Fuzzing
Fuzz testing (fuzzing) is an automated software testing technique that sends invalid, malformed, or unexpected inputs to a system to discover bugs, crashes, and security vulnerabilities. It has become one of the most effective methods for finding memory corruption, parsing errors, and input validation flaws at scale.
Fuzzing operates on a simple principle: programs that crash on unexpected input likely have exploitable bugs. Modern fuzzers go far beyond random input generation. Coverage-guided fuzzers like AFL++, libFuzzer, and Honggfuzz use code coverage feedback to evolve inputs that explore new code paths, dramatically increasing the chance of finding deep bugs. Grammar-based fuzzers generate structurally valid inputs for complex formats like JSON, XML, HTTP, and custom protocols.
In web application security, fuzzing is used for directory and file discovery, parameter brute-forcing, and finding injection points. Tools like ffuf, wfuzz, and Burp Intruder allow rapid testing of URL paths, query parameters, headers, and form fields against wordlists. API fuzzing tools specifically target REST and GraphQL endpoints with schema-aware mutation strategies.
At the systems level, fuzzing has uncovered thousands of vulnerabilities in browsers, operating system kernels, file format parsers, network protocol implementations, and cryptographic libraries. Google's OSS-Fuzz project alone has found over 10,000 bugs across hundreds of open-source projects.
This page collects fuzzing tools, techniques, research, and guides for both web application and systems-level fuzzing.
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-04-29 NEW 2026 | Firefox using advanced AI to find fix browser security flaws beginner AI | Firefox is employing advanced AI to proactively identify and address browser security vulnerabilities. This innovative approach aims to streamline the process of finding and patching flaws, enhancing user security. By leveraging AI, Firefox can potentially detect a wider range of issues more efficiently than traditional methods. The goal is to create a more secure browsing experience for all users by staying ahead of potential threats. → msn.com |
| 2026-04-24 2026 | Claude Mythos discovered 271 vulnerabilities in Firefox news Bug Bounty | Security researcher Claude Mythos identified an extensive 271 vulnerabilities within the Firefox browser. The details of these discoveries were shared via a linked article, highlighting a significant security audit conducted by Mythos. No bug bounty payout amount was specified in the provided content. → secnews.gr |
| 2026-04-22 2026 | Jazzer: Coverage-guided, in-process fuzzing for the JVM intermediate | Library for coverage-guided, in-process fuzzing of the JVM. Jazzer integrates with JUnit 5.9.0+ and supports Linux, macOS, and Windows platforms. It leverages libFuzzer's instrumentation for mutation-based input generation, allowing developers to write fuzz tests alongside unit tests. Jazzer can run in regression or fuzzing modes, identifying crashes and storing inputs for further analysis. It also includes built-in sanitizers to detect risky behaviors during fuzzing. |
| 2026-04-22 2026 | Fuzzing 100+ open source projects with OSS-Fuzz - lessons learned intermediate | Writeup detailing continuous fuzzing efforts on over 100 open-source projects via OSS-Fuzz. This initiative reported 2104 bugs, including 559 security-relevant issues, with 1330 fixed. Notable findings include CVE-2020-28362 in Go-ethereum and contributions to Sudoers and Pidgin, highlighting the impact of sustained vulnerability analysis on critical software components. |
| 2026-04-22 2026 | Large Language Model guided Protocol Fuzzing (NDSS) advanced | Tool for LLM-guided protocol fuzzing, ChatAFL leverages pre-trained large language models to extract machine-readable protocol information from natural language specifications. This engine constructs grammars for message types and mutates or predicts message sequences, significantly enhancing state and code coverage compared to state-of-the-art fuzzers like AFLNet and NSFuzz. Experiments on ProFuzzbench demonstrated ChatAFL's effectiveness in discovering previously unknown vulnerabilities in real-world protocol implementations. |
