Skip to content
Scalable fuzzing infrastructure.
Python HTML Go Shell Dockerfile CSS Other
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bot Add env variable to avoid system temp cleanup. (#1190) Nov 12, 2019
configs/test Replace App Engine memcache with Cloud Memorystore Redis. (#1194) Nov 19, 2019
docker Remove the coverage module until the Python 3 migration is complete. (#… Nov 26, 2019
docs Remove uneeded LD_LIBRARY_PATH for Android engine_test. (#1218) Nov 25, 2019
local [Reproduce tool] Add Android emulator support. (#1164) Nov 4, 2019
resources Use ADB instead of ADB_PATH, matches upstream asan_device_setup (#452) May 9, 2019
src Allow dialogs to scroll vertically on smaller screens. (#1239) Dec 3, 2019
.bowerrc Initial commit. Jan 30, 2019
.coveragerc Fix omit directories in .coveragerc. (#10) Jan 30, 2019
.gitignore [Reproduce tool] Add Android emulator support. (#1164) Nov 4, 2019
.pylintrc Initial commit. Jan 30, 2019
.style.yapf Initial commit. Jan 30, 2019
.travis.yml Travis support. (#215) Feb 19, 2019
CHANGELOG.md Update changelog for version 1.7.1. (#1238) Dec 2, 2019
CONTRIBUTING.md Update CONTRIBUTING.md Feb 7, 2019
LICENSE Fix license header year in non-python files. (#300) Mar 22, 2019
README.md [Docs] Copy edit Index, Architecture, Getting Started. (#954) Sep 5, 2019
bower.json Allow dialogs to scroll vertically on smaller screens. (#1239) Dec 3, 2019
butler.py Replace App Engine memcache with Cloud Memorystore Redis. (#1194) Nov 19, 2019
cloudbuild.yaml Increase build timeout to account for Go deployment Apr 1, 2019
reproduce.sh [Reproduce tool] Add Android emulator support. (#1164) Nov 4, 2019

README.md

ClusterFuzz

ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.

Google uses ClusterFuzz to fuzz the Chrome Browser and as the fuzzing backend for OSS-Fuzz.

ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:

  • Highly scalable. Google's internal instance runs on over 25,000 machines.
  • Accurate deduplication of crashes.
  • Fully automatic bug filing and closing for issue trackers (Monorail only for now).
  • Testcase minimization.
  • Regression finding through bisection.
  • Statistics for analyzing fuzzer performance, and crash rates.
  • Easy to use web interface for management and viewing crashes.
  • Firebase authentication.
  • Support for coverage guided fuzzing (e.g. libFuzzer and AFL) and blackbox fuzzing.

Overview

Documentation

You can find detailed documentation here.

Trophies

As of January 2019, ClusterFuzz has found ~16,000 bugs in Chrome and ~11,000 bugs in over 160 open source projects integrated with OSS-Fuzz.

Getting Help

You can file an issue to ask questions, request features, or ask for help.

Staying Up to Date

We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.

You can’t perform that action at this time.