Track Awesome Fuzzing Updates Daily

A curated list of awesome Fuzzing(or Fuzz Testing) for software security

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 cpuu/awesome-fuzzing · ⭐ 615 · 🏷️ Security

[ Daily / Weekly / Overview ]

Jan 05, 2023

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities, 2022

Dec 13, 2022

Papers / The Network and Distributed System Security Symposium (NDSS)

• Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators, 2022

• MobFuzz: Adaptive Multi-objective Optimization in Gray-box Fuzzing, 2022

• Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection, 2022

• EMS: History-Driven Mutation for Coverage-based Fuzzing, 2022

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• PATA: Fuzzing with Path Aware Taint Analysis, 2022

• Jigsaw: Efficient and Scalable Path Constraints Fuzzing, 2022

• FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 (⭐20)

• Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022

• BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning, 2022

Papers / USENIX Security

• StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022

• FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022

• SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022

• AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022

• Stateful Greybox Fuzzing, 2022

• BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022

• Fuzzing Hardware Like Software, 2022

• Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022

• FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022

• TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022

• MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022

• Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022

• SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel, 2022

• Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022

• MC^2: Rigorous and Efficient Directed Greybox Fuzzing, 2022

• LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022

• JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022

• DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing, 2022

Papers / The others

• Fuzzle: Making a Puzzle for Fuzzers, 2022

Nov 02, 2022

Papers / The Network and Distributed System Security Symposium (NDSS)

• Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases, 2021

Jun 19, 2022

Tools / Network protocol

• Scapy (⭐8.3k) - Packet manipulation program & library. Can fuzz any protocol. See the fuzz function.

Jan 30, 2022

Tools / Network protocol

• MTF (⭐19) - A Modbus/TCP Fuzzer for testing internetworked industrial systems

Jan 27, 2022

Papers / The others

• MTF-Storm:a high performance fuzzer for Modbus/TCP, 2018

• A Modbus/TCP Fuzzer for testing internetworked industrial systems, 2015

Tools / Network protocol

• MTF-Storm (⭐3) - A high performance fuzzer for Modbus/TCP.

Jan 26, 2022

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021

• One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021

• NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021

• DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs, 2021

• DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021

Papers / USENIX Security

• Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021

• ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021

• Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, 2021

• Constraint-guided Directed Greybox Fuzzing, 2021

• Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021

• UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, 2021

• T-Reqs: HTTP Request Smuggling with Differential Fuzzing, 2021

• V-SHUTTLE: Scalable and Semantics-Aware Hypervisor Fuzzing, 2021

• Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing, 2021

• HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021

• Regression Greybox Fuzzing, 2021

• Hardware Support to Improve Fuzzing Performance and Precision, 2021

• SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, 2021

• FREEDOM: Engineering a State-of-the-Art DOM Fuzzer, 2020

Jan 25, 2022

Books

• Fuzzing-101 (⭐1.7k)

Talks

• Fuzzing Labs - Patrick Ventuzelo, Youtube

Papers / The Network and Distributed System Security Symposium (NDSS)

• WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning, 2021

• Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, 2021

• PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles, 2021

Tools / Binary

• American Fuzzy Lop plus plus (AFL++) (⭐3.3k) - A superior fork to Google's AFL. more speed, more and better mutations, more and better instrumentation, custom module support, etc. paper

Dec 27, 2021

Tools / General-purpose

• FireCracker (⭐695) - BLST CLI tool takes your HTTP logs, uses them to map your API flows and find risks.

Feb 11, 2021

Tools / Binary

• Jazzer (⭐694) - A coverage-guided, in-process fuzzer for the Java Virtual Machine. It is based on libFuzzer and can be applied directly to compiled applications.

Platform / Driver

• CI Fuzz - A CI/CD-agnostic platform for feedback-based fuzz testing of both native applications and Java web apps.