| 2026-04-22 2026 | Detect Go's silent arithmetic bugs with go-panikint intermediate | Library for detecting silent integer arithmetic bugs in Go projects. go-panikint modifies the Go compiler to transform integer overflows and truncations into explicit panics, making them detectable by fuzzers. It successfully identified an integer overflow vulnerability in the Cosmos SDK's RPC pagination logic. The library includes mechanisms to filter intentional overflows via source location whitelisting or in-code comments. → blog.trailofbits.com |
| 2026-04-22 2026 | Denial of Fuzzing: Rust in the Windows kernel intermediate | Library for fuzzing Windows kernel GDI components, utilizing WinAFL and WinAFL Pet for efficient testing. It details techniques for metafile fuzzing with Enhanced Metafile Format Plus (EMF+) and identifies a denial-of-fuzzing condition triggered by mutations. The library includes methodologies for memory dump analysis using Volatility and MemProcFS, and a client-server approach to capture and store mutated files for faster reproduction of kernel crashes. |
| 2026-04-22 2026 | Bringing Fuzz Testing to Kotlin with kotlinx.fuzz beginner | Library for fuzz testing Kotlin applications. Developed by JetBrains Research, this fuzzer, named kotlinx.fuzz, leverages existing Java fuzzers like Jazzer to identify edge cases and uncover hidden vulnerabilities by automatically generating random or invalid inputs for target functions such as `Duration.parseIsoStringOrNull`. It simplifies the fuzzing process, offering improved configuration, execution, and result analysis for Kotlin projects. |
| 2026-04-22 2026 | Advanced binary fuzzing using AFL++-QEMU and libprotobuf advanced | Tool for advanced binary-only fuzzing utilizing AFL++-QEMU, focusing on grammar-aware in-memory persistent fuzzing. This practical guide demonstrates step-by-step configuration, including instrumentation tuning for specific code paths and optimizing execution speed, using a case study of a weak X509 parser with a buffer overflow vulnerability in `parse_cert_buf`. It details corpus preparation with `afl-cmin` and `afl-tmin`, and explores AFL++-QEMU features like `AFL_CUSTOM_MUTATOR_LIBRARY` and persistent mode addresses for performance enhancements. |
| 2026-04-22 2026 | deepSURF: Detecting Memory Safety Vulnerabilities in Rust Through Fuzzing LLM-Augmented Harnesses advanced | Tool integrating static analysis and LLM-guided fuzzing to detect memory safety vulnerabilities in Rust's unsafe code. deepSURF handles generics by substituting them with custom types and LLM-augmented harnesses for complex API interactions. Evaluation on 27 Rust crates revealed 20 known and 6 previously unknown memory safety bugs, surpassing state-of-the-art tools. → arxiv.org |
| 2026-04-22 2026 | Fixing Security Vulnerabilities with AI in OSS-Fuzz intermediate | Library that customizes the AutoCodeRover LLM agent, named CodeRover-S, for autonomously fixing security vulnerabilities detected by OSS-Fuzz. This approach leverages exploit input from fuzzing campaigns to extract dynamic call graph information and augment vulnerability reports. CodeRover-S aims to improve patch generation success rates by incorporating type-based analysis at identified faulty program locations, focusing on dynamic attributes for patch correctness over static code similarity metrics. → arxiv.org |
| 2026-04-22 2026 | A Survey of Network Protocol Fuzzing: Model, Techniques and Directions intermediate | Survey of network protocol fuzzing techniques; this paper systematically reviews advancements, proposes a unified process model, and discusses techniques for syntax acquisition, test case generation, execution, monitoring, and feedback utilization. It highlights challenges unique to network protocols, such as statefulness and structured input, and points to promising research directions, referencing vulnerabilities like Heartbleed (CVE-2014-0160) found in software like OpenSSL. → arxiv.org |
| 2026-04-22 2026 | Anthropic AI Finds 271 Vulnerabilities in Firefox news | Anthropic AI Finds 271 Vulnerabilities in Firefox https://ift.tt/61geSjc → letsdatascience.com |
