Description
A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details
- Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
- It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
- Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
- Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)
Code
Requirements
- Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
- FreeBSD - gmake
- Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
- Windows - CygWin
- Darwin/OS X - Xcode 10.8+
- if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)
Trophies
The tool has been used to find a few interesting security problems in major software packages; Examples:
- FreeType 2:
- CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
- Multiple bugs in the libtiff library
- Multiple bugs in the librsvg library
- Multiple bugs in the poppler library
- Multiple exploitable bugs in IDA-Pro
- Adobe Flash memory corruption • CVE-2015-0316
- Pre-auth remote crash in OpenSSH
- Remote DoS in Crypto++ • CVE-2016-9939
- OpenSSL
- Remote OOB read • CVE-2015-1789
- Remote Use-after-Free (potential RCE) • CVE-2016-6309
- Remote OOB write • CVE-2016-7054
- ... and more
Other
This is NOT an official Google product.