Awesome Fuzzing Overview
A curated list of awesome Fuzzing(or Fuzz Testing) for software security
🏠 Home · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor · 😺 cpuu/awesome-fuzzing · ⭐ 959 · 🏷️ Security
Awesome Fuzzing 
Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs.
A curated list of references to awesome Fuzzing for security testing. Additionally there is a collection of freely available academic papers, tools and so on.
Your favorite tool or your own paper is not listed? Fork and create a Pull Request to add it!
Contents
Books
- Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU (2023)
- Fuzzing-101 (⭐3.7k)
- The Fuzzing Book (2019)
- The Art, Science, and Engineering of Fuzzing: A Survey (2019) - Actually, this document is a paper, but it contains more important and essential content than any other book.
- Fuzzing for Software Security Testing and Quality Assurance, 2nd Edition (2018)
- Fuzzing: Brute Force Vulnerability Discovery, 1st Edition (2007)
- Open Source Fuzzing Tools, 1st Edition (2007)
Talks
- Fuzzing Labs - Patrick Ventuzelo - YouTube.
- Effective File Format Fuzzing - Black Hat Europe 2016.
- Adventures in Fuzzing - NYU Talk 2018.
- Fuzzing with AFL - NDC Conferences 2018.
Papers
To achieve a well-defined scope, I have chosen to include publications on fuzzing from 4 top major security conferences (2008–2025): (i) Network and Distributed System Security Symposium (NDSS), (ii) IEEE Symposium on Security and Privacy (S&P), (iii) USENIX Security Symposium (USEC), and (iv) ACM Conference on Computer and Communications Security (CCS).
Note: Papers are selected based on whether the title contains the keyword "fuzz." If a paper is related to fuzzing but does not include "fuzz" in its title, it may have been missed. In that case, please open a Pull Request (⭐958) and it will be reviewed for inclusion.
The Network and Distributed System Security Symposium (NDSS)
2025 (10 papers)- Automatic Library Fuzzing through API Relation Evolvement, 2025
- Blackbox Fuzzing of Distributed Systems with Multi-Dimensional Inputs and Symmetry-Based Feedback Pruning, 2025
- DUMPLING: Fine-grained Differential JavaScript Engine Fuzzing, 2025
- FUZZUER: Enabling Fuzzing of UEFI Interfaces on EDK-2, 2025
- ICSQuartz: Scan Cycle-Aware and Vendor-Agnostic Fuzzing for Industrial Control Systems, 2025
- MALintent: Coverage Guided Intent Fuzzing Framework for Android, 2025
- Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States, 2025
- MSan: Efficiently Detecting Uninitialized Memory Errors During Fuzzing, 2025
- Truman: Constructing Device Behavior Models from OS Drivers to Fuzz Virtual Devices, 2025
- TWINFUZZ: Differential Testing of Video Hardware Acceleration Stacks, 2025
- DeepGo: Predictive Directed Greybox Fuzzing, 2024
- EnclaveFuzz: Finding Vulnerabilities in SGX Applications, 2024
- Large Language Model guided Protocol Fuzzing, 2024
- MOCK: Optimizing Kernel Fuzzing Mutation with Context-aware Dependency, 2024
- Predictive Context-sensitive Fuzzing, 2024
- ReqsMiner: Automated Discovery of CDN Forwarding Request Inconsistencies and DoS Attacks with Grammar-based Fuzzing, 2024
- ShapFuzz: Efficient Fuzzing via Shapley-Guided Byte Selection, 2024
- DARWIN: Survival of the Fittest Fuzzing Mutators, 2023
- FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities, 2023
- LOKI: State-Aware Fuzzing Framework for the Implementation of Blockchain Consensus Protocols, 2023
- No Grammar, No Problem: Towards Fuzzing the Linux Kernel without System-Call Description, 2023
- Semantic-Informed Driver Fuzzing Without Both the Hardware Devices and the Emulators, 2022
- MobFuzz: Adaptive Multi-objective Optimization in Gray-box Fuzzing, 2022