| 2026-04-19 2026 | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks advanced | Generative Fuzzer-Driven Vulnerability Detection in IoT Networks |
| 2026-04-19 2026 | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs advanced | Automating Fuzz Driver Generation for Deep Learning Libraries with LLMs |
| 2026-04-19 2026 | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities advanced | Fuzz to the Future: Uncovering Occluded Future Vulnerabilities → dl.acm.org |
| 2026-04-19 2026 | EdgeFuzz: A Middleware-Based Security Testing Tool intermediate | EdgeFuzz: A Middleware-Based Security Testing Tool |
| 2026-04-19 2026 | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery beginner | Software Fuzzing: The Cornerstone of Automated Vulnerability Discovery |
| 2026-04-16 2026 | Fuzzing | Testing Handbook - AppSec Guide beginner | Handbook chapter detailing fuzzing as an essential dynamic testing method for uncovering security issues and bugs. It covers starting fuzzing projects quickly, delving into advanced techniques, and selecting appropriate fuzzers. The handbook explains how to write fuzzing harnesses, interpret their outputs, and apply them to real-world C/C++ projects, discussing both blackbox and feedback-driven graybox fuzzing approaches. It also explores mutation-based evolutionary fuzzing, the de facto algorithm, and defines key terminology such as SUT, fuzzer, harness, and corpus. → appsec.guide |
| 2026-04-16 2026 | API Fuzzing for Security Testing: Complete Guide intermediate | Library for API fuzzing that automates vulnerability discovery by generating malformed, randomized, or boundary-case inputs to uncover weaknesses like injection attacks, authentication bypasses, and data exposure via error handling. It integrates into CI/CD pipelines, complementing static analysis and manual testing by detecting edge cases and logic flaws missed by traditional methods, significantly improving detection rates and reducing remediation costs. |
| 2026-04-16 2026 | Recent Fuzzing Papers Collection advanced | Recent Fuzzing Papers Collection |
| 2026-04-16 2026 | Awesome-Fuzzing: Curated List of Fuzzing Resources beginner | Library collecting curated resources for learning fuzzing and exploit development, including books like "Fuzzing: Brute Force Vulnerability Discovery," courses, videos, tutorials, and vulnerable applications. It lists tools such as American Fuzzy Lop (AFL), Peach Fuzzer, honggfuzz, and Cloudfuzzer, alongside discussions of techniques like directed fuzzing and root cause analysis for vulnerabilities like integer overflows. The library also features resources on browser fuzzing frameworks like BFuzz and Grizzly. |
| 2026-04-16 2026 | KernelGPT: Enhanced Kernel Fuzzing via LLMs advanced | Library for enhanced Linux kernel fuzzing using Large Language Models to automate Syzkaller specification generation and refinement. KernelGPT analyzes kernel source code, leverages LLMs for specification creation, and uses feedback for iterative improvement. This approach has successfully identified 24 new kernel bugs, including 11 with assigned CVEs, and many of its generated specifications have been integrated into the official Syzkaller repository. |
| 2026-04-16 2026 | ksmbd: Fuzzing Improvements and Vulnerability Discovery intermediate | Library for improving fuzzing and discovering vulnerabilities in `ksmbd`, an SMB server implementation. This resource details techniques for expanding the attack surface by enabling configuration options like durable handles, oplocks, and SMB2 leases, and discusses fuzzer improvements. It specifically mentions patching NTLMv2 authentication, adjusting connection limits, and simulating valid SMB state transitions by parsing responses for TreeIDs and SessionIDs. The library also leverages protocol specifications to build grammars for commands like SMB2 IOCTL requests and explores fuzzing strategies such as focused area fuzzing to target specific code paths like `smb_check_perm_dacl`, which led to the discovery of integer overflows. → blog.doyensec.com |
