AFL++ documentation

This is the overview of the AFL++ docs content.

For general information on AFL++, see the README.md of the repository.

Also take a look at our /docs/faq/ and /docs/best_practices/.

Fuzzing targets with the source code available

You can find a quickstart for fuzzing targets with the source code available in the README.md of the repository.

For in-depth information on the steps of the fuzzing process, see /docs/fuzzing_in_depth/ or click on the following image and select a step.

For further information on instrumentation, see the READMEs in the instrumentation/ folder.

Instrumenting the target

For more information, click on the following image and select a step.

Preparing the fuzzing campaign

For more information, click on the following image and select a step.

Fuzzing the target

For more information, click on the following image and select a step.

Managing the fuzzing campaign

For more information, click on the following image and select a step.

Fuzzing other targets

To learn about fuzzing other targets, see:

• Binary-only: /docs/fuzzing_binary-only_targets/
• GUI programs: /docs/best_practices/#fuzzing-a-gui-program
• Libraries: frida_mode/README.md
• Network services: /docs/best_practices/#fuzzing-a-network-service
• Non-linux: unicorn_mode/README.md

Additional information

• Tools that help fuzzing with AFL++: /docs/third_party_tools/
• Tutorials: /docs/tutorials/