- Context-Sensitive and Directional Concurrency Fuzzing for Data-Race Detection, 2022
- EMS: History-Driven Mutation for Coverage-based Fuzzing, 2022
- WINNIE : Fuzzing Windows Applications with Harness Synthesis and Fast Cloning, 2021
- Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing, 2021
- PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles, 2021
- Favocado: Fuzzing Binding Code of JavaScript Engines Using Semantically Correct Test Cases, 2021
- HFL: Hybrid Fuzzing on the Linux Kernel, 2020
- HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing, 2020
- HYPER-CUBE: High-Dimensional Hypervisor Fuzzing, 2020
- Not All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for Input Prioritization, 2020
- CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines, 2019
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary, 2019
- REDQUEEN: Fuzzing with Input-to-State Correspondence, 2019
- Send Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid Fuzzing, 2019
- Life after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice Assistant Applications, 2019
- INSTRIM: Lightweight Instrumentation for Coverage-guided Fuzzing, 2018
- IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing, 2018
- What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices, 2018
- Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing, 2018
- Vuzzer: Application-aware evolutionary fuzzing, 2017
- DELTA: A Security Assessment Framework for Software-Defined Networks, 2017
IEEE Symposium on Security and Privacy (IEEE S&P)
2025 (7 papers)- CHIMERA: Fuzzing P4 Network Infrastructure for Multi-Plane Bug Detection and Vulnerability Discovery, 2025
- FirmRCA: Towards Post-Fuzzing Analysis on ARM Embedded Firmware with Efficient Event-based Fault Localization, 2025
- Fuzz-Testing Meets LLM-Based Agents: An Automated and Efficient Framework for Jailbreaking Text-To-Image Generation Models, 2025
- HouseFuzz: Service-Aware Grey-Box Fuzzing for Vulnerability Detection in Linux-Based Firmware, 2025
- Predator: Directed Web Application Fuzzing for Efficient Vulnerability Validation, 2025
- RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes, 2025
- Stateful Analysis and Fuzzing of Commercial Baseband Firmware, 2025
- AFGen: Whole-Function Fuzzing for Applications and Libraries, 2024
- Chronos: Finding Timeout Bugs in Practical Distributed Systems by Deep-Priority Fuzzing with Transient Delay, 2024
- DY Fuzzing: Formal Dolev-Yao Models Meet Cryptographic Protocol Fuzz Testing, 2024
- Everything is Good for Something: Counterexample-Guided Directed Fuzzing via Likely Invariant Inference, 2024
- LABRADOR: Response Guided Directed Fuzzing for Black-box IoT Devices, 2024
- LLMIF: Augmented Large Language Model for Fuzzing IoT Devices, 2024
- Predecessor-aware Directed Greybox Fuzzing, 2024
- SATURN: Host-Gadget Synergistic USB Driver Fuzzing, 2024
- SoK: Prudent Evaluation Practices for Fuzzing, 2024
- SyzGen++: Dependency Inference for Augmenting Kernel Driver Fuzzing, 2024
- SyzTrust: State-aware Fuzzing on Trusted OS Designed for IoT Devices, 2024
- Titan: Efficient Multi-target Directed Greybox Fuzzing, 2024
- To Boldly Go Where No Fuzzer Has Gone Before: Finding Bugs in Linux' Wireless Stacks through VirtIO Devices, 2024
- Towards Smart Contract Fuzzing on GPU, 2024
- TEEzz: Fuzzing Trusted Applications on COTS Android Devices, 2023
- SEGFUZZ: Segmentizing Thread Interleaving to Discover Kernel Concurrency Bugs through Fuzzing, 2023
- RSFuzzer: Discovering Deep SMI Handler Vulnerabilities in UEFI Firmware with Hybrid Fuzzing, 2023
- Toss a Fault to Your Witcher: Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities, 2023
- UTOPIA: Automatic Generation of Fuzz Driver using Unit Tests, 2023
