honggfuzz

Description

• A general-purpose, easy-to-use fuzzer with interesting analysis options. See USAGE for details
• Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
• It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
• Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz
• Can fuzz standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

• Latest version: 0.8
• Changelog

Requirements

• Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
• FreeBSD - gmake
• Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
• Windows - CygWin
• Darwin/OS X - Xcode 10.8+
• if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

• FreeType 2:
• CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
• Multiple bugs in the libtiff library
• Multiple bugs in the librsvg library
• Multiple bugs in the poppler library
• Multiple exploitable bugs in IDA-Pro
• Use-after-free in OpenSSL - CVE-2016-6309
• Pre-auth crash in OpenSSH
• ... and more

Other

This is NOT an official Google product.