Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...

Overview

LibAFL, the fuzzer library.

AFL++ Logo

Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust.

LibAFL is written and maintained by Andrea Fioraldi [email protected] and Dominik Maier [email protected].

Why LibAFL?

LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include:

  • fast: We do everything we can at compile time, keeping runtime overhead minimal. Users reach 120k execs/sec in frida-mode on a phone (using all cores).
  • scalable: Low Level Message Passing, LLMP for short, allows LibAFL to scale almost linearly over cores, and via TCP to multiple machines.
  • adaptable: You can replace each part of LibAFL. For example, BytesInput is just one potential form input: feel free to add an AST-based input for structured fuzzing, and more.
  • multi platform: LibAFL was confirmed to work on Windows, MacOS, Linux, and Android on x86_64 and aarch64. LibAFL can be built in no_std mode to inject LibAFL into obscure targets like embedded devices and hypervisors.
  • bring your own target: We support binary-only modes, like Frida-Mode, as well as multiple compilation passes for sourced-based instrumentation. Of course it's easy to add custom instrumentation backends.

Overview

LibAFL is a collection of reusable pieces of fuzzers, written in Rust. It is fast, multi-platform, no_std compatible, and scales over cores and machines.

It offers a main crate that provide building blocks for custom fuzzers, libafl, a library containing common code that can be used for targets instrumentation, libafl_targets, and a library providing facilities to wrap compilers, libafl_cc.

LibAFL offers integrations with popular instrumentation frameworks. At the moment, the supported backends are:

Getting started

  1. Install the Rust development language. We highly recommend not to use e.g. your Linux distribution package as this is likely outdated. So rather install Rust directly, instructions can be found here.

  2. Clone the LibAFL repository with

git clone https://github.com/AFLplusplus/LibAFL

Build the library using

cargo build --release
  1. Build the API documentation with
cargo doc
  1. Browse the LibAFL book (WIP!) with (requires mdbook)
cd docs && mdbook serve

We collect all example fuzzers in ./fuzzers. Be sure to read their documentation (and source), this is the natural way to get started!

The best-tested fuzzer is ./fuzzers/libfuzzer_libpng, a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.

Resources

Contributing

Check the TODO.md file for features that we plan to support.

For bugs, feel free to open issues or contact us directly. Thank you for your support. <3

Even though we will gladly assist you in finishing up your PR, try to

  • use stable rust
  • run cargo fmt on your code before pushing
  • check the output of cargo clippy --all or ./clippy.sh
  • run cargo build --no-default-features to check for no_std compatibility (and possibly add #[cfg(feature = "std")]) to hide parts of your code.

Some of the parts in this list may be hard, don't be afraid to open a PR if you cannot fix them by yourself, so we can help.

License

Licensed under either of Apache License, Version 2.0 or MIT license at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
Comments
  • Test fuzzers

    Test fuzzers

    I've made scripts for 6 fuzzers in fuzzer/ (excluding baby, generic, frida, fuzzbench), that can test the building for each, so that we can tell if something is going wrong at CI. yes they are bash scripts and the platform-independent workaround is a TODO.

    what do you think 🤗 ?

    opened by tokatoka 45
  • Frida Address Sanitizer for x86_64

    Frida Address Sanitizer for x86_64

    still WIP. but I just thought ci would help, so I put it here as a draft pr

    • TODOs
    • [x] handle_trap for amd64
    • [x] the speed issue of hook_func
    • [x] blob_report for amd64
    • [x] Get https://github.com/tokatoka/frida-rust merged, this repo extends frida-rust for some missing instructions on amd64 (PR submitted)
    opened by tokatoka 39
  • Google Summer of Code

    Google Summer of Code

    Welcome Students :)

    This is libAFL, our new fuzzing library. It's not public just yet, but will be opened up soon! Take a look around in the code base, look at the (todos)[./TODOS.md] and issues if you already feel like coding, feel free to post any questions in this issue or open your own issues.

    In case anybody wants to open a PR, talk to @andreafioraldi or me.

    opened by domenukk 29
  • LLVM AutoTokens

    LLVM AutoTokens

    This pr implements LLVM autodict Based on andrea's autodict branch and aflpp's implementation https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/SanitizerCoverageLTO.so.cc

    I decided not to use the new PM because it just does not work :/ (not sure why). instead of writing to a file, the llvm pass puts the tokens into a section named "libafl_dict". And from Rust side we retrieve the pointer to the start of the section and parse it.

    opened by tokatoka 27
  • [READY] Add options parser

    [READY] Add options parser

    There's probably a few things that could be added still, remote_broker_port, cmplog, asan, and a few others come to mind. I'll poke around and get this to where it covers most options, but wanted to open it up for comments sooner rather than later.

    opened by epi052 25
  • Windows Inprocess Fuzzing + Asan does not work

    Windows Inprocess Fuzzing + Asan does not work

    Describe the bug LibAFL on MSVC is marking discovered crashes as fuzzer crashes instead of target crashes.

    To Reproduce Steps to reproduce the behavior:

    1. Download the included project file
    2. Open it with your MSVC developer powershell
    3. run ./build_libafl.ps1 - optionally changing the position of sancov.lib within
    4. cd fuzzer_rust
    5. cargo run - you should get crash marked as occurring outside of the target

    Expected behavior The crash should be classified as occurring inside the target

    Screen output/Screenshots image

    Additional context fuzz_target.zip

    Note Changing the VEH installed at https://github.com/AFLplusplus/LibAFL/blob/main/libafl/src/bolts/os/windows_exceptions.rs#L367 from 1 to 0 seemed to fix the problem here, but I'm not sure if this may have broken anything else / things in other scenarios.

    bug help wanted 
    opened by Ben-Lichtman 23
  • libafl_cc fixes for windows

    libafl_cc fixes for windows

    This PR includes changes that enable LibAFL's optimization passes on Windows. I think this is not perfect, but could be used as a start.

