ClusterFuzz is a scalable fuzzing infrastructure that finds security and stability issues in software.
Google uses ClusterFuzz to fuzz all Google products and as the fuzzing backend for OSS-Fuzz.
ClusterFuzz provides many features which help seamlessly integrate fuzzing into a software project's development process:
- Highly scalable. Can run on any size cluster (e.g. OSS-Fuzz instance runs on 100,000 VMs).
- Accurate deduplication of crashes.
- Fully automatic bug filing, triage and closing for various issue trackers (e.g. Monorail, Jira).
- Supports multiple coverage guided fuzzing engines (libFuzzer, AFL, AFL++ and Honggfuzz) for optimal results (with ensemble fuzzing and fuzzing strategies).
- Support for blackbox fuzzing.
- Testcase minimization.
- Regression finding through bisection.
- Statistics for analyzing fuzzer performance, and crash rates.
- Easy to use web interface for management and viewing crashes.
- Support for various authentication providers using Firebase.
You can find detailed documentation here.
You can file an issue to ask questions, request features, or ask for help.
Staying Up to Date
We will use clusterfuzz-announce(#)googlegroups.com to make announcements about ClusterFuzz.