- SelectFuzz: Efficient Directed Fuzzing with Selective Path Exploration, 2023
- Finding Specification Blind Spots via Fuzz Testing, 2023
- ODDFUZZ: Discovering Java Deserialization Vulnerabilities via Structure-Aware Directed Greybox Fuzzing, 2023
- VIDEZZO: Dependency-aware Virtual Device Fuzzing, 2023
- DEVFUZZ: Automatic Device Model-Guided Device Driver Fuzzing, 2023
- PATA: Fuzzing with Path Aware Taint Analysis, 2022
- Jigsaw: Efficient and Scalable Path Constraints Fuzzing, 2022
- FuzzUSB: Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022 (⭐37)
- Effective Seed Scheduling for Fuzzing with Graph Centrality Analysis, 2022
- BEACON : Directed Grey-Box Fuzzing with Provable Path Pruning, 2022
- STOCHFUZZ: Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and Stochastic Rewriting, 2021
- One Engine to Fuzz 'em All: Generic Language Processor Testing with Semantic Validation, 2021
- NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis, 2021
- DIFUZZRTL: Differential Fuzz Testing to Find CPU Bugs, 2021
- DIANE: Identifying Fuzzing Triggers in Apps to Generate Under-constrained Inputs for IoT Devices, 2021
- Fuzzing JavaScript Engines with Aspect-preserving Mutation, 2020
- IJON: Exploring Deep State Spaces via Fuzzing, 2020
- Krace: Data Race Fuzzing for Kernel File Systems, 2020
- Pangolin:Incremental Hybrid Fuzzing with Polyhedral Path Abstraction, 2020
- RetroWrite: Statically Instrumenting COTS Binaries for Fuzzing and Sanitization, 2020
- Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing, 2019
- Fuzzing File Systems via Two-Dimensional Input Space Exploration, 2019
- NEUZZ: Efficient Fuzzing with Neural Program Smoothing, 2019
- Razzer: Finding Kernel Race Bugs through Fuzzing, 2019
- Angora: Efficient Fuzzing by Principled Search, 2018
- CollAFL: Path Sensitive Fuzzing, 2018
- T-Fuzz: fuzzing by program transformation, 2018
USENIX Security
2025 (14 papers)- AidFuzzer: Adaptive Interrupt-Driven Firmware Fuzzing via Run-Time State Recognition, 2025
- ChainFuzz: Exploiting Upstream Vulnerabilities in Open-Source Supply Chains, 2025
- CoreCrisis: Threat-Guided and Context-Aware Iterative Learning and Fuzzing of 5G Core Networks, 2025
- Effective Directed Fuzzing with Hierarchical Scheduling for Web Vulnerability Detection, 2025
- Encarsia: Evaluating CPU Fuzzers via Automatic Bug Injection, 2025
- From Alarms to Real Bugs: Multi-target Multi-step Directed Greybox Fuzzing for Static Analysis Result Verification, 2025
- Fuzzing the PHP Interpreter via Dataflow Fusion, 2025
- GenHuzz: An Efficient Generative Hardware Fuzzer, 2025
- Lost in Translation: Enabling Confused Deputy Attacks on EDA Software with TransFuzz, 2025
- Low-Cost and Comprehensive Non-textual Input Fuzzing with LLM-Synthesized Input Generators, 2025
- MBFuzzer: A Multi-Party Protocol Fuzzer for MQTT Brokers, 2025
- PAPILLON: Efficient and Stealthy Fuzz Testing-Powered Jailbreaks for LLMs, 2025
- Robust, Efficient, and Widely Available Greybox Fuzzing for COTS Binaries with System Call Pattern Feedback, 2025
- Waltzz: WebAssembly Runtime Fuzzing with Stack-Invariant Transformation, 2025
- Atropos: Effective Fuzzing of Web Applications for Server-Side Vulnerabilities, 2024
- Cascade: CPU Fuzzing via Intricate Program Generation, 2024
- Critical Code Guided Directed Greybox Fuzzing for Commits, 2024
- EL3XIR: Fuzzing COTS Secure Monitors, 2024
- Fuzzing BusyBox: Leveraging LLM and Crash Reuse for Embedded Bug Unearthing, 2024
- HYPERPILL: Fuzzing for Hypervisor-bugs by Leveraging the Hardware Virtualization Interface, 2024
- MultiFuzz: A Multi-Stream Fuzzer For Testing Monolithic Firmware, 2024
- ResolverFuzz: Automated Discovery of DNS Resolver Vulnerabilities with Query-Response Fuzzing, 2024
