Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more
Scalable fuzzing infrastructure.
Python HTML Go Shell Dockerfile ANTLR Other
Branch: master
Clone or download
oliverchang Fix OSS-Fuzz bots page. (#1406)
batch_size argument is no longer supported.
Latest commit ba5086c Feb 3, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bot Add feature to skip auto-closing of bugs once verified. (#1268) Dec 12, 2019
configs/test Reland "Replace App Engine NDB with google cloud NDB. (#1391) Jan 30, 2020
docker Reland "Replace App Engine NDB with google cloud NDB. (#1391) Jan 30, 2020
docs Remove uneeded LD_LIBRARY_PATH for Android engine_test. (#1218) Nov 25, 2019
local Reland "Replace App Engine NDB with google cloud NDB. (#1391) Jan 30, 2020
resources Add Radamsa in process mutation strategy (#1333) Jan 28, 2020
src Fix OSS-Fuzz bots page. (#1406) Feb 3, 2020
.bowerrc Initial commit. Jan 30, 2019
.coveragerc Fix omit directories in .coveragerc. (#10) Jan 30, 2019
.gitignore [Reproduce tool] Add Android emulator support. (#1164) Nov 4, 2019
.pylintrc Initial commit. Jan 30, 2019
.style.yapf Initial commit. Jan 30, 2019
.travis.yml Travis support. (#215) Feb 19, 2019
CHANGELOG.md Update CHANGELOG.md (#1322) Jan 10, 2020
CONTRIBUTING.md Update CONTRIBUTING.md Feb 7, 2019
LICENSE Fix license header year in non-python files. (#300) Mar 22, 2019
README.md [Docs] Copy edit Index, Architecture, Getting Started. (#954) Sep 5, 2019
bower.json Allow dialogs to scroll vertically on smaller screens. (#1239) Dec 3, 2019
butler.py Reland "Replace App Engine NDB with google cloud NDB. (#1391) Jan 30, 2020
cloudbuild.yaml Increase build timeout to account for Go deployment Apr 1, 2019
reproduce.sh [Reproduce tool] Add Android emulator support. (#1164) Nov 4, 2019

README.md

ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

Google uses ClusterFuzz to fuzz the Chrome Browser and as the fuzzing backend for OSS-Fuzz.

ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:

  • Highly scalable. Google's internal instance runs on over 25,000 machines.
  • Accurate deduplication of crashes.
  • Fully automatic bug filing and closing for issue trackers (Monorail only for now).
  • Testcase minimization.
  • Regression finding through bisection.
  • Statistics for analyzing fuzzer performance, and crash rates.
  • Easy to use web interface for management and viewing crashes.
  • Firebase authentication.
  • Support for coverage guided fuzzing (e.g. libFuzzer and AFL) and blackbox fuzzing.

Overview

Documentation

You can find detailed documentation here.

Trophies

As of January 2019, ClusterFuzz has found ~16,000 bugs in Chrome and ~11,000 bugs in over 160 open source projects integrated with OSS-Fuzz.

Getting Help

You can file an issue to ask questions, request features, or ask for help.

Staying Up to Date

We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.

You can’t perform that action at this time.