| 2026-04-16 2026 | AFL++ Fuzzing in Depth intermediate | Library for instrumenting and fuzzing source code targets with AFL++. This guide details the three-step process: compiling with special compilers like `afl-clang-lto` or `afl-gcc-fast`, preparing an input corpus, and executing the fuzzing process. It also covers compiler selection based on available versions (LLVM 11+, GCC 5+) and instrumentation options such as `laf-intel`, `redqueen`, and selective instrumentation via `allowlist.txt` or `denylist.txt` to optimize fuzzing efficiency. |
| 2026-04-16 2026 | The Fuzzing Book: Generating Software Tests beginner | Library of practical examples and executable code, "The Fuzzing Book" teaches automated software testing techniques. It covers random fuzzing, mutation-based fuzzing, and grammar-based test generation, illustrated with Python code. The resource is suitable for university courses, supplementary material, or as a developer tool, and has been credited with finding over 2,600 bugs in JavaScript interpreters for browsers like Firefox, Chrome, and Edge. |
| 2026-04-16 2026 | Fuzzing101: A Step-by-Step Fuzzing Tutorial beginner | Tutorial on fuzzing basics using AFL++ and Ubuntu 20.04 LTS. This resource features ten real-world targets and exercises to help learners discover vulnerabilities in software projects. It explains coverage-guided evolutionary fuzzing techniques, a method employed by popular fuzzers like AFL, libFuzzer, and HonggFuzz. |
| 2026-04-11 2026 | Getting Started with Python Fuzzing Using Atheris beginner | Library for fuzz testing Python applications, Atheris, developed by Google, simplifies the process of finding bugs through coverage-guided randomized testing. It allows users to easily create fuzz harnesses for arbitrary Python code, utilizing `FuzzedDataProvider` to generate diverse input types such as strings, integers, and lists. The library integrates seamlessly with targets, reporting crashes like `ZeroDivisionError` when it encounters unexpected inputs, aiding developers in identifying and fixing edge-case vulnerabilities. |
| 2026-04-11 2026 | Unleashing Medusa: Smart Contract Fuzzing intermediate | Library for coverage-guided, parallel, and on-chain fuzzing of EVM smart contracts. Medusa v1, built on Geth and written in Go, uses Slither insights for smart mutational value generation and provides enhanced debugging with rich execution traces. It offers an alternative to Echidna, focusing on scalability and maintainability for faster vulnerability discovery in blockchain systems. → blog.trailofbits.com |
| 2026-04-11 2026 | Mastering Boofuzz: From Basics to Advanced beginner | Library for stateful and stateless fuzzing, Boofuzz enables robust security testing of network protocols, file formats, and embedded systems. Leveraging Python, it supports custom protocol fuzzing with checksums like CRC32 and IPv4, and allows for multi-stage fuzzing through defined states. It includes built-in crash detection, a web interface for real-time monitoring, and examples for fuzzing HTTP POST requests and authenticated FTP sessions. |
| 2026-04-11 2026 | cargo-fuzz - Testing Handbook beginner | Tool for fuzzing Rust projects using Cargo, this handbook details setup and usage. It leverages libFuzzer and can automatically enable sanitizers like AddressSanitizer, which is useful for detecting memory errors in unsafe Rust code. The guide covers writing fuzz tests, initializing projects with `cargo fuzz init`, running fuzz targets with `cargo +nightly fuzz run`, and re-executing specific test cases. It also explores fuzzer options, including disabling sanitizers for performance boosts when not using unsafe Rust, and provides a real-world example fuzzing the `ogg` crate. → appsec.guide |
| 2026-04-11 2026 | LLM-Based Harness Synthesis for Unfuzzed Projects advanced | Library for LLM-based fuzzing harness synthesis that automates the creation of OSS-Fuzz and ClusterFuzzLite projects for C/C++ software. It takes a GitHub repository URL as input and generates fuzzing harnesses by first building the project using generalized build heuristics, then extracting program analysis data with Fuzz Introspector, and finally synthesizing harnesses with LLMs based on that data. The process has demonstrated coverage increases and vulnerability discovery in prior work. |