    In order to get these running, one has to:

    • Compile LLVM (tested with version 14.0.6) in order to get llvm-config.exe which is not distributed in the Windows package. I used the following commands
    mkdir build; cd build
    
    cmake -G "Visual Studio 17 2022" -A x64             `
        -DLLVM_ENABLE_PROJECTS="clang;compiler-rt;lld"  `
        -DLLVM_EXPORT_SYMBOLS_FOR_PLUGINS=ON            `
        -DLLVM_TARGETS_TO_BUILD=X86 -Thost=x64          `
        ../llvm
    
    cmake --build . --config Release
    
    • Link the rust code against the static runtime libraries by setting the following environment variable
    $env:RUSTFLAGS='-C target-feature=+crt-static' cargo build --release
    

    I made a Dockerfile to build a Windows container here which install the various dependencies required to set things up. I also wrote down some extended notes here.

    There is currently a problem that I am still trying to figure out. If I compile stuff with the libafl_cc wrapper and with -fsanitize=address, there is an ACCESS VIOLATION triggered before the target is even started. This gist might be related.

    opened by abgeana 23
  • Handling/Warning for OOM

    Handling/Warning for OOM

    Hey I just played a little bit with this library and tried to fuzz libcue.

    After some time the client just spamms this message over and over:

    thread 'main' panicked at 'Allocated new message without calling send() inbetween. ret: 0x7f01465ad030, page: 0x7f01465ad000, complete_msg_size: 48, size_used: 1736144, last_msg: 0x0', /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:745:13
    stack backtrace:
       0: rust_begin_unwind
                 at /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/panicking.rs:493:5
       1: std::panicking::begin_panic_fmt
                 at /rustc/cb75ad5db02783e8b0222fee363c5f63f7e2cf5b/library/std/src/panicking.rs:435:5
       2: libafl::bolts::llmp::LlmpSender<SH>::alloc_next_if_space
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:745:13
       3: libafl::bolts::llmp::LlmpSender<SH>::alloc_next
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:823:37
       4: libafl::bolts::llmp::LlmpSender<SH>::send_buf
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:866:23
       5: libafl::bolts::llmp::LlmpClient<SH>::send_buf
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:1765:9
       6: libafl::bolts::llmp::LlmpConnection<SH>::send_buf
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/bolts/llmp.rs:439:52
       7: <libafl::events::llmp::LlmpEventManager<I,S,SH,ST> as libafl::events::EventManager<I,S>>::fire
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/events/llmp.rs:375:9
       8: <libafl::events::llmp::LlmpRestartingEventManager<I,S,SH,ST> as libafl::events::EventManager<I,S>>::fire
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/events/llmp.rs:468:9
       9: libafl::state::State<C,FT,libafl::inputs::bytes::BytesInput,OFT,R,SC>::load_initial_inputs
                 at /home/max/projects/fuzzing/LibAFL/libafl/src/state/mod.rs:611:9
      10: libfuzzer_libcue::fuzz
                 at ./src/fuzzer.rs:164:9
      11: libfuzzer_libcue::main
                 at ./src/fuzzer.rs:65:5
      12: core::ops::function::FnOnce::call_once
                 at /home/max/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/core/src/ops/function.rs:227:5
    note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace.
    [libafl/src/events/llmp.rs:553] "Spawning next client (id {})" = "Spawning next client (id {})"
    [libafl/src/events/llmp.rs:553] ctr = 1337
    We're a client, let's fuzz :)
    First run. Let's set it all up
    We're a client, let's fuzz :)
    Loading file "./corpus/test.cue" ...
    
    

    My fuzzer is identical to that of the libpng example. Only the build and harness script is different. If you need the code then I can upload it somewhere as ZIP as forking is disabled and I can not create branches.

    bug 
    opened by maxammann 23
  • ForkserverExecutor

    ForkserverExecutor

    #82

    Only the ForkserverExecutor, still WIP TODO:

    • [x] use Pipe made by Dominik.
    • [x] We need to check if the execution has crashed
    • [x] We might want to allocate the shared memory (calling StdShMemProvider::new()) outside the Executor?, because the Observer needs that address.
    • [x] Add an example that uses ForkserverExecutor
    opened by tokatoka 22
  • Use Unix timer_* API instead of setitimer

    Use Unix timer_* API instead of setitimer

    Currently, to set and reset timeouts in the TimeoutExecutor the setitimer FFI is used. The function is not exposed in libc:: and is hence linked in via extern "C", required structs are defined manually in LibAFL.

    As these do not seem to account for different layouts/ pointer sizes, the call fails under armv7 and no alarm is being set (also cf. this).

    While working on this issue, I decided to use the newer timer API (timer_create, timer_settime), as setitimer is marked obsolete.

    As this requires global access to a timer_id struct, e.g., in order to disarm timers in the crash handler, a new trait was introduced for _Executor_s, also streamlining the clock reset between Unix and Windows.

    Feedback is welcome.

    opened by pr0me 21
  • InProcessForkExecutor

    InProcessForkExecutor

    ATM these two Executors are missing:

    • ForkserverExecutor must be an AFL-like forkserver executor, I guess we can borrow code from Angora
    • InProcessForkExecutor is a version of InProcessExecutor that forks before calling the harness. In this case, LibAFL must be still embedded into the target and we avoid to control the target via pipe, but then we still need an harness and cannot fuzz binaries compile with afl-cc
    enhancement good first issue 
    opened by andreafioraldi 20
  • Memory leak in qemu_fullsystem mode

    Memory leak in qemu_fullsystem mode

    IMPORTANT

    1. You have verified that the issue to be present in the current main branch

    Thank you for making LibAFL better!

    Describe the bug A clear and concise description of what the bug is. it looks like qemu fullsystem mode does not let go of memory maxing out ram usage.

    To Reproduce Steps to reproduce the behavior:

    1. run qemu_fullsystem example from fuzzer directory
    2. wait few minutes.

    Expected behavior A clear and concise description of what you expected to happen. It does not use all of my memory.

    Screen output/Screenshots If applicable, add copy-paste of the screen output or screenshot that shows the issue. Please ensure the output is in English and not in Chinese, Russian, German, etc. Screenshot from 2023-01-06 13-20-39 Screenshot from 2023-01-06 13-21-09

    bug 
    opened by elbiazo 0
  • fixing linking issue on qemu build

    fixing linking issue on qemu build

    Trying to run qemu_systemmode example and qemu_arm example, i received linker error shown below. Odd thing is I tried it on 6 different machine and 3 of them worked while other 3 times it didnt.

    Screenshot from 2023-01-06 10-09-45

    opened by elbiazo 1
  • Create an `on_crash` callback in QemuHooks

    Create an `on_crash` callback in QemuHooks

    QemuHooks should expose an API for calling a method only when certain conditions occur, such as a crash.

    This would be useful, for example, when using QemuCallTraceHelper to collect traces only when a crash has occurred (as opposed to every exec). This particular use case implies re-running the target when a crash is found, so perhaps it could be implemented as a Stage with access to QemuHooks.

    enhancement 
    opened by dlmarrero 0
  • Use Metadata to store QemuCallTracerHelper callstack

    Use Metadata to store QemuCallTracerHelper callstack

    Currently, QemuCallTracerHelper stores its callstack values inside of the struct. This makes the data difficult to access post-execution. Like other QemuHelpers, a Metadata instance should be stored in State and used to collect call addresses. This would enable post-processing in Observers and Feedbacks.

    bug 
    opened by dlmarrero 0
  • Full libfuzzer shimming (for cargo-fuzz libfuzzer alternative and other use cases)

    Full libfuzzer shimming (for cargo-fuzz libfuzzer alternative and other use cases)

    Seeing as how libfuzzer has entered maintenance mode, we should provide a full libfuzzer alternative which stays up to date with modern fuzzing standards.

    To this end, this PR seeks to offer libafl_libfuzzer, a full drop-in replacement for libfuzzer with support for the most common flags and sancov settings. Specifically, all of the things supported by cargo-fuzz. We can provide this shim to cargo-fuzz via environmental variable in libfuzzer-sys or, in the future, an init flag in cargo-fuzz itself.

    We need to implement corpus merging (fairly straightforward with IndexesLenTimeMinimizingScheduler or cmin), crash minification (doable with tmin + InProcessForkExecutor), and a basic fuzzing runtime (optionally with dict support). cargo-fuzz uses many of the available sancov features, so we need some additional support for __san*cov items. As of writing, we have the following undefined references:

    $ cargo fuzz build -s none |& grep -Eo "undefined reference to.*'" | sort -u 
    undefined reference to `LLVMFuzzerMutate'
    undefined reference to `__sancov_lowest_stack'
    undefined reference to `__sanitizer_cov_pcs_init'
    undefined reference to `__sanitizer_cov_trace_pc_indir'
    

    I'm unfamiliar with __san*cov features, so I could use some help in developing that support.

    I think this would be a good addition to the 0.9 release as well.

    opened by VTCAKAVSMoACE 4
Releases(0.8.2)
  • 0.8.2(Oct 12, 2022)

    Highlights

    • NYX bridge with LibAFL with libafl_nyx by @syheliel
    • JSON logging monitor by @eknoes
    • Testcase and corpus minimizers by @VTCAKAVSMoACE
    • TimeoutInprocessForkExecutor by @tokatoka
    • Builds on various *nix operating systems by @devnexen

    What's Changed

    • New Pass Manager Arguments in https://github.com/AFLplusplus/LibAFL/pull/724
    • Core affinity implementation for freebsd by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/736
    • NYX Executor (GSoC '22) by @syheliel in https://github.com/AFLplusplus/LibAFL/pull/693
    • OSX force_load option in https://github.com/AFLplusplus/LibAFL/pull/743
    • Add continous JSON Logging monitor by @eknoes in https://github.com/AFLplusplus/LibAFL/pull/738
    • Netopenbsd build fix by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/746
    • follow-up on netbsd build fix, simplification. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/750
    • Add test case minimising stage by @VTCAKAVSMoACE in https://github.com/AFLplusplus/LibAFL/pull/735
    • Implement a corpus minimiser by @VTCAKAVSMoACE in https://github.com/AFLplusplus/LibAFL/pull/739
    • Skippable stage, generator wrapper for Grimoire in https://github.com/AFLplusplus/LibAFL/pull/748
    • MapFeedback: Adding support for with_name() by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/752
    • dragonflybsd build fix for core affinity. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/753
    • CI for FreeBSD in https://github.com/AFLplusplus/LibAFL/pull/754
    • core affinity for FreeBSD pinning task to the wanted cpu by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/756
    • Do not zero-init struct in QEMU in https://github.com/AFLplusplus/LibAFL/pull/758
    • adjust NyxExecutor trait bound to HasTargetBytes from HasBytesVec by @tcheinen in https://github.com/AFLplusplus/LibAFL/pull/760
    • libafl_frida ASan hook adding apple's memset_pattern* api. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/761
    • frida follow up on previous change for apple. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/763
    • Add track_stability option to CalibrationStage in https://github.com/AFLplusplus/LibAFL/pull/781
    • Dump registers on freebsd amd64 by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/779
    • Builds on Illumos, by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/775
    • reduces warnings when only version output is asked. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/778
    • Extend gramatron recursive mutator to recurse 5 times in https://github.com/AFLplusplus/LibAFL/pull/783
    • Dump registers on NetBSD amd64 by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/786
    • Add support for ARMBE8 by @WorksButNotTested in https://github.com/AFLplusplus/LibAFL/pull/768
    • Dump reg for openbsd by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/787
    • Windows gdiplus by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/789 & https://github.com/AFLplusplus/LibAFL/pull/792
    • Remove clang download from windows CI by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/791
    • write_crash netbsd implementation by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/788
    • bolts::cpu::read_time_counter on arm64 by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/790
    • Add ability to use virtual dispatch to stagesTuple by @radl97 in https://github.com/AFLplusplus/LibAFL/pull/801
    • Adding CPSR register for arm qemu emulation by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/800
    • Enable additional rustc errors in test only in https://github.com/AFLplusplus/LibAFL/pull/809
    • Adding fork feature passing from libafl_qemu to libafl crate by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/806
    • Hide prelude behind feature flag in https://github.com/AFLplusplus/LibAFL/pull/782
    • TimeoutInprocessForkExecutor in https://github.com/AFLplusplus/LibAFL/pull/797
    • Fixes typo and grammar in spawn_instances.md doc by @Emauz in https://github.com/AFLplusplus/LibAFL/pull/811
    • Minor changes for linux without fork feature by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/814
    • Hook IsProcessorFeaturePresent to crash with STATUS_STACK_BUFFER_OVERRUN exception by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/804
    • Added Hacking TMNF blogpost to Resources in https://github.com/AFLplusplus/LibAFL/pull/819
    • Moving to named parameters in format strings in https://github.com/AFLplusplus/LibAFL/pull/827

    Fixes

    • Unbreak tui with 1 client by @nicklangsysdig in https://github.com/AFLplusplus/LibAFL/pull/734
    • Fix autotokens doc in https://github.com/AFLplusplus/LibAFL/pull/751
    • Fix spelling error by @AidenRHall in https://github.com/AFLplusplus/LibAFL/pull/745
    • Fix documentation error by @Lancern in https://github.com/AFLplusplus/LibAFL/pull/747
    • Add doc for nyx by @syheliel in https://github.com/AFLplusplus/LibAFL/pull/759
    • Fix cargo doc failed on windows by @SpaceWhite in https://github.com/AFLplusplus/LibAFL/pull/762
    • Fix forkserver options in https://github.com/AFLplusplus/LibAFL/pull/771
    • Stability improvements in https://github.com/AFLplusplus/LibAFL/pull/773
    • Fix len miscalculation in grimoire string replace in https://github.com/AFLplusplus/LibAFL/pull/794
    • Disable ObserversOwnedMap due to new Rust error in https://github.com/AFLplusplus/LibAFL/pull/807
    • Fix FreeBSD CI in https://github.com/AFLplusplus/LibAFL/pull/820
    • Backport AFL++ issue #1548 in https://github.com/AFLplusplus/LibAFL/pull/826
    • Various Doc and CI fixes by @andreafioraldi, @tokatoka, @domenukk, @thebendavis, @Emauz

    New Contributors

    • @nicklangsysdig made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/734
    • @AidenRHall made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/745
    • @Lancern made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/747
    • @VTCAKAVSMoACE made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/735
    • @tcheinen made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/760
    • @SpaceWhite made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/762
    • @WorksButNotTested made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/768
    • @thebendavis made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/796
    • @radl97 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/801
    • @Emauz made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/811

    Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.8.1...0.8.2

    Source code(tar.gz)
    Source code(zip)
  • 0.8.1(Aug 18, 2022)

    Highlights

    • Qemu arm launcher example by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/708
    • Windows support for LLVM passes by @abgeana in https://github.com/AFLplusplus/LibAFL/pull/710
    • Mac OS Autotokens by @tokatoka https://github.com/AFLplusplus/LibAFL/pull/723
    • Raw API for full-system libafl_qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/692

    Further Changes

    • Prelude module by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/709
    • Change StdWeightedScheduler API by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/712
    • Add HitcountsIterableMapObserver, rename AsMutIter to AsIterMut by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/713
    • Updated requirements in https://github.com/AFLplusplus/LibAFL/pull/714 & https://github.com/AFLplusplus/LibAFL/pull/715
    • Remove num_cpus dependency by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/717
    • Deriving Clone for NopMonitor by @z2-2z in https://github.com/AFLplusplus/LibAFL/pull/721
    • add rustfmt.toml by @syheliel in https://github.com/AFLplusplus/LibAFL/pull/722

    Fixes

    • Update fuzzbench_weighted to EXPLORE, fix linking by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/707
    • Fix Autotokens by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/706
    • Fix SIGILL handling in libafl_qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/711
    • Resize MapFeedbackMetadata with observer.initial() by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/718
    • Simd Fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/729
    • fix typo in aarch64.rs by @zuypt in https://github.com/AFLplusplus/LibAFL/pull/731

    New Contributors

    • @zuypt made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/731

    Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.8.0...0.8.1

    Source code(tar.gz)
    Source code(zip)
  • 0.8.0(Jul 18, 2022)

    Highlights

    • Graphical TUI Monitor based on tui-rs (https://github.com/AFLplusplus/LibAFL/pull/480)
    • Differential Fuzzing Support: Differential executor, diff feedback, stdio observers (https://github.com/AFLplusplus/LibAFL/pull/521)
    • Grimoire structured fuzzing support (https://github.com/AFLplusplus/LibAFL/pull/487)
    • LLVM AutoTokens (https://github.com/AFLplusplus/LibAFL/pull/470)
    • Much simpler API for feedback states (https://github.com/AFLplusplus/LibAFL/pull/627)
    • Switched all example fuzzers from Makefiles to cargo-make (https://github.com/AFLplusplus/LibAFL/pull/537)
    • libafl::Error can generate Backtraces (https://github.com/AFLplusplus/LibAFL/pull/617)
    • Refactored libafl Python (https://github.com/AFLplusplus/LibAFL/pull/632)
    • [libafl_frida] Enabled ASan for Apple (https://github.com/AFLplusplus/LibAFL/pull/478)
    • [libafl_qemu] snapshot fuzzing (https://github.com/AFLplusplus/LibAFL/pull/484)
    • [libafl_qemu] custom GDB commands for LibAFL (https://github.com/AFLplusplus/LibAFL/pull/671)

    Further Changes

    • Rework ShMem by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/472
    • libfuzzer-like repro arguments for fuzzbench by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/475
    • Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/477
    • [libafl_qemu] map_fixed and mprotect target memory by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/483
    • AnyMap and owned collections of Observers and Stages by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/491
    • [libafl_qemu] simplify emu::{read,write}_mem by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/496
    • Expose more options to python qemu sugar by @epi052 in https://github.com/AFLplusplus/LibAFL/pull/492
    • [libafl_qemu] GuestAddr type by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/501
    • extend python forkserver api by @epi052 in https://github.com/AFLplusplus/LibAFL/pull/500
    • Add options parser by @epi052 in https://github.com/AFLplusplus/LibAFL/pull/493
    • Implement backtrace observers for crash dedupe by @yussf in https://github.com/AFLplusplus/LibAFL/pull/379
    • Builder for CommandExecutor & Tokens Refactoring by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/508
    • Coverage accounting (BB metric atm) by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/507
    • Frida Runtime Tuples by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/457
    • frida-asan: Throw an exception on a failed new instead of just returning null by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/512
    • libafl_cc: -fsanitize=fuzzer is an alias to --libafl by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/518
    • Non weak default sanitizers options functions by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/519
    • Set map observers initial value to T::default() on creation by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/520
    • Forkserver builder by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/523
    • Autodict forkserver by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/525
    • Github workflows frida build on windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/536
    • Initial support to Python bindings for the libafl crate by @faroukfaiz10 in https://github.com/AFLplusplus/LibAFL/pull/429
    • Walk the map observer using as_ref_iter() in the map feedback by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/535
    • libafl_qemu decouple hooks from the executor and QemuForkExecutor by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/528
    • [libafl_qemu] EasyElf::resolve_symbol return GuestAddr by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/540
    • Add signal option to forkserver_simple by @tklengyel in https://github.com/AFLplusplus/LibAFL/pull/548
    • Closure hooks and on thread create hook by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/542
    • afl_exec_sec feature to count executions per second in the same way as AFL (sliding window), disabled by default by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/555
    • Add function call level granularity for coverage accounting by @shouc in https://github.com/AFLplusplus/LibAFL/pull/552
    • Add probabilistic sampling corpus scheduler by @shouc in https://github.com/AFLplusplus/LibAFL/pull/544
    • Dump Control Flow Graph in AFLCoverage LLVM Pass by @shouc in https://github.com/AFLplusplus/LibAFL/pull/557
    • Weighted corpus entry selection by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/570
    • Set the number of stacked mutations in MOpt mutator by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/587
    • Powerschedule::RAND by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/596
    • Use ucontext from bolts::os::unix_signals for armv7 support by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/612
    • Update clap by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/621
    • adding equivalent arm32 syscall for qemu snapshot by @elbiazo in https://github.com/AFLplusplus/LibAFL/pull/628
    • Cmplog New Pass Manager & LLVM 14 Fixes by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/626
    • Added autofix script by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/639
    • Moved to no_std preamble by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/643
    • Drop the build_id depedency and move to bolts by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/649
    • Make OutFile auto-remove refcounted on drop by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/654
    • Windows-rs Update by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/657
    • Moved core_affinity to bolts by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/655
    • Windows CI for frida by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/658
    • C forkserver logic in libafl_targets by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/650
    • Apple aarch64 fixes by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/660
    • LIBAFL_DEBUG_OUTPUT in Launcher and OnDiskTOMLMonitor to create fuzzer_stats by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/666
    • Generating core ids based on the actual count of logical cores by @wizche in https://github.com/AFLplusplus/LibAFL/pull/669
    • CustomBuf Events to exchange any data between fuzzers by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/672
    • New hooks for libafl_qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/673
    • Extend weighted scheduler by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/685
    • TUI monitor no longer breaks the terminal if main thread panics by @TeumessianFox in https://github.com/AFLplusplus/LibAFL/pull/699

    New Contributors

    • @sagittarius-a made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/488
    • @epi052 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/492
    • @yussf made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/379
    • @tklengyel made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/548
    • @shouc made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/552
    • @syheliel made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/564
    • @h1994st made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/606
    • @WilliamParks made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/623
    • @aoli-al made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/616
    • @elbiazo made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/628
    • @peamaeq made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/637
    • @wizche made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/669
    • @z2-2z made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/688
    • @Scepticz made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/675
    • @TeumessianFox made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/699

    Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.7.1...0.8.0

    Source code(tar.gz)
    Source code(zip)
  • 0.7.1(Jan 13, 2022)

    Highlights

    • a new libafl_qemu API for binary-only fuzzing
    • heaps of fixes for libafl_frida and better Windows support
    • MiMalloc allocator for speed and stability in examples
    • Less (!) generics
    • Message-passing fixes for aarch64

    What's Changed

    • Windows timeout fix with critical sections by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/391
    • Symcc submodule referencing a path by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/411
    • Fix timeout type from u32 to i64 in windows TimeoutExecutor by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/414
    • Fix forkserver_simple clap issue by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/412
    • Fix Clap about() issue by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/417
    • Debug output for forkserver by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/413
    • Reworking example fuzzers to use Structopt instead of yaml, and introduced Cores API by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/420
    • Fix makefile for frida_libpng by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/422
    • Various fixes for CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/423
    • Open the stdout-file once by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/419
    • Use AddVectoredExceptionHandler to register exception handlers by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/403
    • Frida Refactor: Separate Frida other helper functions into each Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/418
    • Implement AflMap by @vanhauser-thc in https://github.com/AFLplusplus/LibAFL/pull/416
    • Frida shadow fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/425
    • Fix frida-mode for debug builds, ensure it will continue to work on release builds by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/427
    • Other/User defined WIndows Exceptions by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/402
    • Refactor libafl_qemu creating the Emulator struct and post syscall hooks by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/430
    • Drcov remodelling by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/415
    • DrCov Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/432
    • Implement max total allocation size for frida asan by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/433
    • Fix strncmp hook to only check the length of the needle string by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/434
    • [libafl_qemu] fix build.rs by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/435
    • Frida various fixes by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/436
    • Use MiMalloc for fuzzbench fuzzer by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/439
    • Add errors for missing Docs, add Docs by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/440
    • [libafl_qemu] prevent unneeded build.rs runs by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/441
    • Updated dependencies by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/443
    • Derive debug for all structs in LibAFL by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/442
    • Cpu atomics for LLMP by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/438
    • [libafl_qemu] fix i386 Regs values by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/444
    • Various fixes related to frida mode by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/445
    • Fix a typo in TODO.md by @yerke in https://github.com/AFLplusplus/LibAFL/pull/450
    • Reorder type parameters in the correct order by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/449
    • Disable pita 🥙 compiler in debug mode by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/454
    • Move to clap 3.0 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/447
    • Add OwnedSlice::RefRaw to keep track of raw pointers by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/448
    • Reduce generics for various Has* traits by @evanrichter in https://github.com/AFLplusplus/LibAFL/pull/456
    • Use UserStats for Stability by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/451
    • Optional signal value to kill forked processes on timeout by @v-p-b in https://github.com/AFLplusplus/LibAFL/pull/461
    • Fix windows build by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/462
    • Asan fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/460
    • Add --libaf-no-link to libafl_cc by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/464
    • Shadow bit by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/455
    • Bump to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/465
    • Add --libafl arg in libafl_cc and enable it for fuzzbench by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/466
    • Bump libafl_frida to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/467
    • Bump libafl_sugar to 0.7.1 by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/468

    New Contributors

    • @yerke made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/450
    • @v-p-b made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/461

    Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.7.0...0.7.1

    Source code(tar.gz)
    Source code(zip)
  • 0.7.0(Dec 9, 2021)

