AFL++ documentation
This is the overview of the AFL++ docs content.
For general information on AFL++, see the README.md of the repository.
Also take a look at our /docs/faq/ and /docs/best_practices/.
Fuzzing targets with the source code available
You can find a quickstart for fuzzing targets with the source code available in the README.md of the repository.
For in-depth information on the steps of the fuzzing process, see /docs/fuzzing_in_depth/ or click on the following image and select a step.
For further information on instrumentation, see the READMEs in the instrumentation/ folder.
Instrumenting the target
For more information, click on the following image and select a step.
Preparing the fuzzing campaign
For more information, click on the following image and select a step.
Fuzzing the target
For more information, click on the following image and select a step.
Managing the fuzzing campaign
For more information, click on the following image and select a step.
Fuzzing other targets
To learn about fuzzing other targets, see:
- Binary-only: /docs/fuzzing_binary-only_targets/
- GUI programs: /docs/best_practices/#fuzzing-a-gui-program
- Libraries: frida_mode/README.md
- Network services: /docs/best_practices/#fuzzing-a-network-service
- Non-linux: unicorn_mode/README.md
Additional information
- Tools that help fuzzing with AFL++: /docs/third_party_tools/
- Tutorials: /docs/tutorials/