- SDFuzz: Target States Driven Directed Fuzzing, 2024
- SHiFT: Semi-hosted Fuzz Testing for Embedded Applications, 2024
- Towards Generic Database Management System Fuzzing, 2024
- WhisperFuzz: White-Box Fuzzing for Detecting and Locating Timing Vulnerabilities in Processors, 2024
- AIFORE: Smart Fuzzing Based on Automatic Input Format Reverse Engineering, 2023
- autofz: Automated Fuzzer Composition at Runtime, 2023
- Automata-Guided Control-Flow-Sensitive Fuzz Driver Generation, 2023
- Automated Exploitable Heap Layout Generation for Heap Overflows Through Manipulation Distance-Guided Fuzzing, 2023
- Bleem: Packet Sequence Oriented Fuzzing for Protocol Implementations, 2023
- BoKASAN: Binary-only Kernel Address Sanitizer for Effective Kernel Fuzzing, 2023
- CarpetFuzz: Automatic Program Option Constraint Extraction from Documentation for Fuzzing, 2023
- DDRace: Finding Concurrency UAF Vulnerabilities in Linux Drivers with Directed Fuzzing, 2023
- DynSQL: Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation, 2023
- Forming Faster Firmware Fuzzers, 2023
- FuzzJIT: Oracle-Enhanced Fuzzing for JavaScript Engine JIT Compiler, 2023
- Fuzztruction: Using Fault Injection-based Fuzzing to Leverage Implicit Domain Knowledge, 2023
- GLeeFuzz: Fuzzing WebGL Through Error Message Guided Mutation, 2023
- Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance, 2023
- KextFuzz: Fuzzing macOS Kernel EXTensions on Apple Silicon via Exploiting Mitigations, 2023
- MINER: A Hybrid Data-Driven Approach for REST API Fuzzing, 2023
- MorFuzz: Fuzzing Processor via Runtime Instruction Morphing enhanced Synchronizable Co-simulation, 2023
- MTSan: A Feasible and Practical Memory Sanitizer for Fuzzing COTS Binaries, 2023
- PolyFuzz: Holistic Greybox Fuzzing of Multi-Language Systems, 2023
- StateFuzz: System Call-Based State-Aware Linux Driver Fuzzing, 2022
- FIXREVERTER: A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing, 2022
- SGXFuzz: Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing, 2022
- AmpFuzz: Fuzzing for Amplification DDoS Vulnerabilities, 2022
- Stateful Greybox Fuzzing, 2022
- BrakTooth: Causing Havoc on Bluetooth Link Manager via Directed Fuzzing, 2022
- Fuzzing Hardware Like Software, 2022
- Drifuzz: Harvesting Bugs in Device Drivers from Golden Seeds, 2022
- FuzzOrigin: Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing, 2022
- TheHuzz: Instruction Fuzzing of Processors Using Golden-Reference Models for Finding Software-Exploitable Vulnerabilities, 2022
- MundoFuzz: Hypervisor Fuzzing with Statistical Coverage Testing and Grammar Inference, 2022
- Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing, 2022
- SyzScope: Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux kernel, 2022
- Morphuzz: Bending (Input) Space to Fuzz Virtual Devices, 2022
- Breaking Through Binaries: Compiler-quality Instrumentation for Better Binary-only Fuzzing, 2021
- ICSFuzz: Manipulating I/Os and Repurposing Binary Code to Enable Instrumented Fuzzing in ICS Control Applications, 2021
- Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, 2021
- Constraint-guided Directed Greybox Fuzzing, 2021
- Nyx: Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types, 2021
- UNIFUZZ: A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers, 2021
- FANS: Fuzzing Android Native System Services via Automated Interface Analysis, 2020
- Analysis of DTLS Implementations Using Protocol State Fuzzing, 2020
- EcoFuzz: Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial Multi-Armed Bandit, 2020
- Fuzzing Error Handling Code using Context-Sensitive Software Fault Injection, 2020
- FuzzGen: Automatic Fuzzer Generation, 2020
- ParmeSan: Sanitizer-guided Greybox Fuzzing, 2020
- SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2020
- FuzzGuard: Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through Deep Learning, 2020
- Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer, 2020
- GREYONE: Data Flow Sensitive Fuzzing, 2020
- Fuzzification: Anti-Fuzzing Techniques, 2019
- AntiFuzz: Impeding Fuzzing Audits of Binary Executables, 2019
- Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems, 2018
- MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation, 2018
- QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing, 2018
- OSS-Fuzz - Google's continuous fuzzing service for open source software, 2017
- kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017
ACM Conference on Computer and Communications Security (ACM CCS)
2025 (11 papers)- A Qualitative Analysis of Fuzzer Usability and Challenges, 2025
- ConTest: Taming the Cyber-physical Input Space in Fuzz Testing with Control Theory, 2025
- DiveFuzz: Enhancing CPU Fuzzing via Diverse Instruction Construction, 2025
- Error Messages to Fuzzing: Detecting XPS Parsing Vulnerabilities in Windows Printing Components, 2025
- Fuzzing Processing Pipelines for Zero-Knowledge Circuits, 2025
- Intent-aware Fuzzing for Android Hardened Application, 2025
- PromeFuzz: A Knowledge-Driven Approach to Fuzzing Harness Generation with Large Language Models, 2025
- Protocol-Aware Firmware Rehosting for Effective Fuzzing of Embedded Network Stacks, 2025
- RVISmith: Fuzzing Compilers for RVV Intrinsics, 2025
- SyzParam: Incorporating Runtime Parameters into Kernel Driver Fuzzing, 2025
- SyzSpec: Specification Generation for Linux Kernel Fuzzing via Under-Constrained Symbolic Execution, 2025
- Collapse Like A House of Cards: Hacking Building Automation System Through Fuzzing, 2024
- CountDown: Refcount-guided Fuzzing for Exposing Temporal Memory Errors in Linux Kernel, 2024
- CrossFire: Fuzzing macOS Cross-XPU Memory on Apple Silicon, 2024
- DarthShader: Fuzzing WebGPU Shader Translators & Compilers, 2024
- FOX: Coverage-guided Fuzzing as Online Stochastic Control, 2024
- Fuzz to the Future: Uncovering Occluded Future Vulnerabilities via Robust Fuzzing, 2024
- FuzzCache: Optimizing Web Application Fuzzing Through Software-Based Data Cache, 2024
- Fuzzing JavaScript Engines with a Graph-based IR, 2024
- Leveraging Binary Coverage for Effective Generation Guidance in Kernel Fuzzing, 2024
- LIFTFUZZ: Validating Binary Lifters through Context-aware Fuzzing with GPT, 2024
- No Peer, no Cry: Network Application Fuzzing via Fault Injection, 2024
- On Understanding and Forecasting Fuzzers Performance with Static Analysis, 2024
- OSmart: Whitebox Program Option Fuzzing, 2024
- Program Environment Fuzzing, 2024
- Prompt Fuzzing for Fuzz Driver Generation, 2024
- ProphetFuzz: Fully Automated Prediction and Fuzzing of High-Risk Option Combinations with Only Documentation via Large Language Model, 2024
- RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces, 2024
- RIoTFuzzer: Companion App Assisted Remote Fuzzing for Detecting Vulnerabilities in IoT Devices, 2024
- Toss a Fault to BpfChecker: Revealing Implementation Flaws for eBPF runtimes with Differential Fuzzing, 2024
- DSFuzz: Detecting Deep State Bugs with Dependent State Exploration, 2023
- Fuzz on the Beach: Fuzzing Solana Smart Contracts, 2023
- Greybox Fuzzing of Distributed Systems, 2023
- Hopper: Interpretative Fuzzing for Libraries, 2023
- Lifting Network Protocol Implementation to Precise Format Specification with Security Applications, 2023
- NestFuzz: Enhancing Fuzzing with Comprehensive Understanding of Input Processing Logic, 2023
- Profile-guided System Optimizations for Accelerated Greybox Fuzzing, 2023
