Skip to content
/ libfuzzer-js Public

libFuzzer-based JavaScript fuzzing using Bellard's QuickJS.

License

MIT license
73 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

guidovranken/libfuzzer-js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
quickjs
quickjs
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
harness.cpp
harness.cpp
 
 
js.cpp
js.cpp
 
 
js.h
js.h
 
 
to_bytecode.cpp
to_bytecode.cpp
 
 

Repository files navigation

libfuzzer-js

libFuzzer-based JavaScript fuzzing using Bellard's QuickJS.

Building

You need a recent version of libFuzzer for optimal coverage capturing.

Run this from any path:

svn co https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer Fuzzer
cd Fuzzer
./build.sh
export LIBFUZZER_A_PATH=$(realpath libFuzzer.a)

In this project's root directory, type:

make

Writing fuzzers

Input is supplied through the FuzzerInput variable, which is a Uint8Array.

API

An API suited for embedding in a larger application (e.g. a differential fuzzer) is defined in JS.cpp/h.

Running

./jsfuzzer --js=<javascript file>

Module support

There is currently no support for modules. To use multiple JavaScript files, concatenate all the files you need for now.

E.g.:

cat foo.js bar.js >file.js
./jsfuzzer --js=file.js

Notes

This is a work in progress. Capabilities and internal structure may change without prior notice.

About

libFuzzer-based JavaScript fuzzing using Bellard's QuickJS.

Resources

Readme

License

MIT license
Activity

Stars

73 stars

Watchers

7 watching

Forks

10 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages