commit	c1a0d9f7275872f9709eb4b14501dac6d8cfa36c	[log] [tgz]
author	Anestis Bechtsoudis <anestis@census-labs.com>	Thu Dec 29 11:34:10 2016 +0200
committer	Anestis Bechtsoudis <anestis@census-labs.com>	Thu Dec 29 11:34:10 2016 +0200
tree	964ea47579ca8b6da5f8006d6a9bf669ec8ebbf5
parent	ee4fd08778010d6ba83465ba961161a6dfdad06d [diff]

tree: 964ea47579ca8b6da5f8006d6a9bf669ec8ebbf5

README.md

honggfuzz

Description

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details

Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

Requirements

Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
FreeBSD - gmake
Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
Windows - CygWin
Darwin/OS X - Xcode 10.8+
if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

Other

This is NOT an official Google product.