Oct 12, 2020

Books

• The Fuzzing Book (2019)

Oct 07, 2020

Papers / USENIX Security

• FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020

• Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020

• EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020

• Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020

• FuzzGen: Automatic Fuzzer Generation, 2020

• ParmeSan: Sanitizer-guided Greybox Fuzzing, 2020

• SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2020

• FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020

• Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer, 2020

• GREYONE: Data Flow Sensitive Fuzzing, 2020

Tools / Network protocol

• dtls-fuzzer (⭐20) - A Java tool which performs protocol state fuzzing of DTLS servers.

Jun 10, 2020

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• Fuzzing JavaScript Engines with Aspect-preserving Mutation, 2020

• IJON: Exploring Deep State Spaces via Fuzzing, 2020

• Krace: Data Race Fuzzing for Kernel File Systems, 2020

• Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020

• RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020

Mar 04, 2020

Papers / The Network and Distributed System Security Symposium (NDSS)

• HFL: Hybrid Fuzzing on the Linux Kernel, 2020

• HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing, 2020

• HYPER-CUBE: High-Dimensional Hypervisor Fuzzing, 2020

• Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization, 2020

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020

Jan 28, 2020

Papers / The Network and Distributed System Security Symposium (NDSS)

• DELTA: A Security Assessment Framework for Software-Defined Networks, 2017

• Automated Whitebox Fuzz Testing, 2008

Tools / Network protocol

• DELTA (⭐71) - SDN Security evaluation framework.

Dec 18, 2019

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing, 2019

• Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019

• Matryoshka: fuzzing deeply nested branches, 2019

Aug 12, 2019

Tools / Web, JavaScript

• gremlins.js (⭐8.9k) - gremlins.js is a monkey testing library written in JavaScript.

Jul 31, 2019

Talks

• Effective File Format Fuzzing, Black Hat Europe 2016

• Adventures in Fuzzing, NYU Talk 2018

• Fuzzing with AFL, NDC Conferences 2018

Jul 10, 2019

Books

• The Art, Science, and Engineering of Fuzzing: A Survey (2019) - Actually, this document is a paper, but it contains more important and essential content than any other book.

Papers / IEEE Symposium on Security and Privacy (IEEE S&P)

• Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019

• Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019

• NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019

• Razzer: Finding Kernel Race Bugs through Fuzzing, 2019

• Angora: Efficient Fuzzing by Principled Search, 2018

• CollAFL: Path Sensitive Fuzzing, 2018

• T-Fuzz: fuzzing by program transformation, 2018

• Skyfire: Data-Driven Seed Generation for Fuzzing, 2017

• Program-Adaptive Mutational Fuzzing, 2015

• TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection, 2010

Papers / USENIX Security

• Fuzzification: Anti-Fuzzing Techniques, 2019

• AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019

Papers / ACM Conference on Computer and Communications Security (ACM CCS)

• Evaluating Fuzz Testing, 2018

• Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018

• IMF: Inferred Model-based Fuzzer, 2017

• SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017

• AFL-based Fuzzing for Java with Kelinci, 2017

• Designing New Operating Primitives to Improve Fuzzing Performance, 2017

• Directed Greybox Fuzzing, 2017

• SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017

• DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017

• Systematic Fuzzing and Testing of TLS Libraries, 2016

• Coverage-based Greybox Fuzzing as Markov Chain, 2016

• eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016

• Scheduling Black-box Mutational Fuzzing, 2013

• Taming compiler fuzzers, 2013

• SAGE: whitebox fuzzing for security testing, 2012

• Grammar-based whitebox fuzzing, 2008

• Taint-based directed whitebox fuzzing, 2009

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• A Review of Machine Learning Applications in Fuzzing, 2019

• Evolutionary Fuzzing of Android OS Vendor System Services, 2019

Tools / Web, JavaScript

• test-each (⭐99) - Repeat tests using different inputs.

Tools / Network protocol

• T-Fuzz (⭐244) - T-Fuzz leverages a coverage guided fuzzer to generate inputs.

Jun 12, 2019

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019

Tools / Network protocol

• SPIKE (⭐69) - A fuzzer development framework like sulley, a predecessor of sulley.

• PROTOS - Security testing of protocol implementations.

Mar 29, 2019

Tools / Binary

• Eclipser (⭐138) - A binary-based fuzz testing tool that improves upon classic coverage-based fuzzing by leveraging a novel technique called grey-box concolic testing.

