Track Awesome Fuzzing Updates Daily

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 cpuu/awesome-fuzzing · ⭐ 959 · 🏷️ Security

[ Daily / Weekly / Overview ]

Apr 06, 2026

Books

• Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU (2023)

Papers / The Network and Distributed System Security Symposium (NDSS)

• Automatic Library Fuzzing through API Relation Evolvement, 2025

• Blackbox Fuzzing of Distributed Systems with Multi-Dimensional Inputs and Symmetry-Based Feedback Pruning, 2025

• DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing, 2025

• FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2, 2025

• ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control Systems, 2025

• MALintent: Coverage Guided Intent Fuzzing Framework for Android, 2025

• Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States, 2025

• MSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing, 2025

• Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices, 2025

• TWINFUZZ: Differential Testing of Video Hardware Acceleration Stacks, 2025

• DeepGo: Predictive Directed Greybox Fuzzing, 2024

• EnclaveFuzz: Finding Vulnerabilities in SGX Applications, 2024

• Large Language Model guided Protocol Fuzzing, 2024

• MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency, 2024

• Predictive Context-sensitive Fuzzing, 2024

• ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing, 2024

• ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection, 2024

• DARWIN: Survival of the Fittest Fuzzing Mutators, 2023

• FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities, 2023

• LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols, 2023

• No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Description, 2023

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• CHIMERA: Fuzzing P4 Network Infrastructure for Multi-Plane Bug Detection and Vulnerability Discovery, 2025

• FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization, 2025

• Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models, 2025

• HouseFuzz: Service-Aware Grey-Box Fuzzing for Vulnerability Detection in Linux-Based Firmware, 2025

• Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation, 2025

• RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes, 2025

• Stateful Analysis and Fuzzing of Commercial Baseband Firmware, 2025

• AFGen: Whole-Function Fuzzing for Applications and Libraries, 2024

• Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay, 2024

• DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing, 2024

• Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference, 2024

• LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices, 2024

• LLMIF: Augmented Large Language Model for Fuzzing IoT Devices, 2024

• Predecessor-aware Directed Greybox Fuzzing, 2024

• SATURN: Host-Gadget Synergistic USB Driver Fuzzing, 2024

• SoK: Prudent Evaluation Practices for Fuzzing, 2024

• SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing, 2024

• SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices, 2024

• Titan: Efficient Multi-target Directed Greybox Fuzzing, 2024

• To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices, 2024

• Towards Smart Contract Fuzzing on GPU, 2024

• TEEzz: Fuzzing Trusted Applications on COTS Android Devices, 2023

• SEGFUZZ: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing, 2023

• RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing, 2023

• Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities, 2023

• UTOPIA: Automatic Generation of Fuzz Driver using Unit Tests, 2023

• SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration, 2023

• Finding Specification Blind Spots via Fuzz Testing, 2023

• ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing, 2023

• VIDEZZO: Dependency-aware Virtual Device Fuzzing, 2023

• DEVFUZZ: Automatic Device Model-Guided Device Driver Fuzzing, 2023

Papers / USENIX Security

• AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition, 2025

• ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains, 2025

• CoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networks, 2025

• Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection, 2025

• Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection, 2025

• From Alarms to Real Bugs: Multi-target Multi-step Directed Greybox Fuzzing for Static Analysis Result Verification, 2025

• Fuzzing the PHP Interpreter via Dataflow Fusion, 2025

• GenHuzz: An Efficient Generative Hardware Fuzzer, 2025

• Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz, 2025

• Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators, 2025

• MBFuzzer: A Multi-Party Protocol Fuzzer for MQTT Brokers, 2025

• PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs, 2025

• Robust, Efficient, and Widely Available Greybox Fuzzing for COTS Binaries with System Call Pattern Feedback, 2025

• Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation, 2025

• Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities, 2024

• Cascade: CPU Fuzzing via Intricate Program Generation, 2024

• Critical Code Guided Directed Greybox Fuzzing for Commits, 2024

• EL3XIR: Fuzzing COTS Secure Monitors, 2024

• Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing, 2024

• HYPERPILL: Fuzzing for Hypervisor-bugs by Leveraging the Hardware Virtualization Interface, 2024

• MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware, 2024

• ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing, 2024

• SDFuzz: Target States Driven Directed Fuzzing, 2024

• SHiFT: Semi-hosted Fuzz Testing for Embedded Applications, 2024

• Towards Generic Database Management System Fuzzing, 2024

• WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors, 2024

• AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering, 2023

• autofz: Automated Fuzzer Composition at Runtime, 2023

• Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation, 2023

• Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing, 2023

• Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations, 2023

• BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing, 2023

• CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing, 2023

• DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing, 2023

• DynSQL: Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation, 2023

• Forming Faster Firmware Fuzzers, 2023

• FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler, 2023

• Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge, 2023

• GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation, 2023

• Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance, 2023

• KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations, 2023

• MINER: A Hybrid Data-Driven Approach for REST API Fuzzing, 2023

• MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation, 2023

• MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries, 2023

• PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems, 2023

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• A Qualitative Analysis of Fuzzer Usability and Challenges, 2025

• ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory, 2025

• DiveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction, 2025

• Error Messages to Fuzzing: Detecting XPS Parsing Vulnerabilities in Windows Printing Components, 2025

• Fuzzing Processing Pipelines for Zero-Knowledge Circuits, 2025

• Intent-aware Fuzzing for Android Hardened Application, 2025

• PromeFuzz: A Knowledge-Driven Approach to Fuzzing Harness Generation with Large Language Models, 2025

• Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks, 2025

• RVISmith: Fuzzing Compilers for RVV Intrinsics, 2025

• SyzParam: Incorporating Runtime Parameters into Kernel Driver Fuzzing, 2025

• SyzSpec: Specification Generation for Linux Kernel Fuzzing via Under-Constrained Symbolic Execution, 2025

• Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing, 2024

• CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel, 2024

• CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon, 2024

• DarthShader: Fuzzing WebGPU Shader Translators & Compilers, 2024

• FOX: Coverage-guided Fuzzing as Online Stochastic Control, 2024

• Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing, 2024

• FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache, 2024

• Fuzzing JavaScript Engines with a Graph-based IR, 2024

• Leveraging Binary Coverage for Effective Generation Guidance in Kernel Fuzzing, 2024

• LIFTFUZZ: Validating Binary Lifters through Context-aware Fuzzing with GPT, 2024

• No Peer, no Cry: Network Application Fuzzing via Fault Injection, 2024

• On Understanding and Forecasting Fuzzers Performance with Static Analysis, 2024

• OSmart: Whitebox Program Option Fuzzing, 2024

• Program Environment Fuzzing, 2024

• Prompt Fuzzing for Fuzz Driver Generation, 2024

• ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model, 2024

• RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, 2024

• RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices, 2024

• Toss a Fault to BpfChecker: Revealing Implementation Flaws for eBPF runtimes with Differential Fuzzing, 2024

• DSFuzz: Detecting Deep State Bugs with Dependent State Exploration, 2023

• Fuzz on the Beach: Fuzzing Solana Smart Contracts, 2023

• Greybox Fuzzing of Distributed Systems, 2023

• Hopper: Interpretative Fuzzing for Libraries, 2023

• Lifting Network Protocol Implementation to Precise Format Specification with Security Applications, 2023

• NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic, 2023

• Profile-guided System Optimizations for Accelerated Greybox Fuzzing, 2023

• PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing, 2023

• SyzDirect: Directed Greybox Fuzzing for Linux Kernel, 2023

Tools / Kernel

• ACTOR (⭐39) (2023) - An action-guided kernel fuzzing framework that generates inputs leveraging triggered actions and their temporal relationships.

• NTFuzz (⭐110) (2021) - A type-aware Windows kernel fuzzer that statically analyzes system binaries to infer system call types for more effective fuzzing.

• KRACE (⭐32) (2020) - A coverage-guided fuzzing framework that detects data races in kernel file systems by exploring concurrency through multi-threaded syscall sequences.

• Razzer (⭐379) (2019) - A kernel fuzzer that uses static analysis and two-phase fuzzing to detect race conditions and concurrency bugs in Linux kernels.

• Hydra (⭐173) (2019) - A fuzzing framework for automatically discovering semantic bugs in file systems using input mutators, feedback engines, and customizable checkers.

• Janus (⭐234) (2019) - A file system fuzzer that finds memory corruptions in Linux kernel file systems by mutating both filesystem images and syscall sequences simultaneously.

• DIFUZE (⭐384) (2017) - An interface-aware fuzzer for Linux kernel drivers that automatically recovers ioctl interfaces via LLVM analysis and generates targeted test cases.

• IMF (⭐111) (2017) - A kernel API fuzzer that leverages automated API model inference to discover vulnerabilities in macOS kernel APIs.

• kAFL (⭐592) (2017) - A hardware-assisted x86-64 VM kernel fuzzing framework with performant VM reloads for finding OS kernel vulnerabilities.

• syzkaller (⭐6.1k) (2015) - An unsupervised coverage-guided kernel fuzzer supporting FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows.

