Data

Tools

Indexes

Applications

Experiments

Open Source Science

aflplusplus

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

https://github.com/aflplusplus/aflplusplus

Science Score: 36.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
    17 of 321 committers (5.3%) from academic institutions
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (17.9%) to scientific vocabulary

Keywords

afl afl-compiler afl-fuzz afl-fuzzer afl-gcc fuzz-testing fuzzer fuzzer-afl fuzzing instrumentation qemu security testing unicorn-emulator unicorn-mode

Keywords from Contributors

oss-fuzz stability vulnerabilities system systemd services init bruteforce distributed transformer
Last synced: 6 months ago · JSON representation

Repository

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Basic Info
  • Host: GitHub
  • Owner: AFLplusplus
  • License: apache-2.0
  • Language: C
  • Default Branch: stable
  • Homepage: https://aflplus.plus
  • Size: 32 MB
Statistics
  • Stars: 5,945
  • Watchers: 94
  • Forks: 1,162
  • Open Issues: 39
  • Releases: 38
Topics
afl afl-compiler afl-fuzz afl-fuzzer afl-gcc fuzz-testing fuzzer fuzzer-afl fuzzing instrumentation qemu security testing unicorn-emulator unicorn-mode
Created over 6 years ago · Last pushed 6 months ago
Metadata Files
Readme Changelog Contributing Funding License Citation

README.md

American Fuzzy Lop plus plus (AFL++)

AFL++ logo

Release version: 4.33c

GitHub version: 4.34a

Repository: https://github.com/AFLplusplus/AFLplusplus

AFL++ is maintained by:

Originally developed by Michal "lcamtuf" Zalewski.

AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.

You are free to copy, modify, and distribute AFL++ with attribution under the terms of the Apache-2.0 License. See the LICENSE for details.

Getting started

Here is some information to get you started:

  • For an overview of the AFL++ documentation and a very helpful graphical guide, please visit docs/README.md.
  • To get you started with tutorials, go to docs/tutorials.md.
  • For releases, see the Releases tab and branches. The best branches to use are, however, stable or dev - depending on your risk appetite. Also take a look at the list of important changes in AFL++ and the list of features.
  • If you want to use AFL++ for your academic work, check the papers page on the website.
  • To cite our work, look at the Cite section.
  • For comparisons, use the fuzzbench aflplusplus setup, or use afl-clang-fast with AFL_LLVM_CMPLOG=1. You can find the aflplusplus default configuration on Google's fuzzbench.

Building and installing AFL++

To have AFL++ easily available with everything compiled, pull the image directly from the Docker Hub (available for both x86_64 and arm64):

shell docker pull aflplusplus/aflplusplus docker run -ti -v /location/of/your/target:/src aflplusplus/aflplusplus

This image is automatically published when a push to the stable branch happens (see branches). If you use the command above, you will find your target source code in /src in the container.

Note: you can also pull aflplusplus/aflplusplus:dev which is the most current development state of AFL++.

To build AFL++ yourself - which we recommend - continue at docs/INSTALL.md.

Quick start: Fuzzing with AFL++

NOTE: Before you start, please read about the common sense risks of fuzzing.

This is a quick start for fuzzing targets with the source code available. To read about the process in detail, see docs/fuzzingindepth.md.

To learn about fuzzing other targets, see: * Binary-only targets: docs/fuzzingbinary-onlytargets.md * Network services: docs/best_practices.md#fuzzing-a-network-service * GUI programs: docs/best_practices.md#fuzzing-a-gui-program

Step-by-step quick start:

  1. Compile the program or library to be fuzzed using afl-cc. A common way to do this would be:

CC=/path/to/afl-cc CXX=/path/to/afl-c++ ./configure --disable-shared make clean all

  1. Get a small but valid input file that makes sense to the program. When fuzzing verbose syntax (SQL, HTTP, etc.), create a dictionary as described in dictionaries/README.md, too.

  2. If the program reads from stdin, run afl-fuzz like so:

./afl-fuzz -i seeds_dir -o output_dir -- \ /path/to/tested/program [...program's cmdline...]

To add a dictionary, add -x /path/to/dictionary.txt to afl-fuzz.

If the program takes input from a file, you can put @@ in the program's command line; AFL++ will put an auto-generated file name in there for you.

  1. Investigate anything shown in red in the fuzzer UI by promptly consulting docs/afl-fuzz_approach.md#understanding-the-status-screen.

  2. You will find found crashes and hangs in the subdirectories crashes/ and hangs/ in the -o output_dir directory. You can replay the crashes by feeding them to the target, e.g. if your target is using stdin:

cat output_dir/crashes/id:000000,* | /path/to/tested/program [...program's cmdline...]

You can generate cores or use gdb directly to follow up the crashes.