- PyRTFuzz: Detecting Bugs in Python Runtimes via Two-Level Collaborative Fuzzing, 2023
- SyzDirect: Directed Greybox Fuzzing for Linux Kernel, 2023
- SpecDoctor: Differential Fuzz Testing to Find Transient Execution Vulnerabilities, 2022
- SFuzz: Slice-based Fuzzing for Real-Time Operating Systems, 2022
- MC^2: Rigorous and Efficient Directed Greybox Fuzzing, 2022
- LibAFL: A Framework to Build Modular and Reusable Fuzzers, 2022
- JIT-Picking: Differential Fuzzing of JavaScript Engines, 2022
- DriveFuzz: Discovering Autonomous Driving Bugs through Driving Quality-Guided Fuzzing, 2022
- SoFi: Reflection-Augmented Fuzzing for JavaScript Engines, 2021
- T-Reqs: HTTP Request Smuggling with Differential Fuzzing, 2021
- V-SHUTTLE: Scalable and Semantics-Aware Hypervisor Fuzzing, 2021
- Same Coverage, Less Bloat: Accelerating Binary-only Fuzzing with Coverage-preserving Coverage-guided Tracing, 2021
- HyperFuzzer: An Efficient Hybrid Fuzzer For Virtual CPUs, 2021
- Regression Greybox Fuzzing, 2021
- Hardware Support to Improve Fuzzing Performance and Precision, 2021
- SNIPUZZ: Black-box Fuzzing of IoT Firmware via Message Snippet Inference, 2021
- Intriguer: Field-Level Constraint Solving for Hybrid Fuzzing, 2019
- Learning to Fuzz from Symbolic Execution with Application to Smart Contracts, 2019
- Matryoshka: fuzzing deeply nested branches, 2019
- IMF: Inferred Model-based Fuzzer, 2017
- SemFuzz: Semantics-based Automatic Generation of Proof-of-Concept Exploits, 2017
- AFL-based Fuzzing for Java with Kelinci, 2017
- Designing New Operating Primitives to Improve Fuzzing Performance, 2017
- Directed Greybox Fuzzing, 2017
- SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities, 2017
- DIFUZE: Interface Aware Fuzzing for Kernel Drivers, 2017
- Systematic Fuzzing and Testing of TLS Libraries, 2016
- Coverage-based Greybox Fuzzing as Markov Chain, 2016
- eFuzz: A Fuzzer for DLMS/COSEM Electricity Meters, 2016
ArXiv (Fuzzing with Artificial Intelligence & Machine Learning)
- MEUZZ: Smart Seed Scheduling for Hybrid Fuzzing, 2020
- A Review of Machine Learning Applications in Fuzzing, 2019
- Evolutionary Fuzzing of Android OS Vendor System Services, 2019
- MoonLight: Effective Fuzzing with Near-Optimal Corpus Distillation, 2019
- Coverage-Guided Fuzzing for Deep Neural Networks, 2018
- DLFuzz: Differential Fuzzing Testing of Deep Learning Systems, 2018
- TensorFuzz: Debugging Neural Networks with Coverage-Guided Fuzzing, 2018
- NEUZZ: Efficient Fuzzing with Neural Program Learning, 2018
- EnFuzz: From Ensemble Learning to Ensemble Fuzzing, 2018
- REST-ler: Automatic Intelligent REST API Fuzzing, 2018
- Deep Reinforcement Fuzzing, 2018
- Not all bytes are equal: Neural byte sieve for fuzzing, 2017
- Faster Fuzzing: Reinitialization with Deep Neural Models, 2017
- Learn&Fuzz: Machine Learning for Input Fuzzing, 2017
- Complementing Model Learning with Mutation-Based Fuzzing, 2016
The others
- Fuzzle: Making a Puzzle for Fuzzers, 2022
- Ifuzzer: An evolutionary interpreter fuzzer using genetic programming, 2016
- Hybrid fuzz testing: Discovering software bugs via fuzzing and symbolic execution, 2012
- Call-Flow Aware API Fuzz Testing for Security of Windows Systems, 2008
- Feedback-directed random test generation, 2007
- MTF-Storm:a high performance fuzzer for Modbus/TCP, 2018
- A Modbus/TCP Fuzzer for testing internetworked industrial systems, 2015
Tools
A curated collection of open-source fuzzing tools, organized by target category based on the taxonomy from fuzzing-survey.org. Tools are selected based on a combination of factors including GitHub popularity, recency, availability of official repositories from original authors, and whether the project is actively maintained.