• Trinity (⭐901) (2012) - A Linux system call fuzzer that generates semi-intelligent random arguments to syscalls, including valid file descriptors, flags, and range-biased values.

Nov 20, 2023

Tools / API

• IvySyn - A fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.

• MINER (⭐43) - A REST API fuzzer that utilizes three data-driven designs working together to guide sequence generation, improve request generation quality, and capture unique errors caused by incorrect parameter usage.

• RestTestGen (⭐62) - A robust tool and framework designed for automated black-box testing of RESTful web APIs.

• GraphFuzz (⭐10) - An experimental framework for building structure-aware, library API fuzzers.

• Minerva (⭐35) - A browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.

• FANS (⭐266) - A fuzzing tool for Android native system services with four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.

Tools / CPU

• DifuzzRTL (⭐101) - A differential fuzz testing approach for CPU verification.

• MorFuzz (⭐50) - A generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.

• SpecFuzz (⭐31) - A tool to enable fuzzing for Spectre vulnerabilities.

• Transynther (⭐19) - Automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.

Tools / Web

• TEFuzz (⭐18) - A tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.

• Witcher (⭐103) - A web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.

• CorbFuzz (⭐6) - A state-aware fuzzer for generating as many responses from a web application as possible without need of setting up a database.

Tools / Blockchain

• Fluffy (⭐62) - A multi-transaction differential fuzzer for finding consensus bugs in Ethereum.

• LOKI (⭐20) - A Blockchain consensus protocol fuzzing framework that detects consensus memory related and logic bugs.

Tools / DBMS

• Squirrel (⭐211) - A fuzzer for database management systems (DBMSs).

Nov 06, 2023

Tools / File

• AFL++ (⭐6.4k) - A superior fork to Google's AFL with more speed, more and better mutations, more and better instrumentation, and custom module support.

• Angora (⭐955) - A mutation-based coverage guided fuzzer that increases branch coverage by solving path constraints without symbolic execution.

Jan 05, 2023

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities, 2022

Dec 13, 2022

Papers / The Network and Distributed System Security Symposium (NDSS)

• Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators, 2022

• MobFuzz: Adaptive Multi-objective Optimization in Gray-box Fuzzing, 2022

• Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection, 2022

• EMS: History-Driven Mutation for Coverage-based Fuzzing, 2022

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• PATA: Fuzzing with Path Aware Taint Analysis, 2022

• Jigsaw: Efficient and Scalable Path Constraints Fuzzing, 2022

• FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 (⭐37)

• Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022

• BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning, 2022

Papers / USENIX Security

• StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022

• FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022

• SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022

• AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022

• Stateful Greybox Fuzzing, 2022

• BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022

• Fuzzing Hardware Like Software, 2022

• Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022

• FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022

• TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022

• MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022

• Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022

• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel, 2022

• Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022

• MC^2: Rigorous and Efficient Directed Greybox Fuzzing, 2022

• LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022

• JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022

• DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing, 2022

Papers / The others

• Fuzzle: Making a Puzzle for Fuzzers, 2022

Nov 02, 2022

Papers / The Network and Distributed System Security Symposium (NDSS)

• Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases, 2021

Jan 27, 2022

Papers / The others

• MTF-Storm:a high performance fuzzer for Modbus/TCP, 2018

• A Modbus/TCP Fuzzer for testing internetworked industrial systems, 2015

Jan 26, 2022

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021

• One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021

• NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021

• DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs, 2021

• DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021

Papers / USENIX Security

• Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021

• ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021

• Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, 2021

• Constraint-guided Directed Greybox Fuzzing, 2021

• Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021

• UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, 2021

• T-Reqs: HTTP Request Smuggling with Differential Fuzzing, 2021

• V-SHUTTLE: Scalable and Semantics-Aware Hypervisor Fuzzing, 2021

• Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing, 2021

• HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021

• Regression Greybox Fuzzing, 2021

• Hardware Support to Improve Fuzzing Performance and Precision, 2021

• SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, 2021

• FREEDOM: Engineering a State-of-the-Art DOM Fuzzer, 2020

Jan 25, 2022

Books

• Fuzzing-101 (⭐3.7k)

Talks

• Fuzzing Labs - Patrick Ventuzelo - YouTube.