  1. We cannot stress this enough - if you want to fuzz effectively, read the docs/fuzzingindepth.md document!

Contact

Questions? Concerns? Bug reports?

Branches

The following branches exist:

  • release: the latest release
  • stable/trunk: stable state of AFL++ - it is synced from dev from time to time when we are satisfied with its stability
  • dev: development state of AFL++ - bleeding edge and you might catch a checkout which does not compile or has a bug. We only accept PRs (pull requests) for the 'dev' branch!
  • (any other): experimental branches to work on specific features or testing new functionality or changes.

Help wanted

We have several ideas we would like to see in AFL++ to make it even better. However, we already work on so many things that we do not have the time for all the big ideas.

This can be your way to support and contribute to AFL++ - extend it to do something cool.

For everyone who wants to contribute (and send pull requests), please read our contributing guidelines before you submit.

Special thanks

Many of the improvements to the original AFL and AFL++ wouldn't be possible without feedback, bug reports, or patches from our contributors.

Thank you! (For people sending pull requests - please add yourself to this list :-)

List of contributors ``` Jann Horn Hanno Boeck Felix Groebert Jakub Wilk Richard W. M. Jones Alexander Cherepanov Tom Ritter Hovik Manucharyan Sebastian Roschke Eberhard Mattes Padraig Brady Ben Laurie @dronesec Luca Barbato Tobias Ospelt Thomas Jarosch Martin Carpenter Mudge Zatko Joe Zbiciak Ryan Govostes Michael Rash William Robinet Jonathan Gray Filipe Cabecinhas Nico Weber Jodie Cunningham Andrew Griffiths Parker Thompson Jonathan Neuschaefer Tyler Nighswander Ben Nagy Samir Aguiar Aidan Thornton Aleksandar Nikolich Sam Hakim Laszlo Szekeres David A. Wheeler Turo Lamminen Andreas Stieger Richard Godbee Louis Dassy teor2345 Alex Moneger Dmitry Vyukov Keegan McAllister Kostya Serebryany Richo Healey Martijn Bogaard rc0r Jonathan Foote Christian Holler Dominique Pelle Jacek Wielemborek Leo Barnes Jeremy Barnes Jeff Trull Guillaume Endignoux ilovezfs Daniel Godas-Lopez Franjo Ivancic Austin Seipp Daniel Komaromy Daniel Binderman Jonathan Metzman Vegard Nossum Jan Kneschke Kurt Roeckx Marcel Boehme Van-Thuan Pham Abhik Roychoudhury Joshua J. Drake Toby Hutton Rene Freingruber Sergey Davidoff Sami Liedes Craig Young Andrzej Jackowski Daniel Hodson Nathan Voss Dominik Maier Andrea Biondo Vincent Le Garrec Khaled Yakdan Kuang-che Wu Josephine Calliotte Konrad Welc Thomas Rooijakkers David Carlier Ruben ten Hove Joey Jiao fuzzah @intrigus-lgtm Yaakov Saxon Sergej Schumilo Ziqiao Kong Ryan Berger Sangjun Park Scott Guest Fabian Keil ```

Cite

If you use AFL++ in scientific work, consider citing our paper presented at WOOT'20:

Andrea Fioraldi, Dominik Maier, Heiko Eißfeldt, and Marc Heuse. “AFL++: Combining incremental steps of fuzzing research”. In 14th USENIX Workshop on Offensive Technologies (WOOT 20). USENIX Association, Aug. 2020.
BibTeX ```bibtex @inproceedings {AFLplusplus-Woot20, author = {Andrea Fioraldi and Dominik Maier and Heiko Ei{\ss}feldt and Marc Heuse}, title = {{AFL++}: Combining Incremental Steps of Fuzzing Research}, booktitle = {14th {USENIX} Workshop on Offensive Technologies ({WOOT} 20)}, year = {2020}, publisher = {{USENIX} Association}, month = aug, } ```

Ask DeepWiki

Owner

  • Name: Advanced Fuzzing League ++
  • Login: AFLplusplus
  • Kind: organization
  • Email: afl@aflplus.plus
  • Location: Europe

