awesome-directed-fuzzing

Directed Fuzzing seems to be a current hot research topic. This repository aims to provide a curated list of research papers on directed whitebox/greybox fuzzing.

Directed Whitebox Fuzzing

[ICSE'09] Taint-based Directed Whitebox Fuzzing [paper]

[S&P'10] TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection [paper]

[SAS'11] Directed symbolic execution [paper]

[ICSE'12] BugRedux: Reproducing Field Failures for In-house Debugging [paper]

[Thesis'12] Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution [paper]

[FSE'13] KATCH: High-Coverage Testing of Software Patches [paper]

[TOSEM'14] Directed Incremental Symbolic Execution [paper]

[ICSE'15] Hercules: Reproducing Crashes in Real-World Application Binaries [paper]

[ICSE'16] Guiding Dynamic Symbolic Execution toward Unverified Program Executions [paper]

[TASE'16] SeededFuzz: Selecting and Generating Seeds for Directed Fuzzing [paper]

[SAC'18] Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach [paper] [project]

Directed Greybox Fuzzing

[CCS'17] Directed Greybox Fuzzing [paper] [project] [slides] [talk]

[CCS'18] Hawkeye: Towards a Desired Directed Grey-box Fuzzer [paper] [project] [slides] [talk]

[DSN'19] 1dVul: Discovering 1-day Vulnerabilities through Binary Patches [paper]

[ICPC'19] Sequence coverage directed greybox fuzzing [paper]

[CCS'19] Poster: Directed Hybrid Fuzzing on Binary Code [paper]

[ICSE'19] LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics [paper] [project]

[arxiv'19] V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing [paper]

[SANER'20] Sequence directed hybrid fuzzing

[ICSE'20] Targeted Greybox Fuzzing with Static Lookahead Analysis [paper]

[SEC'20] FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning [paper] [project]

[SEC'20] ParmeSan: Sanitizer-guided Greybox Fuzzing [paper] [project]

[arxiv'20] Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities [paper]

Others

[ISSTA'11] Statically-Directed Dynamic Automated Test Generation [paper]

[SEC'13] Dowsing for overflows: A guided fuzzer to find buffer boundary violations [paper]

[ASPLOS'15] Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement [paper]

[PLDI'19] Parser-Directed Fuzzing [paper] [project] [video]

uafuzz/awesome-directed-fuzzing

awesome-directed-fuzzing

Directed Whitebox Fuzzing

[ICSE'09] Taint-based Directed Whitebox Fuzzing [paper]

[S&P'10] TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection [paper]

[SAS'11] Directed symbolic execution [paper]

[ICSE'12] BugRedux: Reproducing Field Failures for In-house Debugging [paper]

[Thesis'12] Hybrid Fuzz Testing: Discovering Software Bugs via Fuzzing and Symbolic Execution [paper]

[FSE'13] KATCH: High-Coverage Testing of Software Patches [paper]

[TOSEM'14] Directed Incremental Symbolic Execution [paper]

[ICSE'15] Hercules: Reproducing Crashes in Real-World Application Binaries [paper]

[ICSE'16] Guiding Dynamic Symbolic Execution toward Unverified Program Executions [paper]

[TASE'16] SeededFuzz: Selecting and Generating Seeds for Directed Fuzzing [paper]

[SAC'18] Improving Function Coverage with Munch: A Hybrid Fuzzing and Directed Symbolic Execution Approach [paper] [project]

Directed Greybox Fuzzing

[CCS'17] Directed Greybox Fuzzing [paper] [project] [slides] [talk]

[CCS'18] Hawkeye: Towards a Desired Directed Grey-box Fuzzer [paper] [project] [slides] [talk]

[DSN'19] 1dVul: Discovering 1-day Vulnerabilities through Binary Patches [paper]

[ICPC'19] Sequence coverage directed greybox fuzzing [paper]

[CCS'19] Poster: Directed Hybrid Fuzzing on Binary Code [paper]

[ICSE'19] LEOPARD: Identifying Vulnerable Code for Vulnerability Assessment through Program Metrics [paper] [project]

[arxiv'19] V-Fuzz: Vulnerability-Oriented Evolutionary Fuzzing [paper]

[SANER'20] Sequence directed hybrid fuzzing

[ICSE'20] Targeted Greybox Fuzzing with Static Lookahead Analysis [paper]

[SEC'20] FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning [paper] [project]

[SEC'20] ParmeSan: Sanitizer-guided Greybox Fuzzing [paper] [project]

[arxiv'20] Binary-level Directed Fuzzing for Use-After-Free Vulnerabilities [paper]

Others

[ISSTA'11] Statically-Directed Dynamic Automated Test Generation [paper]

[SEC'13] Dowsing for overflows: A guided fuzzer to find buffer boundary violations [paper]

[ASPLOS'15] Targeted Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement [paper]

[PLDI'19] Parser-Directed Fuzzing [paper] [project] [video]