rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
652812eed0d0ae17376945242133acb706f9b01f
awesome-awesomeness/html/fuzzing.html
rhetenor 5916c5c074 update lists
2025-07-18 22:22:32 +02:00

623 lines
31 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<h1 id="awesome-fuzzing-awesome">Awesome Fuzzing <a
href="https://awesome.re"><img src="https://awesome.re/badge.svg"
alt="Awesome" /></a></h1>
<blockquote>
<p><a href="https://en.wikipedia.org/wiki/Fuzzing">Fuzzing</a> or fuzz
testing is an automated software testing technique that involves
providing invalid, unexpected, or random data as inputs to a computer
program. The program is then monitored for exceptions such as crashes,
failing built-in code assertions, or potential memory leaks. Typically,
fuzzers are used to test programs that take structured inputs.</p>
</blockquote>
<p>A curated list of references to awesome Fuzzing for security testing.
Additionally there is a collection of freely available academic papers,
tools and so on.</p>
<p>Your favorite tool or your own paper is not listed? Fork and create a
Pull Request to add it!</p>
<h2 id="contents">Contents</h2>
<ul>
<li><a href="#books">Books</a></li>
<li><a href="#papers">Papers</a></li>
<li><a href="#tools">Tools</a></li>
<li><a href="#platform">Platform</a></li>
</ul>
<h2 id="books">Books</h2>
<ul>
<li><a
href="https://github.com/antonio-morales/Fuzzing101">Fuzzing-101</a></li>
<li><a href="https://www.fuzzingbook.org/">The Fuzzing Book</a>
(2019)</li>
<li><a href="https://ieeexplore.ieee.org/document/8863940">The Art,
Science, and Engineering of Fuzzing: A Survey</a> (2019) - Actually,
this document is a paper, but it contains more important and essential
content than any other book.</li>
<li><a
href="https://www.amazon.com/Fuzzing-Software-Security-Testing-Assurance/dp/1608078507/">Fuzzing
for Software Security Testing and Quality Assurance, 2nd Edition</a>
(2018)</li>
<li><a
href="https://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119/">Fuzzing:
Brute Force Vulnerability Discovery, 1st Edition</a> (2007)</li>
<li><a
href="https://www.amazon.com/Open-Source-Fuzzing-Tools-Rathaus/dp/1597491950/">Open
Source Fuzzing Tools, 1st Edition</a> (2007)</li>
</ul>
<h2 id="talks">Talks</h2>
<ul>
<li><a
href="https://www.youtube.com/channel/UCGD1Qt2jgnFRjrfAITGdNfQ">Fuzzing
Labs - Patrick Ventuzelo</a>, Youtube</li>
<li><a href="https://youtu.be/qTTwqFRD1H8">Effective File Format
Fuzzing</a>, Black Hat Europe 2016</li>
<li><a href="https://www.youtube.com/watch?v=SngK4W4tVc0">Adventures in
Fuzzing</a>, NYU Talk 2018</li>
<li><a href="https://www.youtube.com/watch?v=DFQT1YxvpDo">Fuzzing with
AFL</a>, NDC Conferences 2018</li>
</ul>
<h2 id="papers">Papers</h2>
<p>To achieve a well-defined scope, I have chosen to include
publications on fuzzing in the last proceedings of 4 top major security
conferences and others from Jan 2008 to Jul 2019. It includes (i)
Network and Distributed System Security Symposium (NDSS), (ii) IEEE
Symposium on Security and Privacy (S&amp;P), (iii) USENIX Security
Symposium (USEC), and (iv) ACM Conference on Computer and Communications
Security (CCS).</p>
<h3 id="the-network-and-distributed-system-security-symposium-ndss">The
Network and Distributed System Security Symposium (NDSS)</h3>
<ul>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2022-345-paper.pdf">Semantic-Informed
Driver Fuzzing Without Both the Hardware Devices and the Emulators,
2022</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2022-314-paper.pdf">MobFuzz:
Adaptive Multi-objective Optimization in Gray-box Fuzzing, 2022</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2022-296-paper.pdf">Context-Sensitive
and Directional Concurrency Fuzzing for Data-Race Detection,
2022</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2022-162-paper.pdf">EMS:
History-Driven Mutation for Coverage-based Fuzzing, 2022</a></li>
<li><a href="https://taesoo.kim/pubs/2021/jung:winnie.pdf">WINNIE :
Fuzzing Windows Applications with Harness Synthesis and Fast Cloning,
2021</a></li>
<li><a
href="https://www.cs.ucr.edu/~heng/pubs/afl-hier.pdf">Reinforcement
Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing,
2021</a></li>
<li><a
href="https://beerkay.github.io/papers/Berkay2021PGFuzzNDSS.pdf">PGFUZZ:
Policy-Guided Fuzzing for Robotic Vehicles, 2021</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/ndss2021_6A-2_24224_paper.pdf">Favocado:
Fuzzing Binding Code of JavaScript Engines Using Semantically Correct
Test Cases, 2021</a></li>
<li><a href="https://www.unexploitable.systems/publication/kimhfl/">HFL:
Hybrid Fuzzing on the Linux Kernel, 2020</a></li>
<li><a
href="https://www.researchgate.net/publication/339164746_HotFuzz_Discovering_Algorithmic_Denial-of-Service_Vulnerabilities_Through_Guided_Micro-Fuzzing">HotFuzz:
Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided
Micro-Fuzzing, 2020</a></li>
<li><a
href="https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2020/02/07/Hyper-Cube-NDSS20.pdf">HYPER-CUBE:
High-Dimensional Hypervisor Fuzzing, 2020</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2020/02/24422.pdf">Not
All Coverage Measurements Are Equal: Fuzzing by Coverage Accounting for
Input Prioritization, 2020</a></li>
<li><a href="https://daramg.gift/paper/han-ndss2019.pdf">CodeAlchemist:
Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript
Engines, 2019</a></li>
<li><a
href="https://people.cs.kuleuven.be/~stijn.volckaert/papers/2019_NDSS_PeriScope.pdf">PeriScope:
An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary,
2019</a></li>
<li><a
href="https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2018/12/17/NDSS19-Redqueen.pdf">REDQUEEN:
Fuzzing with Input-to-State Correspondence, 2019</a></li>
<li><a href="https://www.cs.ucr.edu/~heng/pubs/digfuzz_ndss19.pdf">Send
Hardest Problems My Way: Probabilistic Path Prioritization for Hybrid
Fuzzing, 2019</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_08-4_Zhang_paper.pdf">Life
after Speech Recognition: Fuzzing Semantic Misinterpretation for Voice
Assistant Applications, 2019</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf">INSTRIM:
Lightweight Instrumentation for Coverage-guided Fuzzing, 2018</a></li>
<li><a
href="http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_01A-1_Chen_paper.pdf">IoTFuzzer:
Discovering Memory Corruptions in IoT Through App-based Fuzzing,
2018</a></li>
<li><a href="http://s3.eurecom.fr/docs/ndss18_muench.pdf">What You
Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices,
2018</a></li>
<li><a
href="https://lifeasageek.github.io/papers/han:meds.pdf">Enhancing
Memory Error Detection for Large-Scale Applications and Fuzz Testing,
2018</a></li>
<li><a
href="https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/vuzzer-application-aware-evolutionary-fuzzing/">Vuzzer:
Application-aware evolutionary fuzzing, 2017</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss201702A-1LeePaper.pdf">DELTA:
A Security Assessment Framework for Software-Defined Networks,
2017</a></li>
<li><a
href="https://cancer.shtech.org/wiki/uploads/2016---NDSS---driller-augmenting-fuzzing-through-selective-symbolic-execution.pdf">Driller:
Augmenting Fuzzing Through Selective Symbolic Execution, 2016</a></li>
<li><a
href="https://www.ndss-symposium.org/wp-content/uploads/2017/09/Automated-Whitebox-Fuzz-Testing-paper-Patrice-Godefroid.pdf">Automated
Whitebox Fuzz Testing, 2008</a></li>
</ul>
<h3 id="ieee-symposium-on-security-and-privacy-ieee-sp">IEEE Symposium
on Security and Privacy (IEEE S&amp;P)</h3>
<ul>
<li><a
href="http://www.wingtecher.com/themes/WingTecherResearch/assets/papers/sp22.pdf">PATA:
Fuzzing with Path Aware Taint Analysis, 2022</a></li>
<li><a href="https://www.cs.ucr.edu/~csong/oakland22-jigsaw.pdf">Jigsaw:
Efficient and Scalable Path Constraints Fuzzing, 2022</a></li>
<li><a
href="https://github.com/purseclab/fuzzusb/blob/main/paper/fuzzusb.pdf">FuzzUSB:
Hybrid Stateful Fuzzing of USB Gadget Stacks, 2022</a></li>
<li><a href="https://arxiv.org/pdf/2203.12064.pdf">Effective Seed
Scheduling for Fuzzing with Graph Centrality Analysis, 2022</a></li>
<li><a href="https://qingkaishi.github.io/public_pdfs/SP22.pdf">BEACON :
Directed Grey-Box Fuzzing with Provable Path Pruning, 2022</a></li>
<li><a
href="https://www.cs.purdue.edu/homes/zhan3299/res/SP21b.pdf">STOCHFUZZ:
Sound and Cost-effective Fuzzing of Stripped Binaries by Incremental and
Stochastic Rewriting, 2021</a></li>
<li><a
href="https://huhong789.github.io/papers/polyglot-oakland2021.pdf">One
Engine to Fuzz em All: Generic Language Processor Testing with Semantic
Validation, 2021</a></li>
<li><a
href="https://softsec.kaist.ac.kr/~jschoi/data/oakland2021.pdf">NTFUZZ:
Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary
Analysis, 2021</a></li>
<li><a
href="https://lifeasageek.github.io/papers/jaewon-difuzzrtl.pdf">DIFUZZRTL:
Differential Fuzz Testing to Find CPU Bugs, 2021</a></li>
<li><a
href="https://conand.me/publications/redini-diane-2021.pdf">DIANE:
Identifying Fuzzing Triggers in Apps to Generate Under-constrained
Inputs for IoT Devices, 2021</a></li>
<li><a href="https://jakkdu.github.io/pubs/2020/park:die.pdf">Fuzzing
JavaScript Engines with Aspect-preserving Mutation, 2020</a></li>
<li><a
href="https://www.syssec.ruhr-uni-bochum.de/media/emma/veroeffentlichungen/2020/02/27/IJON-Oakland20.pdf">IJON:
Exploring Deep State Spaces via Fuzzing, 2020</a></li>
<li><a href="https://www.cc.gatech.edu/~mxu80/pubs/xu:krace.pdf">Krace:
Data Race Fuzzing for Kernel File Systems, 2020</a></li>
<li><a
href="https://qingkaishi.github.io/public_pdfs/SP2020.pdf">Pangolin:Incremental
Hybrid Fuzzing with Polyhedral Path Abstraction, 2020</a></li>
<li><a
href="https://www.semanticscholar.org/paper/RetroWrite%3A-Statically-Instrumenting-COTS-Binaries-Dinesh-Burow/845cafb153b0e4b9943c6d9b6a7e42c14845a0d6">RetroWrite:
Statically Instrumenting COTS Binaries for Fuzzing and Sanitization,
2020</a></li>
<li><a
href="https://www.computer.org/csdl/proceedings-article/sp/2019/666000b122/19skgbGVFEQ">Full-speed
Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing,
2019</a></li>
<li><a
href="https://www.computer.org/csdl/proceedings-article/sp/2019/666000a594/19skfLYOpaw">Fuzzing
File Systems via Two-Dimensional Input Space Exploration, 2019</a></li>
<li><a
href="https://www.computer.org/csdl/proceedings-article/sp/2019/666000a900/19skg5XghG0">NEUZZ:
Efficient Fuzzing with Neural Program Smoothing, 2019</a></li>
<li><a
href="https://www.computer.org/csdl/proceedings-article/sp/2019/666000a296/19skfwZLirm">Razzer:
Finding Kernel Race Bugs through Fuzzing, 2019</a></li>
<li><a
href="http://web.cs.ucdavis.edu/~hchen/paper/chen2018angora.pdf">Angora:
Efficient Fuzzing by Principled Search, 2018</a></li>
<li><a href="http://chao.100871.net/papers/oakland18.pdf">CollAFL: Path
Sensitive Fuzzing, 2018</a></li>
<li><a
href="https://nebelwelt.net/publications/files/18Oakland.pdf">T-Fuzz:
fuzzing by program transformation, 2018</a></li>
<li><a
href="https://www.ieee-security.org/TC/SP2017/papers/42.pdf">Skyfire:
Data-Driven Seed Generation for Fuzzing, 2017</a></li>
<li><a
href="https://softsec.kaist.ac.kr/~sangkilc/papers/cha-oakland15.pdf">Program-Adaptive
Mutational Fuzzing, 2015</a></li>
<li><a
href="https://ieeexplore.ieee.org/abstract/document/5504701">TaintScope:
A checksum-aware directed fuzzing tool for automatic software
vulnerability detection, 2010</a></li>
</ul>
<h3 id="usenix-security">USENIX Security</h3>
<ul>
<li><a
href="https://www.usenix.org/system/files/sec22-zhao-bodong.pdf">StateFuzz:
System Call-Based State-Aware Linux Driver Fuzzing, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-zhang-zenong.pdf">FIXREVERTER:
A Realistic Bug Injection Methodology for Benchmarking Fuzz Testing,
2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-cloosters.pdf">SGXFuzz:
Efficiently Synthesizing Nested Structures for SGX Enclave Fuzzing,
2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-krupp.pdf">AmpFuzz:
Fuzzing for Amplification DDoS Vulnerabilities, 2022</a></li>
<li><a href="https://www.usenix.org/system/files/sec22-ba.pdf">Stateful
Greybox Fuzzing, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-garbelini.pdf">BrakTooth:
Causing Havoc on Bluetooth Link Manager via Directed Fuzzing,
2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-trippel.pdf">Fuzzing
Hardware Like Software, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-shen-zekun.pdf">Drifuzz:
Harvesting Bugs in Device Drivers from Golden Seeds, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-kim.pdf">FuzzOrigin:
Detecting UXSS vulnerabilities in Browsers through Origin Fuzzing,
2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-kande.pdf">TheHuzz:
Instruction Fuzzing of Processors Using Golden-Reference Models for
Finding Software-Exploitable Vulnerabilities, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-myung.pdf">MundoFuzz:
Hypervisor Fuzzing with Statistical Coverage Testing and Grammar
Inference, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-scharnowski.pdf">Fuzzware:
Using Precise MMIO Modeling for Effective Firmware Fuzzing,
2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-zou.pdf">SyzScope:
Revealing High-Risk Security Impacts of Fuzzer-Exposed Bugs in Linux
kernel, 2022</a></li>
<li><a
href="https://www.usenix.org/system/files/sec22-bulekov.pdf">Morphuzz:
Bending (Input) Space to Fuzz Virtual Devices, 2022</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/nagy">Breaking
Through Binaries: Compiler-quality Instrumentation for Better
Binary-only Fuzzing, 2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/tychalas">ICSFuzz:
Manipulating I/Os and Repurposing Binary Code to Enable Instrumented
Fuzzing in ICS Control Applications, 2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/aafer">Android
SmartTVs Vulnerability Discovery via Log-Guided Fuzzing, 2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/lee-gwangmu">Constraint-guided
Directed Greybox Fuzzing, 2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/schumilo">Nyx:
Greybox Hypervisor Fuzzing using Fast Snapshots and Affine Types,
2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity21/presentation/li-yuwei">UNIFUZZ:
A Holistic and Pragmatic Metrics-Driven Platform for Evaluating Fuzzers,
2021</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/liu">FANS:
Fuzzing Android Native System Services via Automated Interface Analysis,
2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/fiterau-brostean">Analysis
of DTLS Implementations Using Protocol State Fuzzing, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/yue">EcoFuzz:
Adaptive Energy-Saving Greybox Fuzzing as a Variant of the Adversarial
Multi-Armed Bandit, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/jiang">Fuzzing
Error Handling Code using Context-Sensitive Software Fault Injection,
2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/ispoglou">FuzzGen:
Automatic Fuzzer Generation, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/osterlund">ParmeSan:
Sanitizer-guided Greybox Fuzzing, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/oleksenko">SpecFuzz:
Bringing Spectre-type vulnerabilities to the surface, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/zong">FuzzGuard:
Filtering out Unreachable Inputs in Directed Grey-box Fuzzing through
Deep Learning, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/lee-suyoung">Montage:
A Neural Network Language Model-Guided JavaScript Engine Fuzzer,
2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity20/presentation/gan">GREYONE:
Data Flow Sensitive Fuzzing, 2020</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity19/presentation/jung">Fuzzification:
Anti-Fuzzing Techniques, 2019</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity19/presentation/guler">AntiFuzz:
Impeding Fuzzing Audits of Binary Executables, 2019</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity18/presentation/talebi">Charm:
Facilitating Dynamic Analysis of Device Drivers of Mobile Systems,
2018</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity18/presentation/pailoor">MoonShine:
Optimizing OS Fuzzer Seed Selection with Trace Distillation,
2018</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity18/presentation/yun">QSYM
: A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing,
2018</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/serebryany">OSS-Fuzz
- Googles continuous fuzzing service for open source software,
2017</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schumilo">kAFL:
Hardware-Assisted Feedback Fuzzing for OS Kernels, 2017</a></li>
<li><a
href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/de-ruiter">Protocol
State Fuzzing of TLS Implementations, 2015</a></li>
<li><a
href="https://softsec.kaist.ac.kr/~sangkilc/papers/rebert-usenixsec14.pdf">Optimizing
Seed Selection for Fuzzing, 2014</a></li>
<li><a
href="http://enigma.usenix.org/sites/default/files/sec13_proceedings_interior.pdf#page=57">Dowsing
for overflows: a guided fuzzer to find buffer boundary violations,
2013</a></li>
<li><a
href="https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final73.pdf">Fuzzing
with Code Fragments, 2012</a></li>
</ul>
<h3
id="acm-conference-on-computer-and-communications-security-acm-ccs">ACM
Conference on Computer and Communications Security (ACM CCS)</h3>
<ul>
<li><a href="https://arxiv.org/pdf/2309.03006.pdf">Fuzz on the Beach:
Fuzzing Solana Smart Contracts, 2023</a></li>
<li><a
href="https://secsys.fudan.edu.cn/_upload/article/files/56/ed/788960544d56a38258aca7d3c8b5/216e599a-d6f6-4308-aa0b-ef45166a8431.pdf">NestFuzz:
Enhancing Fuzzing with Comprehensive Understanding of Input Processing
Logic, 2023</a></li>
<li><a
href="https://users.cs.utah.edu/~snagy/papers/23CCS.pdf">Profile-Driven
System Optimizations for Accelerated Greybox Fuzzing, 2023</a></li>
<li><a href="https://arxiv.org/pdf/2309.03496.pdf">Hopper:
Interpretative Fuzzing for Libraries, 2023</a></li>
<li><a href="https://arxiv.org/pdf/2305.02601.pdf">Greybox Fuzzing of
Distributed Systems, 2023</a></li>
<li><a
href="https://compsec.snu.ac.kr/papers/jaewon-specdoctor.pdf">SpecDoctor:
Differential Fuzz Testing to Find Transient Execution Vulnerabilities,
2022</a></li>
<li><a href="https://huhong789.github.io/papers/chen:sfuzz.pdf">SFuzz:
Slice-based Fuzzing for Real-Time Operating Systems, 2022</a></li>
<li><a href="https://arxiv.org/pdf/2208.14530.pdf">MC^2: Rigorous and
Efficient Directed Greybox Fuzzing, 2022</a></li>
<li><a href="https://www.s3.eurecom.fr/docs/ccs22_fioraldi.pdf">LibAFL:
A Framework to Build Modular and Reusable Fuzzers, 2022</a></li>
<li><a
href="https://publications.cispa.saarland/3773/1/2022-CCS-JIT-Fuzzing.pdf">JIT-Picking:
Differential Fuzzing of JavaScript Engines, 2022</a></li>
<li><a href="https://chungkim.io/doc/ccs22-drivefuzz.pdf">DriveFuzz:
Discovering Autonomous Driving Bugs through Driving Quality-Guided
Fuzzing, 2022</a></li>
<li><a href="https://dl.acm.org/doi/pdf/10.1145/3460120.3484823">SoFi:
Reflection-Augmented Fuzzing for JavaScript Engines, 2021</a></li>
<li><a href="https://bahruz.me/papers/ccs2021treqs.pdf">T-Reqs: HTTP
Request Smuggling with Differential Fuzzing, 2021</a></li>
<li><a
href="https://nesa.zju.edu.cn/download/ppt/pgn_slides_V-SHUTTLE.pdf">V-SHUTTLE:
Scalable and Semantics-Aware Hypervisor Fuzzing, 2021</a></li>
<li><a href="https://people.cs.vt.edu/snagy2/papers/21CCS.pdf">Same
Coverage, Less Bloat: Accelerating Binary-only Fuzzing with
Coverage-preserving Coverage-guided Tracing, 2021</a></li>
<li><a
href="https://www.microsoft.com/en-us/research/uploads/prod/2021/09/hyperfuzzer-ccs21.pdf">HyperFuzzer:
An Efficient Hybrid Fuzzer For Virtual CPUs, 2021</a></li>
<li><a href="https://mboehme.github.io/paper/CCS21.pdf">Regression
Greybox Fuzzing, 2021</a></li>
<li><a href="https://gts3.org/assets/papers/2021/ding:snap.pdf">Hardware
Support to Improve Fuzzing Performance and Precision, 2021</a></li>
<li><a href="https://arxiv.org/pdf/2105.05445.pdf">SNIPUZZ: Black-box
Fuzzing of IoT Firmware via Message Snippet Inference, 2021</a></li>
<li><a
href="https://gts3.org/assets/papers/2020/xu:freedom.pdf">FREEDOM:
Engineering a State-of-the-Art DOM Fuzzer, 2020</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=3354249">Intriguer:
Field-Level Constraint Solving for Hybrid Fuzzing, 2019</a></li>
<li><a
href="https://files.sri.inf.ethz.ch/website/papers/ccs19-ilf.pdf">Learning
to Fuzz from Symbolic Execution with Application to Smart Contracts,
2019</a></li>
<li><a
href="https://web.cs.ucdavis.edu/~hchen/paper/chen2019matryoshka.pdf">Matryoshka:
fuzzing deeply nested branches, 2019</a></li>
<li><a href="http://www.cs.umd.edu/~mwh/papers/fuzzeval.pdf">Evaluating
Fuzz Testing, 2018</a></li>
<li><a
href="https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf">Hawkeye:
Towards a Desired Directed Grey-box Fuzzer, 2018</a></li>
<li><a href="http://daramg.gift/paper/han-ccs2017.pdf">IMF: Inferred
Model-based Fuzzer, 2017</a></li>
<li><a
href="https://www.informatics.indiana.edu/xw7/papers/p2139-you.pdf">SemFuzz:
Semantics-based Automatic Generation of Proof-of-Concept Exploits,
2017</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=3138820">AFL-based
Fuzzing for Java with Kelinci, 2017</a></li>
<li><a
href="http://iisp.gatech.edu/sites/default/files/images/designing_new_operating_primitives_to_improve_fuzzing_performance_vt.pdf">Designing
New Operating Primitives to Improve Fuzzing Performance, 2017</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=3134020">Directed
Greybox Fuzzing, 2017</a></li>
<li><a href="https://arxiv.org/pdf/1708.08437.pdf">SlowFuzz: Automated
Domain-Independent Detection of Algorithmic Complexity Vulnerabilities,
2017</a></li>
<li><a href="https://acmccs.github.io/papers/p2123-corinaA.pdf">DIFUZE:
Interface Aware Fuzzing for Kernel Drivers, 2017</a></li>
<li><a
href="https://www.nds.rub.de/media/nds/veroeffentlichungen/2016/10/19/tls-attacker-ccs16.pdf">Systematic
Fuzzing and Testing of TLS Libraries, 2016</a></li>
<li><a
href="https://ieeexplore.ieee.org/abstract/document/8233151">Coverage-based
Greybox Fuzzing as Markov Chain, 2016</a></li>
<li><a
href="http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.817.5616&amp;rep=rep1&amp;type=pdf">eFuzz:
A Fuzzer for DLMS/COSEM Electricity Meters, 2016</a></li>
<li><a
href="https://softsec.kaist.ac.kr/~sangkilc/papers/woo-ccs13.pdf">Scheduling
Black-box Mutational Fuzzing, 2013</a></li>