We want to make fuzzing better and better

Committers

Last synced: 8 months ago

All Time
  • Total Commits: 6,425
  • Total Committers: 321
  • Avg Commits per committer: 20.016
  • Development Distribution Score (DDS): 0.524
Past Year
  • Commits: 492
  • Committers: 79
  • Avg Commits per committer: 6.228
  • Development Distribution Score (DDS): 0.612
Top Committers
Name Email Commits
vanhauser-thc vh@t****g 3,058
hexcoder- h****o@h****e 713
Dominik Maier d****k@g****m 545
Andrea Fioraldi a****i@g****m 390
David Carlier d****n@g****m 145
Your Name y****u@e****m 128
llzmb 4****b 124
Ruben ten Hove g****t@r****l 59
Kuang-che Wu k****u@c****g 54
WorksButNotTested 6****d 51
mio m****o@l****o 51
toka t****e@o****m 48
Sergej Schumilo s****j@s****e 48
yuawn s****0@g****m 38
h1994st h****t@g****m 36
microsvuln 5****n 29
Maciej Domanski m****i@t****m 25
Edznux e****x@g****m 23
DMaroo d****7@g****m 22
Chris Ball c****s@p****t 19
rish9101 r****n@c****n 15
aflpp a****p@a****s 15
Adrian Herrera a****2@g****m 14
Joey Jiao j****g@1****m 13
Christian Holler (:decoder) c****r@m****m 12
Thomas Rooijakkers t****s@t****l 12
intrigus-lgtm 6****m 11
realmadsci 7****i 11
R. Elliott Childre e****9@g****m 10
Vincent Andrae a****t@g****m 10
and 291 more...
Committer Domains (Top 20 + Academic)
qq.com: 7 redhat.com: 4 ispras.ru: 4 163.com: 4 126.com: 3 rub.de: 3 quarkslab.com: 2 google.com: 2 epfl.ch: 2 amadeus.com: 2 mozilla.com: 2 adacore.com: 2 nvidia.com: 2 hexco.de: 2 avm.de: 1 tobik.me: 1 unist.ac.kr: 1 cert.org: 1 jonathans-air.lan: 1 gmx.de: 1 adelaide.edu.au: 1 univ-lille.fr: 1 cs.iitr.ac.in: 1 paluno.uni-due.de: 1 vu.nl: 1 informatik.uni-bonn.de: 1 andrew.cmu.edu: 1 mail.rit.edu: 1 vt.edu: 1 imperial.ac.uk: 1 sec.tu-bs.de: 1 nyu.edu: 1 virginia.edu: 1 umn.edu: 1 uni-bonn.de: 1

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 307
  • Total pull requests: 638
  • Average time to close issues: about 1 month
  • Average time to close pull requests: 2 days
  • Total issue authors: 200
  • Total pull request authors: 169
  • Average comments per issue: 4.41
  • Average comments per pull request: 1.87
  • Merged pull requests: 551
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 105
  • Pull requests: 330
  • Average time to close issues: 4 days
  • Average time to close pull requests: 1 day
  • Issue authors: 78
  • Pull request authors: 71
  • Average comments per issue: 2.31
  • Average comments per pull request: 1.8
  • Merged pull requests: 278
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • bendrissou (11)
  • kcwu (10)
  • smoelius (9)
  • vanhauser-thc (7)
  • seanm (6)
  • 20urc3 (5)
  • nj00001 (5)
  • killerra (5)
  • elboulangero (4)
  • alexandredoyen29 (4)
  • domenukk (4)
  • toralf (4)
  • futhewo (3)
  • nbars (3)
  • tokatoka (3)
Pull Request Authors
  • vanhauser-thc (224)
  • kcwu (56)
  • tokatoka (21)
  • WorksButNotTested (17)
  • wtdcode (17)
  • choller (16)
  • SonicStark (14)
  • schumilo (13)
  • smoelius (10)
  • visitorckw (10)
  • 5angjun (10)
  • Resery (9)
  • domenukk (9)
  • Xeonacid (8)
  • vnc0 (8)
Top Labels
Issue Labels
help wanted (16) enhancement (13) good first issue (7) on my TODO list :) (6) bug (4) important (2) question (2) discussion (2)
Pull Request Labels

Dependencies

.github/workflows/ci.yml actions
  • actions/checkout v3 composite
.github/workflows/code-format.yml actions
  • actions/checkout v3 composite
.github/workflows/codeql-analysis.yml actions
  • actions/checkout v3 composite
  • github/codeql-action/analyze v2 composite
  • github/codeql-action/init v2 composite
.github/workflows/container.yml actions
  • actions/checkout v3 composite
  • docker/build-push-action v3 composite
  • docker/login-action v2 composite
  • docker/setup-buildx-action v2 composite
  • docker/setup-qemu-action v2 composite
.github/workflows/rust_custom_mutator.yml actions
  • actions-rs/toolchain v1 composite
  • actions/checkout v3 composite
Dockerfile docker
  • ubuntu 22.04 build
frida_mode/many-linux/Dockerfile docker
  • fridadotre/manylinux-x86_64 latest build
frida_mode/ub1804/Dockerfile docker
  • ubuntu xenial build
frida_mode/ts/package-lock.json npm
  • tsc 2.0.3 development
frida_mode/ts/package.json npm
  • @types/node ^14.14.2 development
  • tslint ^6.1.3 development
  • typescript ^4.0.3 development
  • typescript-tslint-plugin ^0.5.5 development
  • @types/frida-gum ^16.2.0