Displaying 1 to 8 from 8 results

afl.rs - 🐇 Fuzzing Rust code with american-fuzzy-lop

  •    C

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. American fuzzy lop is a popular, effective, and modern fuzz testing tool. This library, afl.rs, allows one to run AFL on code written in the Rust programming language. Documentation can be found in the Rust Fuzz Book.

afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization

  •    Python

As of June, 6th 2018 this project moved to Gitlab that's why this repository is archived and thus read-only until it is entirely removed from Github. Repository removal is scheduled for September, 15th 2018. Please report issues and request your merges through the new project home. All further discussion - even for existing issues - will take place there.

checkers - Property-based testing for JavaScript via ClojureScript's test.check

  •    Javascript

Property-based testing for JavaScript via ClojureScript's test.check. test.check is a Clojure property-based testing tool inspired by QuickCheck. The core idea of test.check is that instead of enumerating expected input and output for unit tests, you write properties about your function that should hold true for all inputs. This lets you write concise, powerful tests.

js-fuzz - An AFL-inspired genetic fuzz tester for JavaScript

  •    TypeScript

js-fuzz is an American Fuzzy Lop-inspired fuzz tester for JavaScript code. It provides coverage-driven analysis and minimization while being fast and extraordinarily simple to use. In the above example, we asked to increase the priority of strings that can be parsed as plain JSON, since we want more of that sort of thing in order to test against JSON5. You can also return Promises from the fuzz function, or take a callback.

FuzzImageMagick - Sample files for fuzzing ImageMagick

  •    Python

Full setup for fuzzing ImageMagick. Currently (2016-02-07) covers over 30% of the codebase. ImageMagick creates temporary files while running. If ImageMagick crashes, the temporary files are not cleaned up. To prevent the fuzzing machine's hard disk from filling up, you can create a cron job to run rm /tmp/magick-* every hour. For more discussion about this issue, see this bug report.

tstl - Template Scripting Testing Language tool: automated test generation for Python

  •    Python

TSTL is a domain-specific language (DSL) and set of tools to support automated generation of tests for software. This implementation targets Python. You define (in Python) a set of components used to build up a test, and any properties you want to hold for the tested system, and TSTL generates tests for your system. TSTL supports test replay, test reduction, and code coverage analysis, and includes push-button support for some sophisticated test-generation methods. In other words, TSTL is a property-based testing tool. TSTL has been used to find and fix real faults in real code, including ESRI's ArcPy (http://desktop.arcgis.com/en/arcmap/latest/analyze/arcpy/what-is-arcpy-.htm), sortedcontainers (https://github.com/grantjenks/sorted_containers), gmpy2 (https://github.com/aleaxit/gmpy), sympy (http://www.sympy.org/en/index.html), pyfakefs (https://github.com/jmcgeheeiv/pyfakefs), Python itself (https://bugs.python.org/issue27870), the Solidity compiler (https://github.com/ethereum/solidity), a Solidity static analysis tool, and even OS X.

afl-patches - Patches to afl to fix bugs or add enhancements


All patches are for the current version afl-2.52b and can be applied in the extracted afl directory (patch -p0 < patch.diff).

afl-pin - run AFL with pintool

  •    C++

This is the fastest pintool afl-fuzzer out there currently. And it runs with pintool 3.6, so 4.x x64 kernels are fine. But ... pintool is super slow. So this is basically only if you have no other option. I am currently developing an alternative with DynamoRIO and is 10x faster - but still, afl qemu mode is 5-10x faster than that ... When you have no source code, normal afl-dyninst is crashing the binary, qemu mode -Q is not an option and dynamorio is not working either. Pin is even 90% slower than my dynamorio implementation ...