American Fuzzy Lop

american fuzzy lop - a security-oriented fuzzer (by google)

American Fuzzy Lop Alternatives

Similar projects and alternatives to American Fuzzy Lop

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better American Fuzzy Lop alternative or higher similarity.

Suggest an alternative to American Fuzzy Lop

Reviews and mentions

Posts with mentions or reviews of American Fuzzy Lop. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-04-08.
  • Resurse C/C++?
  • Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
    reddit.com/r/sysadmin | 2021-04-07
    The one thing that's not really fully encapsulated in a lot of these comment chains below is the role of custom written fuzzers for competitions like this. Frameworks like AFL, BooFuzz, etc. A properly written test file will allow for most of the hunting to happen automagically by tampering with function calls or inputs until something crashes. By configuring an environment appropriately, you can run millions of test cases, and get the crashes logged to parse through later. This allows the researchers/exploit writers to only focus on the exceptions/traces that seem the most fruitful. This is one methodology, it's not the case for everyone, but most codebases are too big to go through the ASM by hand these days.
  • AFL++ Fuzzing Framework
    news.ycombinator.com | 2021-03-12
    There's a good intro here: https://www.microsoft.com/en-us/research/blog/a-brief-introd... and afl++'s main documentation is here https://aflplus.plus/ which talks a bit about it.

    The goal is to find bugs in code by throwing random data at it, in as an intelligent fashion as possible. You can do that a few ways:

    * Give structured data to mutate a bit.

    * Just throw random data at it. You could do this with any binary that accepts data either via stdin or from a file.

    * Instrument the code, throw random data at it and see what paths of code get triggered and feed that back into the data generator. Drawback is you need to be able to compile all the code involved, so it gets fully instrumented.

    AFL/AFL++ sits in the third camp. You compile your code using it, and it then uses information it gets back to figure out ways to trigger code paths, by applying intelligent mutations. It's possible to, e.g. have code that parses a PNG image file, start AFL++ off with no initial data, and it will fairly quickly start producing valid PNG images.

    It's a very effective approach for finding bugs. On the AFL++ site there's a small trophy cabinet, and AFL has a larger one (older project) https://lcamtuf.coredump.cx/afl/.

  • `arbitrary` version 1.0 released!!
    reddit.com/r/rust | 2021-02-24
    Actually the default modes of AFL instruments too, using QEMU to observe program behavior and the blind mode are secondary.

Stats

Basic American Fuzzy Lop repo stats
4
2,281
1.0
4 months ago

google/AFL is an open source project licensed under Apache License 2.0 which is an OSI approved license.

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
Find remote jobs at our new job board 99remotejobs.com. There are 36 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.