American fuzzy lop is a security-oriented fuzzer
American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road.
Compared to other instrumented fuzzers, afl-fuzz is designed to be practical: it has modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases - say, common image parsing or file compression libraries.
- Developed at devel:tools
- Sources inherited from project openSUSE:Factory
-
1
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:42:Factory-Candidates-Check/afl && cd $_ - Create Badge
Source Files
| Filename | Size | Changed |
|---|---|---|
| 3.13c.tar.gz | 0002128787 2.03 MB | |
| afl-3.0c-fix-paths.patch | 0000000972 972 Bytes | |
| afl-rpmlintrc | 0000000725 725 Bytes | |
| afl.changes | 0000088761 86.7 KB | |
| afl.spec | 0000003599 3.51 KB |
Revision 62 (latest revision is 82)
Dominique Leuenberger (dimstar_suse)
accepted
request 896671
from
Marcus Meissner (msmeissn)
(revision 62)
- updated to 3.13c
- Note: plot_data switched to relative time from unix time in 3.10
- frida_mode - new mode that uses frida to fuzz binary-only targets,
it currently supports persistent mode and cmplog.
thanks to @WorksButNotTested!
- create a fuzzing dictionary with the help of CodeQL thanks to
@microsvuln! see utils/autodict_ql
- afl-fuzz:
- added patch by @realmadsci to support @@ as part of command line
options, e.g. `afl-fuzz ... -- ./target --infile=@@`
- add recording of previous fuzz attempts for persistent mode
to allow replay of non-reproducable crashes, see
AFL_PERSISTENT_RECORD in config.h and docs/envs.h
- fixed a bug when trimming for stdin targets
- cmplog -l: default cmplog level is now 2, better efficiency.
level 3 now performs redqueen on everything. use with care.
- better fuzzing strategy yield display for enabled options
- ensure one fuzzer sync per cycle
- fix afl_custom_queue_new_entry original file name when syncing
from fuzzers
- fixed a crash when more than one custom mutator was used together
with afl_custom_post_process
- on a crashing seed potentially the wrong input was disabled
- added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
-i dir crashes the target or results in a timeout. By default
afl++ ignores these and uses them for splicing instead.
- added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing
after no new paths have been found for n seconds
- when AFL_FAST_CAL is set a variable path will now be calibrated
8 times instead of originally 40. Long calibration is now 20. (forwarded request 896670 from msmeissn)
Comments 0