing testing framework and now I can't imagine developing tests without it. Let's try to refactor our previous example with this package:
- https://github.com/CyberRoute/bruter
Go Fuzzing related posts
- https://github.com/CyberRoute/bruter
- Bruter v1.1.0-Beta
- Fuzz Testing Is the Best Thing to Happen to Our Application Tests
- Fuzzing in Go
- Is there a Linux user-space program that causes execution through every kernel function path and context?
- Those scary warnings of juice jacking in airports and hotels? They’re nonsense
- Hopper: Distributed Fuzzer
-
A note from our sponsor - WorkOS
workos.com | 26 Apr 2024
Index
What are some of the best open-source Fuzzing projects in Go? This list will help you:
Project | Stars | |
---|---|---|
1 | syzkaller | 5,124 |
2 | go-fuzz | 4,705 |
3 | rapid | 538 |
4 | firefly | 369 |
5 | cfuzz | 79 |
6 | shfz | 63 |
7 | cnfuzz | 36 |
8 | bruter | 34 |
Sponsored