    What's Changed

    • process crash handler, dump registers on macos arm64 by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/271
    • initial book entry for concolic by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/257
    • renamed target_os macos to target_vendor apple by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/273
    • Fix shmem on android by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/272
    • Symcc runtime docsrs fix by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/270
    • Build LibAFL Android in CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/275
    • Refactor configurations with EventConfig by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/277
    • Token level fuzzing by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/274
    • openbsd port. by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/279
    • Fix _LLMP_BIND_ADDR for Windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/285
    • Build id configuration in std by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/286
    • Use external, custom time function for no_std environments by @bitwave in https://github.com/AFLplusplus/LibAFL/pull/281
    • ShMem server race-condition fix for #276 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/278
    • Add core_id to launcher run_client closure signature by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/290
    • PowerSchedule::COE fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/295
    • added write_file_atomic against ondisk corpus races by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/294
    • armv7 support: add ucontext struct definition by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/297
    • cbz, tbz, tbnz support for aarch64 cmplog by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/298
    • Qemu as lib by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/301
    • WIP: added unfinished no_std docs by @bitwave in https://github.com/AFLplusplus/LibAFL/pull/282
    • Example how to build baby-fuzzer as push instead of pull, using Klo-routines by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/227
    • Python basic bindings for sugar and qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/302
    • Book refactoring and update by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/280
    • Fixed CI by ignoring python, resolved multiple warnings by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/303
    • Fix default UBSan options and avoid timeouts in crash handler by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/304
    • Qemu new syscall hook and more python API by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/306
    • Still fixing CI by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/305
    • Frida windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/287
    • Qemu Helpers and basic snapshotting by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/310
    • Allowlist and denylist for QEMU edges and cmps by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/311
    • Qemu partial instr fix by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/312
    • Qemu generic hooks by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/313
    • Python generic qemu hook by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/314
    • dumping process address maps on netbsd too by @devnexen in https://github.com/AFLplusplus/LibAFL/pull/316
    • fix tutorial fuzzer by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/323
    • remove libafl_tests by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/324
    • concolic optional runtime by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/319
    • init git submodule for symcc for symcc_runtime crate when publishing by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/321
    • don't include all of libafl for symcc_runtime by default by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/320
    • delayed checkout in ci by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/326
    • add ability to trace location information in concolic tracer by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/322
    • update packages related to concolic by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/325
    • 32 bit arm regs by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/315
    • update deps by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/327
    • Fix Typo. by @intrigus-lgtm in https://github.com/AFLplusplus/LibAFL/pull/330
    • Error message in most likely case of using NONASAN and ASAN fuzzers using the same Fuzzer config by @marcinguy in https://github.com/AFLplusplus/LibAFL/pull/329
    • Gramatron by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/332
    • fixes for frida mode for win and checks in rust 1.56 by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/334
    • fix concolic nofloat filter by @julihoh in https://github.com/AFLplusplus/LibAFL/pull/333
    • add support for aarch64 in libafl_qemu by @abgeana in https://github.com/AFLplusplus/LibAFL/pull/335
    • Minor doc fixes by @faroukfaiz10 in https://github.com/AFLplusplus/LibAFL/pull/339
    • Port gramatron preprocessing to Rust by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/341
    • Atheris example to fuzz Python Code by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/300
    • Fix warnings for windows by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/344
    • Fix #344 by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/345
    • Upgrade to Rust 2021 Edition by @jamcleod in https://github.com/AFLplusplus/LibAFL/pull/340
    • MultiMapObserver and sancov 8bit-counters instrumentation by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/343
    • Fix double borrow mut in CachedOnDiskCorpus by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/347
    • Frida Address Sanitizer for x86_64 by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/331
    • Refcnt for MapIndexesMetadata by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/348
    • Fix the number of clients spawned by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/349
    • Minor readme improvement in frida_libpng fuzzer. by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/350
    • Fix Numbering in Docs by @expend20 in https://github.com/AFLplusplus/LibAFL/pull/354
    • Fix cfgs for frida asan by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/353
    • Fork feature flag to disable fork in Launcher by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/351
    • Bridge grammartec from Nautilus to libafl by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/342
    • Fix MaxReducer docstring by @eknoes in https://github.com/AFLplusplus/LibAFL/pull/357
    • remove unused const hashing mode by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/358
    • Fixed potential unsoundness due to Rc threading for ShMemProvider by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/355
    • Add minibsod by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/362
    • Cmplog instrumentation by @OmreeBenari in https://github.com/AFLplusplus/LibAFL/pull/363
    • Launch every 100ms by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/364
    • Fix cfg directives for frida-asan by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/365
    • make dump_registers method public by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/367
    • frida-asan: Support different names for the libc++ shared object when hooking by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/370
    • Support suppression of hooked functions by @s1341 in https://github.com/AFLplusplus/LibAFL/pull/369
    • Mutational Push Stage by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/356
    • implemented MapMaxPow2Feedback by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/371
    • Renamed Stats to Monitors by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/373
    • Fix staterestore by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/375
    • Disk sync by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/377
    • Reachability fuzzer fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/346
    • Fix api by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/376
    • Frida Refactor: Split FridaHelper into each Runtime by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/368
    • AddressSanitizer for libafl_qemu by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/378
    • Clippy fixes for main by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/385
    • libafl_qemu cpu_target cfg by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/383
    • Delete "We're a client, let's fuzz :)" from lib by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/384
    • Push stage trait by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/380
    • Frida Refactor: Frida executor by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/374
    • Cmplog instrumentation by @OmreeBenari in https://github.com/AFLplusplus/LibAFL/pull/382
    • InProcessHandlers by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/387
    • Qemu fixes and syscalls for every supported arch by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/386
    • Fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/388
    • More LLVM passes from AFL++ by @andreafioraldi in https://github.com/AFLplusplus/LibAFL/pull/394
    • dump_registers and write_crash for armv7 by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/393
    • make map debuggable by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/396
    • Ignored qemu fuzzer for non-linux by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/397
    • better forkserver example by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/399
    • Frida_libpng document change by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/401
    • forkserver docus by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/400
    • Forkserver Example Fix by @tokatoka in https://github.com/AFLplusplus/LibAFL/pull/404
    • add set_timeout fn to TimeoutExecutor by @pr0me in https://github.com/AFLplusplus/LibAFL/pull/408
    • QEMU target arch selector via feature flag by @domenukk in https://github.com/AFLplusplus/LibAFL/pull/405
    • Implement unstable edge detection+ignore in calibration stage by @vanhauser-thc in https://github.com/AFLplusplus/LibAFL/pull/398

    New Contributors

    • @bitwave made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/281
    • @pr0me made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/297
    • @intrigus-lgtm made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/330
    • @abgeana made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/335
    • @faroukfaiz10 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/339
    • @jamcleod made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/340
    • @expend20 made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/350
    • @eknoes made their first contribution in https://github.com/AFLplusplus/LibAFL/pull/357

    Full Changelog: https://github.com/AFLplusplus/LibAFL/compare/0.6.0...0.7.0

    Source code(tar.gz)
    Source code(zip)
  • 0.6.0(Aug 20, 2021)

    • libafl_qemu with CmpLog, syscalls hooks and more
    • Refactor MOpt
    • CachedOnDiskCorpus to have an in-memory cache while saving testcases on disk
    • libafl_sugar with builder patterns to create common fuzzers
    • Concolic Tracing (libafl_concolic @julihoh GSOC 2021)
    • InProcessForkExecutor
    • ForkserverExecutor shared mem testcase
    • TimeoutExecutor for win32
    • AFLFast power schedules (@tokatoka GSOC 2021)
    • Fix shared memory on macOS
    Source code(tar.gz)
    Source code(zip)
  • 0.5.0(Jul 5, 2021)

    • LLVM passes support in libafl_cc
    • Support to routines arguments in CmpLog
    • We don't enforce serde on Observer anymore
    • MOpt stage and mutator (@tokatoka GSOC 2021)
    • Fix link issue when using the Libfuzzer layer and libafl_cc
    • Fix some macOS build issues
    Source code(tar.gz)
    Source code(zip)
  • 0.4.0(Jun 23, 2021)

    • CmpLog instructions instrumentation for SanCov and Frida
    • Naive Input-to-state mutator using the CmpLog metadata
    • Generalize InProcessExecutor to a generic Input trait
    • MultiStats stats display
    • TimeoutForkserverExecutor
    • Shadow Executor and Stage
    • Single threaded restartable EventManager
    • Configurations in EventManager
    • Remove HasExecHooks
    • Decouple broker from LlmpEventManager
    • New fuzzers: Generic libfuzzer, Fuzzbench
    Source code(tar.gz)
    Source code(zip)
  • 0.3.0(May 19, 2021)

  • 0.2.0(May 6, 2021)

    • baby_fuzzer book chapter
    • LLMP TCP multi-machine
    • Conditional composition of Feedbacks
    • Allow lifetime in Observers
    • Reachability example and Feedback
    Source code(tar.gz)
    Source code(zip)
  • 0.1.0(Apr 30, 2021)

Owner
Advanced Fuzzing League ++
We want to make fuzzing better and better
Advanced Fuzzing League ++
Hopper is a tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing.

