Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 21 fuzz-testing Open-Source Projects
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
AFLplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
wtf
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!). (by 0vercl0k)
-
lottery-fuzz-foundry
💰 Contrato de loteria, aonde você compra um ticket e participa do sorteio, testes em fuzz com o Foundry.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17https://arxiv.org/abs/2402.09171 :
> This paper describes Meta's TestGen-LLM tool, which uses LLMs to automatically improve existing human-written tests. TestGen-LLM verifies that its generated test classes successfully clear a set of filters that assure measurable improvement over the original test suite, thereby eliminating problems due to LLM hallucination. [...] We believe this is the first report on industrial scale deployment of LLM-generated code backed by such assurances of code improvement.
Coverage-guided unit test improvement might [with LLMs] be efficient too.
https://github.com/topics/coverage-guided-fuzzing :
- e.g. Google/syzkaller is a coverage-guided syscall fuzzer: https://github.com/google/syzkaller
- Gitlab CI supports coverage-guided fuzzing: https://docs.gitlab.com/ee/user/application_security/coverag...
- oss-fuzz, osv
Additional ways to improve tests:
Hypothesis and pynguin generate tests from type annotations.
There are various tools to generate type annotations for Python code;
> pytype (Google) [1], PyAnnotate (Dropbox) [2], and MonkeyType (Instagram) [3] all do dynamic / runtime PEP-484 type annotation type inference [4] to generate type annotations. https://news.ycombinator.com/item?id=39139198
icontract-hypothesis generates tests from icontract DbC Design by Contract type, value, and invariance constraints specified as precondition and postcondition @decorators:
Project mention: Decoding C/C++ Compilation Process: From Source Code to Binary | /r/cpp | 2023-06-08It could be cool to see some explanation of CFG representations or GIMPLE/LLVM here. GCC/Clang can print those out as text, or just compile to that code and not go lower if you ask them to. There are some interesting things you can do with bytecode, like Rellic, AFL++, or optview2. It seems a bit reductive imo to go straight from high-level code to disassembly without at all examining any layers in between. Especially if we use something like Polygeist or CIR.
Project mention: Gaining kernel code execution on an MTE-enabled Pixel 8 | news.ycombinator.com | 2024-03-18This work comes from GitHub's Security Lab https://securitylab.github.com/
Project mention: Automated Unit Test Improvement Using Large Language Models at Meta | news.ycombinator.com | 2024-02-17https://google.github.io/oss-fuzz/research/llms/target_gener... https://security.googleblog.com/2023/08/ai-powered-fuzzing-b... https://hn.algolia.com/?q=AI-Powered+Fuzzing%3A+Breaking+the...
OSSF//fuzz-introspector//doc/Features.md: https://github.com/ossf/fuzz-introspector/blob/main/doc/Feat...
https://scholar.google.com/scholar?hl=en&as_sdt=0%2C43&q=Fuz... :
- "Large Language Models Based Fuzzing Techniques: A Survey" (2024) https://arxiv.org/abs/2402.00350 :
fuzz-testing related posts
- Xz: Disable ifunc to fix Issue 60259
- Automated Unit Test Improvement Using Large Language Models at Meta
- Fuzz Testing Is the Best Thing to Happen to Our Application Tests
- Fixed Spelling Errors or Typos
- Is there a Linux user-space program that causes execution through every kernel function path and context?
- Those scary warnings of juice jacking in airports and hotels? They’re nonsense
- ELI5: How can downloading a pdf or word file give you a virus?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 27 Apr 2024
Index
What are some of the best open-source fuzz-testing projects? This list will help you:
Project | Stars | |
---|---|---|
1 | oss-fuzz | 9,907 |
2 | gremlins.js | 8,990 |
3 | syzkaller | 5,124 |
4 | AFLplusplus | 4,637 |
5 | Fuzzing101 | 2,269 |
6 | FuzzingPaper | 2,246 |
7 | afl.rs | 1,568 |
8 | cargo-fuzz | 1,443 |
9 | wtf | 1,349 |
10 | sqlsmith | 699 |
11 | clusterfuzzlite | 436 |
12 | trophy-case | 392 |
13 | fuzzuf | 352 |
14 | sharpfuzz | 351 |
15 | fuzz-introspector | 346 |
16 | frelatage | 225 |
17 | libfuzzer | 195 |
18 | bolero | 167 |
19 | test-each | 109 |
20 | go-fuzz-action | 11 |
21 | lottery-fuzz-foundry | 3 |
Sponsored