<li><a href="https://www.cs.utah.edu/~regehr/papers/pldi13.pdf">Taming
compiler fuzzers, 2013</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=2094081">SAGE: whitebox
fuzzing for security testing, 2012</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=1375607">Grammar-based
whitebox fuzzing, 2008</a></li>
<li><a href="https://dl.acm.org/citation.cfm?id=1555061">Taint-based
directed whitebox fuzzing, 2009</a></li>
</ul>
<h3
id="arxiv-fuzzing-with-artificial-intelligence-machine-learning">ArXiv
(Fuzzing with Artificial Intelligence &amp; Machine Learning)</h3>
<ul>
<li><a href="https://arxiv.org/abs/2002.08568">MEUZZ: Smart Seed
Scheduling for Hybrid Fuzzing, 2020</a></li>
<li><a href="https://arxiv.org/abs/1906.11133">A Review of Machine
Learning Applications in Fuzzing, 2019</a></li>
<li><a href="https://arxiv.org/abs/1906.00621">Evolutionary Fuzzing of
Android OS Vendor System Services, 2019</a></li>
<li><a href="https://arxiv.org/abs/1905.13055">MoonLight: Effective
Fuzzing with Near-Optimal Corpus Distillation, 2019</a></li>
<li><a href="https://arxiv.org/abs/1809.01266">Coverage-Guided Fuzzing
for Deep Neural Networks, 2018</a></li>
<li><a href="https://arxiv.org/abs/1808.09413">DLFuzz: Differential
Fuzzing Testing of Deep Learning Systems, 2018</a></li>
<li><a href="https://arxiv.org/abs/1807.10875">TensorFuzz: Debugging
Neural Networks with Coverage-Guided Fuzzing, 2018</a></li>
<li><a href="https://arxiv.org/abs/1807.05620">NEUZZ: Efficient Fuzzing
with Neural Program Learning, 2018</a></li>
<li><a href="https://arxiv.org/abs/1807.00182">EnFuzz: From Ensemble
Learning to Ensemble Fuzzing, 2018</a></li>
<li><a href="https://arxiv.org/abs/1806.09739">REST-ler: Automatic
Intelligent REST API Fuzzing, 2018</a></li>
<li><a href="https://arxiv.org/abs/1801.04589">Deep Reinforcement
Fuzzing, 2018</a></li>
<li><a href="https://arxiv.org/abs/1711.04596">Not all bytes are equal:
Neural byte sieve for fuzzing, 2017</a></li>
<li><a href="https://arxiv.org/abs/1711.02807">Faster Fuzzing:
Reinitialization with Deep Neural Models, 2017</a></li>
<li><a href="https://arxiv.org/abs/1701.07232">Learn&amp;Fuzz: Machine
Learning for Input Fuzzing, 2017</a></li>
<li><a href="https://arxiv.org/abs/1611.02429">Complementing Model
Learning with Mutation-Based Fuzzing, 2016</a></li>
</ul>
<h3 id="the-others">The others</h3>
<ul>
<li><a
href="https://softsec.kaist.ac.kr/~sangkilc/papers/lee-ase22.pdf">Fuzzle:
Making a Puzzle for Fuzzers, 2022</a></li>
<li><a
href="https://www.cs.vu.nl/~herbertb/download/papers/ifuzzer-esorics16.pdf">Ifuzzer:
An evolutionary interpreter fuzzer using genetic programming,
2016</a></li>
<li><a
href="https://pdfs.semanticscholar.org/488a/b1e313f5109153f2c74e3b5d86d41e9b4b71.pdf">Hybrid
fuzz testing: Discovering software bugs via fuzzing and symbolic
execution, 2012</a></li>
<li><a
href="https://www.computer.org/csdl/proceedings/iccsa/2008/3243/00/3243a019-abs.html">Call-Flow
Aware API Fuzz Testing for Security of Windows Systems, 2008</a></li>
<li><a
href="https://dl.acm.org/citation.cfm?id=1248841">Feedback-directed
random test generation, 2007</a></li>
<li><a href="https://doi.org/10.1109/ETFA.2018.8502600">MTF-Storm:a high
performance fuzzer for Modbus/TCP, 2018</a></li>
<li><a href="https://doi.org/10.1109/ETFA.2015.7301400">A Modbus/TCP
Fuzzer for testing internetworked industrial systems, 2015</a></li>
</ul>
<h2 id="tools">Tools</h2>
<p>Information about the various open source tools you can use to
leverage fuzz testing. The items in this section have been organized and
classified based on the standards set by the https://fuzzing-survey.org/
website. Although there are currently more than 35 categories, we have
selected the most relevant ones to provide efficient information.
