Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free. Learn more →
American Fuzzy Lop Alternatives
Similar projects and alternatives to American Fuzzy Lop
http request/response parser for c
static analysis of C/C++ code
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
ZXing ("Zebra Crossing") barcode scanning library for Java, Android
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Library to build PHP extensions with C++
DI: C++14 Dependency Injection Library
A fork and successor of the Sulley Fuzzing Framework
Access the most powerful time series database as a service. Ingest, store, & analyze all types of time series data in a fully-managed, purpose-built database. Keep data forever with low-cost storage and superior data compression.
Neovim plugin for GitHub Copilot
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Documentation for GitHub Copilot
Portable C and C++ Development Kit for x64 (and x86) Windows
Distributed Stockfish analysis for lichess.org (by lichess-org)
A single header buddy memory allocator for C
The Better String Library
AddressSanitizer, ThreadSanitizer, MemorySanitizer
OSS-Fuzz - continuous fuzzing for open source software.
Nvim Treesitter configurations and abstraction layer
Distributed Peer-to-Peer Web Search Engine and Intranet Search Appliance
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
American Fuzzy Lop reviews and mentions
Hyperpom: An Apple Silicon Fuzzer for 64-bit ARM Binaries
2 projects | reddit.com/r/netsec | 19 Nov 2022
for general riscv I used to use this https://github.com/google/AFL I dont know if it supports x64 tho.
How to fuzz java code with jazzar?
7 projects | dev.to | 22 Jul 2022
Ex ( AFL, WinAFL, HonggFuzz, LibFuzzer, Jazzer )
One year ago I wrote a buddy memory allocator - project update
3 projects | reddit.com/r/C_Programming | 19 Jul 2022
I wrote this little fuzz test target in order to fuzz it with afl (under ASan and UBSan):
Beariish/little: A small, easily embedded language implemented in a single .c file
2 projects | reddit.com/r/C_Programming | 18 Jul 2022
afl, which is trivial to apply to this program:
TCL like interpreter suitable for embedded use
2 projects | reddit.com/r/Tcl | 14 Jul 2022
I made my own version of a TCL interpreter (well, a very TCL like langauge) derived from "picol" available at https://github.com/howerj/pickle. There are many different re-implementations and derivatives of this interpreter but they all seem very "crashy", this one has been significantly hardened by using a fuzzer on it which ran for months called American Fuzzy Lop https://lcamtuf.coredump.cx/afl/ . It is also more suitable for embedded use whilst still not having arbitrary restrictions like many other implementations.
What's in your tool belt?
6 projects | reddit.com/r/C_Programming | 7 Jul 2022
On Linux afl is a very powerful bug-finding tool, and it's a great companion when doing code review. Composes well with ASan and UBSan.
Frelatage: A fuzzing library to find vulnerabilities and bugs in Python applications
4 projects | reddit.com/r/Python | 17 Mar 2022
Frelatage is a coverage-based Python fuzzing library which can be used to fuzz python code. The development of Frelatage was inspired by various other fuzzers, including AFL/AFL++, Atheris and PyFuzzer.The main purpose of the project is to take advantage of the best features of these fuzzers and gather them together into a new tool in order to efficiently fuzz python applications.
A tiny C89/C90 zero-allocation JSON serializer
3 projects | reddit.com/r/C_Programming | 28 Jan 2022
How to use with afl:
Ask HN: What are some worthy non-cryto uses of excess home compute nowadays?
8 projects | news.ycombinator.com | 17 Jan 2022
Learning how to is half the fun!
There's a bunch of good tutorials out there on [dumb] fuzzing (presumably where you'll start). One starting point I'd recommend is taking a binary that accepts input from stdin and making some proof-of-concepts with AFL (https://lcamtuf.coredump.cx/afl/).
If you'd rather start from a code/library perspective (and not CLI), I'd recommend libfuzzer (https://github.com/Dor1s/libfuzzer-workshop/).
There's a lot of other fuzzers, techniques, and depth to the field, but I'd recommend inch worming through (speed up as you gain more comfort). The Fuzzing Book is good to help you understand the logic behind techniques and strategies (https://www.fuzzingbook.org/)
As for some management, there's a few decent "monitoring" systems out there; personally I just SSH in and check the fuzzer manually (I leave it running in a tmux pane), but if that's not your cup of tea I've heard good things about OneFuzz (https://github.com/microsoft/onefuzz) and LuckyCat (https://github.com/fkie-cad/LuckyCAT).
Happy to answer any specifics of the sort :)
SCL_String : My Attempt at a C String Library - Public Domain, Single Header File (WIP)
3 projects | reddit.com/r/C_Programming | 27 Dec 2021
afl is a very easy to use fuzzer, and pairs well with the above. It adds instrumentation to your program's branches, and then uses an algorithm to discover inputs that exercise many different paths through your program. If some of those paths leads in invalid or unexpected states, hopefully ASan or UBSan will catch them, alerting you about the problem and giving you a test input from which to debug. In your case I expect it will find particular sequences of allocate/free that lead to a bad state, though that's currently trivially easy to find anyway. The program I gave you, which simply reads from standard input and operates on it, is all you need to fuzz part of your library with afl.
A note from our sponsor - SonarQube
www.sonarqube.org | 22 Mar 2023
google/AFL is an open source project licensed under Apache License 2.0 which is an OSI approved license.
- American Fuzzy Lop VS HTTP Parser
- American Fuzzy Lop VS Cppcheck
- American Fuzzy Lop VS ZXing
- American Fuzzy Lop VS PHP CPP
- American Fuzzy Lop VS Experimental Boost.DI
- American Fuzzy Lop VS AFLplusplus
- American Fuzzy Lop VS boofuzz
- American Fuzzy Lop VS pdqsort
- American Fuzzy Lop VS Better String
- American Fuzzy Lop VS honggfuzz