AFLplusplus is the daughter of the American Fuzzy Lop fuzzer by Michał “lcamtuf” Zalewski and was created initially to incorporate all the best features developed in the years for the fuzzers in the AFL family and not merged in AFL cause it is not updated since November 2017.
The AFL++ fuzzing framework includes the following:
- A fuzzer with many mutators and configurations: afl-fuzz.
- Different source code instrumentation modules: LLVM mode, afl-as, GCC plugin.
- Different binary code instrumentation modules: QEMU mode, Unicorn mode, QBDI mode.
- Utilities for testcase/corpus minimization: afl-tmin, afl-cmin.
- Helper libraries: libtokencap, libdislocator, libcompcov.
It includes a lot of changes, optimizations and new features respect to AFL like the AFLfast power schedules, QEMU 5.1 upgrade with CompareCoverage, MOpt mutators, InsTrim instrumentation and a lot more.
See the Features page.
If you are a student or enthusiast developer and want to contribute, we have an idea list what would be cool to have! :-)
If you want to acknoledge our work and the derived works by the academic community in your paper, see the Papers page.
Check out the GitHub repository here.
- CVE-2019-16168 by Xingwei Lin (Ant-Financial Light-Year Security Lab)
- CVE-2020-8036 by Reza Mirzazade
- Issue 130 by Ashish Kunwar
- Bug 25933 by David Mendenhall
- Libxps issue 3 by Qiuhao Li
- GNU coreutils
- Bug 1919775 by Qiuhao Li
- Crash while parsing zero-symbols in jsonb string by Nikolay Shaplov (Postgres Professional)
We always need servers with many cores for testing various changes for the efficiency. If you want to sponsor a server with more than 20 cores - contact us! :-)
- Fuzzing IO is sponsoring a 24 core server for one year, thank you!