Additionally, items that are outdated and deprecated have been excluded,
and only those that are currently usable are listed. ### File - <a
href="https://github.com/AFLplusplus/AFLplusplus">AFL++</a> - AFL++ is a
superior fork to Googles AFL - more speed, more and better mutations,
more and better instrumentation, custom module support, etc. - <a
href="https://github.com/AngoraFuzzer/Angora">Angora</a> - Angora is a
mutation-based coverage guided fuzzer. The main goal of Angora is to
increase branch coverage by solving path constraints without symbolic
execution. ### Kernel ### Network ### API - <a
href="https://gitlab.com/brown-ssl/ivysyn">IvySyn</a> - IvySyn is a
fully-automated framework for discovering memory error vulnerabilities
in Deep Learning (DL) frameworks. - <a
href="https://github.com/puppet-meteor/MINER">MINER</a> - MINER is a
REST API fuzzer that utilizes three data-driven designs working together
to guide the sequence generation, improve the request generation
quality, and capture the unique errors caused by incorrect parameter
usage. - <a
href="https://github.com/SeUniVr/RestTestGen">RestTestGen</a> -
RestTestGen is a robust tool and framework designed for automated
black-box testing of RESTful web APIs. - <a
href="https://github.com/ForAllSecure/GraphFuzz">GraphFuzz</a> -
GraphFuzz is an experimental framework for building structure-aware,
library API fuzzers. - <a
href="https://github.com/ChijinZ/Minerva">Minerva</a> - Minerva is a
browser fuzzer augmented by API mod-ref relations, aiming to synthesize
highly-relevant browser API invocations in each test case. - <a
href="https://github.com/iromise/fans">FANS</a> - FANS is a fuzzing tool
for fuzzing Android native system services. It contains four components:
interface collector, interface model extractor, dependency inferer, and
fuzzer engine. ### JavaScript ### Firmware ### Hypervisor ### CPU - <a
href="https://github.com/compsec-snu/difuzz-rtl">DifuzzRTL</a> -
DifuzzRTL is a differential fuzz testing approach for CPU verification.
- <a href="https://github.com/sycuricon/MorFuzz">MorFuzz</a> - MorFuzz
is a generic RISC-V processor fuzzing framework that can efficiently
detect software triggerable functional bugs. - <a
href="https://github.com/tudinfse/SpecFuzz">SpecFuzz</a> - SpecFuzz is a
tool to enable fuzzing for Spectre vulnerabilities - <a
href="https://github.com/vernamlab/Medusa">Transynther</a> - Transynther
automatically generates and tests building blocks for Meltdown attacks
with various faults and microcode assists. ### Lib ### Web - <a
href="https://github.com/seclab-fudan/TEFuzz/">TEFuzz</a> - TEFuzz is a
tailored fuzzing-based framework to facilitate the detection and
exploitation of template escape bugs. - <a
href="https://github.com/sefcom/Witcher">Witcher</a> - Witcher is a web
application fuzzer that utilizes mutational fuzzing to explore web
applications and fault escalation to detect command and SQL injection
vulnerabilities. - <a
href="https://github.com/shouc/corbfuzz">CorbFuzz</a> - CorbFuzz is a
state-aware fuzzer for generating as much reponses from a web
application as possible without need of setting up database, etc. ###
DOM ### Argument ### Blockchain - <a
href="https://github.com/snuspl/fluffy">Fluffy</a> - Fluffy is a
multi-transaction differential fuzzer for finding consensus bugs in
Ethereum. - <a href="https://github.com/ConsensusFuzz/LOKI">LOKI</a> -
LOKI is a blockchain consensus protocol fuzzing framework that detects
the consensus memory related and logic bugs. ### DBMS - <a
href="https://github.com/s3team/Squirrel">Squirrel</a> - Squirrel is a
fuzzer for database managment systems (DBMSs).</p>
<h2 id="contribute">Contribute</h2>
<p>Contributions welcome! Read the <a
href="contributing.md">contribution guidelines</a> first.</p>
<h2 id="license">License</h2>
<p><a href="http://creativecommons.org/publicdomain/zero/1.0"><img
src="http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg"
alt="CC0" /></a></p>
<p>To the extent possible under law, cpuu has waived all copyright and
related or neighboring rights to this work.</p>
<p><a href="https://github.com/cpuu/awesome-fuzzing">fuzzing.md
Github</a></p>
Reference in New Issue View Git Blame Copy Permalink