Hopper Hopper is an tool for generating fuzzing test cases for libraries automatically using interpretative fuzzing. It transforms the problem of libr

FuzzAnything 124 Nov 24, 2023
Travis CI and AppVeyor template to test your Rust crate on 5 architectures and publish binary releases of it for Linux, macOS and Windows

trust Travis CI and AppVeyor template to test your Rust crate on 5 architectures and publish binary releases of it for Linux, macOS and Windows Featur

Jorge Aparicio 1.2k Dec 30, 2022
An example fuzzer about how to fuzz a JS engine combinign Nautilus with Token-level fuzzing

LibAFL QuickJS Fuzzing Example An example fuzzer about how to fuzz a JS engine combinign Nautilus with Token-level fuzzing. Prepare Make sure to have

Andrea Fioraldi 32 Dec 21, 2022
Rewind is a snapshot-based coverage-guided fuzzer targeting Windows kernel components.

Rewind is a snapshot-based coverage-guided fuzzer targeting Windows kernel components.

Quarkslab 259 Dec 26, 2022
A structure-aware HTTP fuzzing library

?? FeroxFuzz ?? A structure-aware HTTP fuzzing library ?? Another ferox? why? ?? Chill, it's not another command-line tool, this one's a library! ?? M

epi 141 Dec 27, 2022
🐇 Fuzzing Rust code with American Fuzzy Lop

afl.rs Fuzzing Rust code with AFLplusplus What is it? Fuzz testing is a software testing technique used to find security and stability issues by provi

Rust Fuzzing Authority 1.3k Jan 5, 2023
Structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions.

fuzzcheck Fuzzcheck is a structure-aware, in-process, coverage-guided, evolutionary fuzzing engine for Rust functions. Given a function test: (T) -> b

Loïc Lecrenier 394 Dec 20, 2022
A self-hosted Fuzzing-As-A-Service platform

OneFuzz A self-hosted Fuzzing-As-A-Service platform Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior t

Microsoft 2.6k Dec 30, 2022
Pre-Silicon Hardware Fuzzing Toolkit

Disclaimer All components are provided for research and validation purposes only. Use at your own risk. Pre-Silicon Hardware Fuzzing Toolkit From CPU

Intel Labs 12 Dec 13, 2022
µFUZZ: Redesign of Parallel Fuzzing using Microservice Architecture

mufuzz, a parallel fuzzing framework TODO: Add reference Build Install cargo and protoc curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

Software Systems Security Team at Penn State University 7 May 15, 2023
Easy-to-use grammar-based black-box fuzzer. Has found dozens of bugs in important targets like Clang, Deno, and rustc.

tree-crasher tree-crasher is an easy-to-use grammar-based black-box fuzzer. It parses a number of input files using tree-sitter grammars, and produces

Langston Barrett 5 Mar 28, 2023
A fuzzer framework built in Rust

lain This crate provides functionality one may find useful while developing a fuzzer. A recent nightly Rust build is required for the specialization f

Microsoft 469 Dec 9, 2022
a grammar based feedback fuzzer

Nautilus NOTE: THIS IS AN OUTDATE REPOSITORY, THE CURRENT RELEASE IS AVAILABLE HERE. THIS REPO ONLY SERVES AS A REFERENCE FOR THE PAPER Nautilus is a

Chair for Sys­tems Se­cu­ri­ty 157 Oct 26, 2022
Fuzzer to automatically find side-channel (timing) vulnerabilities

SideFuzz: Fuzzing for side-channel vulnerabilities SideFuzz is an adaptive fuzzer that uses a genetic-algorithm optimizer in combination with t-statis

PHAYES 94 Sep 29, 2022
A symbolic-model-guided fuzzer for TLS

tlspuffin TLS Protocol Under FuzzINg A symbolic-model-guided fuzzer for TLS Master Thesis | Thesis Presentation | Documentation Description Fuzzing im

null 69 Dec 20, 2022
Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!

OpenAPI fuzzer Black-box fuzzer that fuzzes APIs based on OpenAPI specification. All you need to do is to supply URL of the API and its specification.

Matúš Ferech 406 Dec 31, 2022
StdFuzzer - StdFuzzer is the reference implementation of a generic bit-level fuzzer with LibAFL

StdFuzzer StdFuzzer is the reference implementation of a generic bit-level fuzzer with LibAFL Building Build with $ cargo build --release Compiling a

Advanced Fuzzing League ++ 41 Sep 7, 2022
A fuzzer setup to fuzz libc functions.

libc-fuzzer This does what it sounds like! It attempts to, as automatically as possible, generate and run fuzzers for up to the entire set of libc (in

null 9 Nov 30, 2022
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS

TSFFS: Target Software Fuzzer For SIMICS TSFFS is a snapshotting, coverage-guided fuzzer built on the SIMICS full system simulator. TSFFS makes it eas

Intel Corporation 194 Oct 9, 2023