Tools / Web, JavaScript

• fuzzilli (⭐1.5k) - A (coverage-)guided Javascript engine fuzzer, written by Samuel Groß.

• CodeAlchemist (⭐225) - JavaScript engine fuzzer, written by KAIST SoftSec Lab.

Feb 27, 2019

Papers / The Network and Distributed System Security Symposium (NDSS)

• CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines, 2019

• PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019

• REDQUEEN: Fuzzing with Input-to-State Correspondence, 2019

• Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, 2019

• Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019

• INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018

• IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018

• What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, 2018

• Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018

• Vuzzer: Application-aware evolutionary fuzzing, 2017

• Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016

Papers / The others

• Feedback-directed random test generation, 2007

Tools / Binary

• shellphish fuzzer (⭐614) - A Python interface to AFL, allowing for easy injection of testcases and other functionality.

Feb 22, 2019

Tools / Binary

• libFuzzer - A library for coverage-guided fuzz testing. Tutorial from Google. (⭐1.3k)

Tools / Web, JavaScript

• jsfunfuzz (⭐604) - JavaScript engine fuzzers.

• IFuzzer (⭐90) - An Evolutionary Interpreter Fuzzer Using Genetic Programming.

• domato (⭐1.5k) - DOM fuzzer from Google Project Zero. Blog Post.

Tools / Network protocol

• TLS-Attacker (⭐684) - A Java-based framework for analyzing TLS libraries.

Platform / Driver

• Peach Fuzzer Platform - An automated security testing platform that prevents zero day attacks by finding vulnerabilities in hardware and software systems.

• Blackhat USA 2018 AFL workshop training materials (⭐19) - From @wrauner at Samsung Research.

Feb 13, 2019

Tools / General-purpose

• radamsa - A general-purpose fuzzer.

• zzuf (⭐401) - A transparent application input fuzzer.

Tools / Binary

• American fuzzy lop - A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

• WinAFL (⭐2k) - A fork of AFL for fuzzing Windows binaries.

• Driller (⭐790) - An implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer.

Tools / Network protocol

• boofuzz (⭐1.7k) - Network Protocol Fuzzing for Humans. Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides.

• LL-Fuzzer (⭐126) - An automated NFC fuzzing framework for Android devices.

• tlsfuzzer (⭐441) - A SSL and TLS protocol test suite and fuzzer.

• TumbleRF (⭐145) - A framework that orchestrates the application of fuzzing techniques to RF systems.

• PULSAR (⭐324) - A method for stateful black-box fuzzing of proprietary network protocols.

Tools / Driver

• Charm (⭐17) - A system solution that facilitates dynamic analysis of device drivers of mobile systems.

Platform / Driver

• certfuzz (⭐252) - It contains the source code for the CMU CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).

Jan 25, 2019

Papers / USENIX Security

• Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018

Oct 30, 2018

Papers / USENIX Security

• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018

• QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018

• OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017

• kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017

• Protocol State Fuzzing of TLS Implementations, 2015

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018

• TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing, 2018

• NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018

• EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018

• REST-ler: Automatic Intelligent REST API Fuzzing, 2018

• Deep Reinforcement Fuzzing, 2018

• Faster Fuzzing: Reinitialization with Deep Neural Models, 2017

• Learn&Fuzz: Machine Learning for Input Fuzzing, 2017

• Complementing Model Learning with Mutation-Based Fuzzing, 2016

Papers / The others

• Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016

Oct 26, 2018

Books

• Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)

• Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)

• Open Source Fuzzing Tools, 1st Edition (2007)

Papers / USENIX Security

• Optimizing Seed Selection for Fuzzing, 2014

• Dowsing for overflows: a guided fuzzer to find buffer boundary violations, 2013

• Fuzzing with Code Fragments, 2012

Papers / ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)

• Coverage-Guided Fuzzing for Deep Neural Networks, 2018

• Not all bytes are equal: Neural byte sieve for fuzzing, 2017

Papers / The others

• Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012

• Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008