Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / honggfuzz / 018822e8f80232ba4571280d7bab32b811d9d38d
commit018822e8f80232ba4571280d7bab32b811d9d38d[log] [tgz]
authorRobert Swiecki <robert@swiecki.net>Fri May 05 16:12:50 2017 +0200
committerRobert Swiecki <robert@swiecki.net>Fri May 05 16:12:50 2017 +0200
treeb0c30f9f651c2370099d71ed5f6b00da5453b09d
parent9aaab643c31e1c56a9c1fa912916cb02718fc6fb [diff]
Redme
1 file changed
tree: b0c30f9f651c2370099d71ed5f6b00da5453b09d
  1. android/
  2. docs/
  3. examples/
  4. hfuzz_cc/
  5. libhfuzz/
  6. linux/
  7. mac/
  8. posix/
  9. third_party/
  10. tools/
  11. .gitignore
  12. .gitmodules
  13. arch.h
  14. CHANGELOG
  15. cmdline.c
  16. cmdline.h
  17. common.h
  18. CONTRIBUTING
  19. COPYING
  20. display.c
  21. display.h
  22. files.c
  23. files.h
  24. fuzz.c
  25. fuzz.h
  26. honggfuzz.c
  27. log.c
  28. log.h
  29. Makefile
  30. mangle.c
  31. mangle.h
  32. README.md
  33. report.c
  34. report.h
  35. sancov.c
  36. sancov.h
  37. sanitizers.c
  38. sanitizers.h
  39. subproc.c
  40. subproc.h
  41. util.c
  42. util.h
README.md

honggfuzz

Description

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details

  • Easy-to-use, just provide it with input corpus (can consist of a single file) and it will work to expand it using feedback-based coverage metrics
  • Has a nice track record of uncovered security bugs: e.g. the only vulnerability in OpenSSL with the critical score mark had been discovered by honggfuzz
  • Supports several hardware-based (CPU: branch/instruction counting, Intel BTS, Intel PT) and software-based feedback-driven fuzzing methods
  • It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
  • Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
  • Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

  • Latest stable version: 0.9, but you're encouraged to use the master branch
  • Changelog

Requirements

  • Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
  • FreeBSD - gmake, clang-3.6 or newer
  • Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
  • Windows - CygWin
  • Darwin/OS X - Xcode 10.8+
  • if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Examples

The examples directory contains code demonstrating (among others) how to use honggfuzz to find bugs in the OpenSSL library and in the Apache web server.

Other

This is NOT an official Google product.