AFLplusplus is the daughter of the American Fuzzy Lop fuzzer by Michał “lcamtuf” Zalewski and was created initially to incorporate all the best features developed in the years for the fuzzers in the AFL family and not merged in AFL cause it is not updated since November 2017.
The AFL++ fuzzing framework includes the following:
- A fuzzer with many mutators and configurations: afl-fuzz.
- Different source code instrumentation modules: LLVM mode, afl-as, GCC plugin.
- Different binary code instrumentation modules: QEMU mode, Unicorn mode, QBDI mode.
- Utilities for testcase/corpus minimization: afl-tmin, afl-cmin.
- Helper libraries: libtokencap, libdislocator, libcompcov.
It includes a lot of changes, optimizations and new features respect to AFL like the AFLfast power schedules, QEMU 5.1 upgrade with CompareCoverage, MOpt mutators, InsTrim instrumentation and a lot more.
See the Features page.
If you are a student or enthusiast developer and want to contribute, we have an idea list what would be cool to have! :-)
If you want to acknoledge our work and the derived works by the academic community in your paper, see the Papers page.
It is maintained by Marc “van Hauser” Heuse firstname.lastname@example.org, Heiko “hexcoder-” Eißfeldt email@example.com, Andrea Fioraldi firstname.lastname@example.org and Dominik Maier email@example.com.
Check out the GitHub repository here.
- CVE-2019-16168 by Xingwei Lin (Ant-Financial Light-Year Security Lab)
- CVE-2019-20079 by Dhiraj (blog)
- CVE-2019-20176 CVE-2020-9274 CVE-2020-9365 by Antonio Morales (GitHub Security Lab)
- CVE-2020-6162 CVE-2020-6835 by Antonio Morales (GitHub Security Lab)
- CVE-2020-8036 by Reza Mirzazade
- CVE-2020-9272 CVE-2020-9273 by Antonio Morales (GitHub Security Lab)
- Issue 130 by Ashish Kunwar
- Ticket 8592 Ticket 8593 Ticket 8594 Ticket 8596 by Andrea Fioraldi
- Ticket 9099 by Qiuhao Li
- Bug 25933 by David Mendenhall
- Libxps issue 3 by Qiuhao Li
- CVE-2020-29129 CVE-2020-29130 by Qiuhao Li
- GNU coreutils
- Bug 1919775 by Qiuhao Li
- Crash while parsing zero-symbols in jsonb string by Nikolay Shaplov (Postgres Professional)
We always need servers with many cores for testing various changes for the efficiency. If you want to sponsor a server with more than 20 cores - contact us! :-)
- Fuzzing IO is sponsoring a 24 core server for one year, thank you!