fuzzing is the action of running a Program Under Test (PUT) with “fuzz inputs”. -Prof. Barton P Miller
A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.
Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!
- Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)
- Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)
- Open Source Fuzzing Tools, 1st Edition (2007)
To achieve a well-defined scope, I have chosen to include all publications on fuzzing in the last proceedings of 4 major security conferences and others from Jan 2008 to Feb 2019.
The Network and Distributed System Security Symposium (NDSS)
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019
- REDQUEEN: Fuzzing with Input-to-State Correspondence, 2019
- Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, 2019
- [Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019]
- INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018
- What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, 2018
- Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018
- Vuzzer: Application-aware evolutionary fuzzing, 2017
- DELTA: A Security Assessment Framework for Software-Defined Networks, 2017
- Driller: Augmenting Fuzzing Through Selective Symbolic Execution, 2016
- Automated Whitebox Fuzz Testing, 2008
ACM Conference on Computer and Communications Security (ACM CCS)
- Evaluating Fuzz Testing, 2018
- Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 2018
- IMF: Inferred Model-based Fuzzer, 2017
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017
- AFL-based Fuzzing for Java with Kelinci, 2017
- Designing New Operating Primitives to Improve Fuzzing Performance, 2017
- Directed Greybox Fuzzing, 2017
- SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017, github
- Systematic Fuzzing and Testing of TLS Libraries, 2016
- Coverage-based Greybox Fuzzing as Markov Chain, 2016
- eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016
- Scheduling Black-box Mutational Fuzzing, 2013
- Taming compiler fuzzers, 2013
- SAGE: whitebox fuzzing for security testing, 2012
- Grammar-based whitebox fuzzing, 2008
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018
- QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018
- OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017
- Protocol State Fuzzing of TLS Implementations, 2015
- Optimizing Seed Selection for Fuzzing, 2014
- Dowsing for overflows: a guided fuzzer to find buffer boundary violations, 2013
- Fuzzing with Code Fragments, 2012
IEEE Symposium on Security and Privacy (IEEE S&P)
- Angora: Efficient Fuzzing by Principled Search, 2018
- CollAFL: Path Sensitive Fuzzing, 2018
- T-Fuzz: fuzzing by program transformation, 2018
- Skyfire: Data-Driven Seed Generation for Fuzzing, 2017
- Program-Adaptive Mutational Fuzzing, 2015
- TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection, 2010
- Taint-based directed whitebox fuzzing, 2009
ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
- Coverage-Guided Fuzzing for Deep Neural Networks, 2018
- DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018
- TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing, 2018
- NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018
- EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018
- REST-ler: Automatic Intelligent REST API Fuzzing, 2018
- Deep Reinforcement Fuzzing, 2018
- Not all bytes are equal: Neural byte sieve for fuzzing, 2017
- Faster Fuzzing: Reinitialization with Deep Neural Models, 2017
- Learn&Fuzz: Machine Learning for Input Fuzzing, 2017
- Complementing Model Learning with Mutation-Based Fuzzing, 2016
- Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016
- Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012
- Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008
- Randoop : Feedback-directed random test generation, 2007
Information about the various open source tools you can use to leverage fuzz testing.
- American fuzzy lop - A security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
- WinAFL - A fork of AFL for fuzzing Windows binaries.
- libFuzzer - A library for coverage-guided fuzz testing. Tutorial from Google
- Driller - An implementation of the driller paper. This implementation was built on top of AFL with angr being used as a symbolic tracer.
- shellphish fuzzer - A python interface to AFL, allowing for easy injection of testcases and other functionality.
- IFuzzer - An Evolutionary Interpreter Fuzzer Using Genetic Programming
- domato - DOM fuzzer from Google Project Zero. Blog Post
- TLS-Attacker - a Java-based framework for analyzing TLS libraries.
- DELTA - SDN Security evaluation framework.
- boofuzz - Network Protocol Fuzzing for Humans. Documentation is available at http://boofuzz.readthedocs.io/, including nifty quickstart guides.
- LL-Fuzzer - An automated NFC fuzzing framework for Android devices.
- tlsfuzzer - A SSL and TLS protocol test suite and fuzzer.
- TumbleRF - A framework that orchestrates the application of fuzzing techniques to RF systems.
- PULSAR - A method for stateful black-box fuzzing of proprietary network protocols.
- Charm - A system solution that facilitates dynamic analysis of device drivers of mobile systems.
- certfuzz - It contains the source code for the CMU CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
- Peach Fuzzer Platform - An automated security testing platform that prevents zero-day attacks by finding vulnerabilities in hardware and software systems.
- Blackhat USA 2018 AFL workshop training materials by @wrauner
Contributions welcome! Read the contribution guidelines first.
To the extent possible under law, cpuu has waived all copyright and related or neighboring rights to this work.