Security oriented fuzzer with powerful analysis options. Supports evolutionary, feedback-driven fuzzing based on code coverage (sw and hw)
C Makefile
Permalink
Failed to load latest commit information.
android [ANDROID] Fix POST_BUILD variable scope bug Dec 29, 2016
docs examples: move badcode to a separate dir Feb 11, 2017
examples examples/openssl: npn_callback and SSL_CTX_set_short_header_enabled i… Feb 27, 2017
libhfuzz libhfuzz: check for whether guard value is 0 Feb 15, 2017
linux linux: WNOHANG is technically specified for waitpid only Feb 28, 2017
mac Update important signals when initializing arch backend Dec 29, 2016
posix posix: get rid of timers Feb 28, 2017
third_party [Android] Don't fail on scripts unhandled error Oct 28, 2016
tools Grammar & typos May 6, 2016
.gitignore examples: move badcode to a separate dir Feb 11, 2017
.gitmodules [Android] libunwind default to master Oct 17, 2016
CHANGELOG Info about trace-pc-guard in docs/comments Oct 3, 2016
CONTRIBUTING Added CONTRIBUTING Aug 20, 2015
COPYING Init Oct 14, 2010
Makefile diusplay: experimental no-scroll for logs Feb 9, 2017
README.md Readme: 0.8 -> 0.9 Feb 16, 2017
arch.h Split reapChild into preapre/reap Aug 17, 2016
cmdline.c fuzz: more light-weight method of changing fuzzing states Feb 24, 2017
cmdline.h Comments in .h Oct 18, 2016
common.h fuzz: keep local state copy in the fuzzer struct Feb 24, 2017
display.c display: Dry Run -> Dynamic Dry Run Feb 24, 2017
display.h display: With non -v put the cursor at the bottom of the screen Feb 10, 2017
files.c files: include <linux/memfd.h> if needed (correction) Feb 25, 2017
files.h fuzz: more light-weight method of changing fuzzing states Feb 24, 2017
fuzz.c fuzz: all threads must indicate willingness to switch to _HF_STATE_DY… Feb 25, 2017
fuzz.h Use pthread_join Feb 19, 2017
honggfuzz.c More thread termination clean-ups Feb 19, 2017
log.c display: With non -v put the cursor at the bottom of the screen Feb 10, 2017
log.h display: don't display menu if the output is non-tty Feb 2, 2017
mangle.c Mangle: minimum upper number of mutations Feb 4, 2017
mangle.h mangle: change buffer resizing approach Jan 26, 2017
report.c Remove --linux_perf_custom and supporting code Nov 1, 2016
report.h Improve *.h guard macros Feb 9, 2016
sancov.c Comments updates Dec 28, 2016
sancov.h Refactor sanitizers env preparation & crashes monitor Dec 27, 2016
sanitizers.c sanitizers: disable symbolizer for regular *san Feb 12, 2017
sanitizers.h [SAN] Fix broken exitcode policy Dec 28, 2016
subproc.c Use sigtimedwait instead of wait, to avoid losing persistent round do… Feb 28, 2017
subproc.h kill the subprocess upon termination of threads Feb 25, 2017
util.c files: skip empty input files Feb 24, 2017
util.h Implement reversed CRC64 Feb 22, 2017

README.md

honggfuzz

Description

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details

  • Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
  • It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
  • Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
  • Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

Requirements

  • Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
  • FreeBSD - gmake, clang-3.6 or newer
  • Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
  • Windows - CygWin
  • Darwin/OS X - Xcode 10.8+
  • if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Examples

The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.

Other

This is NOT an official Google product.