Papers / The Network and Distributed System Security Symposium (NDSS)

• WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning, 2021

• Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, 2021

• PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles, 2021

Oct 12, 2020

Books

• The Fuzzing Book (2019)

Oct 07, 2020

Papers / USENIX Security

• FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020

• Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020

• EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020

• Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020

• FuzzGen: Automatic Fuzzer Generation, 2020

• ParmeSan: Sanitizer-guided Greybox Fuzzing, 2020

• SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2020

• FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020

• Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer, 2020

• GREYONE: Data Flow Sensitive Fuzzing, 2020

Jun 10, 2020

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• Fuzzing JavaScript Engines with Aspect-preserving Mutation, 2020

• IJON: Exploring Deep State Spaces via Fuzzing, 2020

• Krace: Data Race Fuzzing for Kernel File Systems, 2020

• Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020

• RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020

Mar 04, 2020

Papers / The Network and Distributed System Security Symposium (NDSS)

• HFL: Hybrid Fuzzing on the Linux Kernel, 2020

• HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing, 2020

• HYPER-CUBE: High-Dimensional Hypervisor Fuzzing, 2020

• Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization, 2020

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020

Jan 28, 2020

Papers / The Network and Distributed System Security Symposium (NDSS)

• DELTA: A Security Assessment Framework for Software-Defined Networks, 2017

• Automated Whitebox Fuzz Testing, 2008

Dec 18, 2019

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing, 2019

• Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019

• Matryoshka: fuzzing deeply nested branches, 2019

Jul 31, 2019

Talks

• Effective File Format Fuzzing - Black Hat Europe 2016.

• Adventures in Fuzzing - NYU Talk 2018.

• Fuzzing with AFL - NDC Conferences 2018.

Jul 10, 2019

Books

• The Art, Science, and Engineering of Fuzzing: A Survey (2019) - Actually, this document is a paper, but it contains more important and essential content than any other book.

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019

• Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019

• NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019

• Razzer: Finding Kernel Race Bugs through Fuzzing, 2019

• Angora: Efficient Fuzzing by Principled Search, 2018

• CollAFL: Path Sensitive Fuzzing, 2018

• T-Fuzz: fuzzing by program transformation, 2018

• Skyfire: Data-Driven Seed Generation for Fuzzing, 2017

• Program-Adaptive Mutational Fuzzing, 2015

• TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection, 2010

Papers / USENIX Security

• Fuzzification: Anti-Fuzzing Techniques, 2019

• AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• Evaluating Fuzz Testing, 2018

• Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018

• IMF: Inferred Model-based Fuzzer, 2017

• SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017

• AFL-based Fuzzing for Java with Kelinci, 2017

• Designing New Operating Primitives to Improve Fuzzing Performance, 2017

• Directed Greybox Fuzzing, 2017

• SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017

• DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017

• Systematic Fuzzing and Testing of TLS Libraries, 2016

• Coverage-based Greybox Fuzzing as Markov Chain, 2016

• eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016

• Scheduling Black-box Mutational Fuzzing, 2013

• Taming compiler fuzzers, 2013

• SAGE: whitebox fuzzing for security testing, 2012

• Taint-based directed whitebox fuzzing, 2009

• Grammar-based whitebox fuzzing, 2008

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• A Review of Machine Learning Applications in Fuzzing, 2019

• Evolutionary Fuzzing of Android OS Vendor System Services, 2019

Jun 12, 2019

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019

Feb 27, 2019

Papers / The Network and Distributed System Security Symposium (NDSS)

• CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines, 2019

• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019

• REDQUEEN: Fuzzing with Input-to-State Correspondence, 2019

• Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, 2019

• Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019

• INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018

• IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018

• What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, 2018

• Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018

• Vuzzer: Application-aware evolutionary fuzzing, 2017

• Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016

Papers / The others

• Feedback-directed random test generation, 2007

Jan 25, 2019

Papers / USENIX Security

• Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018

Oct 30, 2018

Papers / USENIX Security

• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018

• QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018

• OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017

• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

• Protocol State Fuzzing of TLS Implementations, 2015

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018

• TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing, 2018

• NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018

• EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018

• REST-ler: Automatic Intelligent REST API Fuzzing, 2018

• Deep Reinforcement Fuzzing, 2018

• Faster Fuzzing: Reinitialization with Deep Neural Models, 2017

• Learn&Fuzz: Machine Learning for Input Fuzzing, 2017

• Complementing Model Learning with Mutation-Based Fuzzing, 2016

Papers / The others

• Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016

Oct 26, 2018

Books

• Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)

• Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)

• Open Source Fuzzing Tools, 1st Edition (2007)

Papers / USENIX Security

• Optimizing Seed Selection for Fuzzing, 2014

• Dowsing for overflows: a guided fuzzer to find buffer boundary violations, 2013

• Fuzzing with Code Fragments, 2012

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• Coverage-Guided Fuzzing for Deep Neural Networks, 2018

• Not all bytes are equal: Neural byte sieve for fuzzing, 2017

Papers / The others

• Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012

• Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008