honggfuzz

Description

A security oriented, feedback-driven, evolutionary, easy-to-use fuzzer with interesting analysis options. See USAGE for details

• Supports several hardware-based (CPU) and software-based feedback-driven fuzzing methods
• It works (at least) under GNU/Linux, FreeBSD, Mac OS X, Windows/CygWin and Android
• Supports persistent modes of fuzzing (long-lived process calling a fuzzed API repeatedly) with libhfuzz/libhfuzz.a. More on that here
• Can fuzz remote/standalone long-lasting processes (e.g. network servers like Apache's httpd and ISC's bind)

Code

• Latest version: 0.8
• Changelog

Requirements

• Linux - The BFD library (libbfd-dev) and libunwind (libunwind-dev/libunwind8-dev)
• FreeBSD - gmake
• Android - Android SDK/NDK. Also see this detailed doc on how to build and run it
• Windows - CygWin
• Darwin/OS X - Xcode 10.8+
• if Clang/LLVM is used - the BlocksRuntime Library (libblocksruntime-dev)

Trophies

The tool has been used to find a few interesting security problems in major software packages; Examples:

• FreeType 2:
• CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527
• Multiple bugs in the libtiff library
• Multiple bugs in the librsvg library
• Multiple bugs in the poppler library
• Multiple exploitable bugs in IDA-Pro
• Adobe Flash memory corruption • CVE-2015-0316
• Pre-auth remote crash in OpenSSH
• Remote DoS in Crypto++ • CVE-2016-9939
• OpenSSL
• Remote OOB read • CVE-2015-1789
• Remote Use-after-Free (potential RCE) • CVE-2016-6309
• Remote OOB write • CVE-2016-7054
• ... and more

Other

This is NOT an official Google product.