File
- AFL++ (⭐6.4k) - A superior fork to Google's AFL with more speed, more and better mutations, more and better instrumentation, and custom module support.
- Angora (⭐955) - A mutation-based coverage guided fuzzer that increases branch coverage by solving path constraints without symbolic execution.
Kernel
- ACTOR (⭐39) (2023) - An action-guided kernel fuzzing framework that generates inputs leveraging triggered actions and their temporal relationships.
- NTFuzz (⭐110) (2021) - A type-aware Windows kernel fuzzer that statically analyzes system binaries to infer system call types for more effective fuzzing.
- KRACE (⭐32) (2020) - A coverage-guided fuzzing framework that detects data races in kernel file systems by exploring concurrency through multi-threaded syscall sequences.
- Razzer (⭐379) (2019) - A kernel fuzzer that uses static analysis and two-phase fuzzing to detect race conditions and concurrency bugs in Linux kernels.
- Hydra (⭐173) (2019) - A fuzzing framework for automatically discovering semantic bugs in file systems using input mutators, feedback engines, and customizable checkers.
- Janus (⭐234) (2019) - A file system fuzzer that finds memory corruptions in Linux kernel file systems by mutating both filesystem images and syscall sequences simultaneously.
- DIFUZE (⭐384) (2017) - An interface-aware fuzzer for Linux kernel drivers that automatically recovers ioctl interfaces via LLVM analysis and generates targeted test cases.
- IMF (⭐111) (2017) - A kernel API fuzzer that leverages automated API model inference to discover vulnerabilities in macOS kernel APIs.
- kAFL (⭐592) (2017) - A hardware-assisted x86-64 VM kernel fuzzing framework with performant VM reloads for finding OS kernel vulnerabilities.
- syzkaller (⭐6.1k) (2015) - An unsupervised coverage-guided kernel fuzzer supporting FreeBSD, Fuchsia, gVisor, Linux, NetBSD, OpenBSD, and Windows.
- Trinity (⭐901) (2012) - A Linux system call fuzzer that generates semi-intelligent random arguments to syscalls, including valid file descriptors, flags, and range-biased values.
Network
API
- IvySyn - A fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks.
- MINER (⭐43) - A REST API fuzzer that utilizes three data-driven designs working together to guide sequence generation, improve request generation quality, and capture unique errors caused by incorrect parameter usage.
- RestTestGen (⭐62) - A robust tool and framework designed for automated black-box testing of RESTful web APIs.
- GraphFuzz (⭐10) - An experimental framework for building structure-aware, library API fuzzers.
- Minerva (⭐35) - A browser fuzzer augmented by API mod-ref relations, aiming to synthesize highly-relevant browser API invocations in each test case.
- FANS (⭐266) - A fuzzing tool for Android native system services with four components: interface collector, interface model extractor, dependency inferer, and fuzzer engine.
JavaScript
Firmware
Hypervisor
CPU
- DifuzzRTL (⭐101) - A differential fuzz testing approach for CPU verification.
- MorFuzz (⭐50) - A generic RISC-V processor fuzzing framework that can efficiently detect software triggerable functional bugs.
- SpecFuzz (⭐31) - A tool to enable fuzzing for Spectre vulnerabilities.
- Transynther (⭐19) - Automatically generates and tests building blocks for Meltdown attacks with various faults and microcode assists.
Lib
Web
- TEFuzz (⭐18) - A tailored fuzzing-based framework to facilitate the detection and exploitation of template escape bugs.
- Witcher (⭐103) - A web application fuzzer that utilizes mutational fuzzing to explore web applications and fault escalation to detect command and SQL injection vulnerabilities.
- CorbFuzz (⭐6) - A state-aware fuzzer for generating as many responses from a web application as possible without need of setting up a database.
DOM
Argument
Blockchain
- Fluffy (⭐62) - A multi-transaction differential fuzzer for finding consensus bugs in Ethereum.
- LOKI (⭐20) - A Blockchain consensus protocol fuzzing framework that detects consensus memory related and logic bugs.
DBMS
- Squirrel (⭐211) - A fuzzer for database management systems (DBMSs).
Contribute
Contributions welcome! Read the contribution guidelines first.