| 2026-04-11 2026 | HyperHook: A Harnessing Framework for Nyx advanced | Framework for Nyx-based fuzzers, HyperHook streamlines snapshot fuzzing for user-space applications by managing hypercalls, function hooks, and exception handlers for both Windows and Linux targets. It works by injecting a detour into the target function, initializing communication with the host, registering handlers, setting up an input buffer, and ultimately calling the target function with fuzz input. |
| 2026-04-11 2026 | Practical Jazzer for the Snazzy Fuzzer intermediate | Library detailing practical tips for using Jazzer, a coverage-guided, in-process fuzzer for the JVM. It covers advanced techniques for enterprise Java applications, including implementing `fuzzerInitialize` and `fuzzerTearDown` methods for setup and cleanup, utilizing method hooks with reflection to inspect application state and detect vulnerabilities like context escapes, and managing timeouts with fork mode and `-ignore_timeouts`. |
| 2026-04-11 2026 | Jazzer + LibAFL: Java Fuzzing Insights intermediate | Library for Java fuzzing, integrating LibAFL with Jazzer. This fork enhances Jazzer by replacing its LibFuzzer backend with LibAFL, incorporating custom implementations for `__sanitizer_cov_trace_cmp8_with_pc`, `__sanitizer_weak_hook_memmem`, `__sanitizer_weak_hook_strstr`, and `__sanitizer_weak_hook_compare_bytes` to improve coverage feedback and comparison analysis, addressing limitations encountered when adapting Jazzer's LibFuzzer fork to LibAFL's architecture. |
| 2026-04-11 2026 | Unlocking Java Fuzzing with Jazzer beginner | Library for fuzzing Java applications, Jazzer leverages libFuzzer for coverage-guided, in-process fuzzing on the JVM. It comprises a native Jazzer Driver that interfaces with libFuzzer and a Jazzer Agent for runtime instrumentation within the target JVM. This setup allows Jazzer to utilize libFuzzer's mutation features and feedback mechanisms for identifying vulnerabilities in Java code. |
| 2026-04-11 2026 | LibAFL - Testing Handbook beginner | Library for building custom fuzzers, LibAFL offers modular functionality beyond traditional AFL-based fuzzers and libFuzzer. It supports a libFuzzer drop-in replacement for easier integration and also serves as a core Rust library for creating highly customizable fuzzing solutions. Setup involves installing Clang and Rust, and configuring environment variables for specific LLVM versions. LibAFL enhances fuzzing performance with features like `SimpleRestartingEventManager` and `LlmpRestartingEventManager` for effective crash detection and multi-processing. → appsec.guide |
| 2026-04-11 2026 | Fuzzing Rust Using Cargo-libafl intermediate | Fuzzing Rust Using Cargo-libafl |
| 2026-04-11 2026 | LibAFL Tutorial beginner | LibAFL Tutorial |
| 2026-04-11 2026 | G2Fuzz: Grammar-Aware Fuzzing with LLMs advanced | Library for grammar-aware fuzzing, G2Fuzz, leverages LLMs to synthesize and mutate Python scripts that generate inputs conforming to complex, non-textual grammars like TIFF images and MP4 audio. It combines LLM-driven "holistic search" for novel input generation with traditional fuzzers like AFL++ for efficient "local search." This hybrid approach significantly enhances code coverage and bug discovery, outperforming tools such as AFL++, Fuzztruction, and FormatFuzzer on benchmarks like UNIFUZZ and FuzzBench, and has discovered bugs including those acknowledged by CVEs. → arxiv.org |
| 2026-04-11 2026 | Bugs That Survive Continuous Fuzzing advanced | Library detailing vulnerabilities that persist despite continuous fuzzing in open-source projects like Gstreamer, Poppler, and Exiv2. It highlights issues arising from insufficient code coverage, unmonitored dependencies (e.g., DjVuLibre in Poppler), and neglected encoding logic, demonstrating the ongoing need for human oversight and expertise beyond automated fuzzing initiatives like OSS-Fuzz. → github.blog |
| 2026-04-11 2026 | Fuzzing Web Apps using FFUF: Complete Guide beginner | Library for fuzzing web applications using FFUF, covering directory discovery, subdomain enumeration, virtual host fuzzing, multi-layer extension hunting, recursive scanning, authentication testing, and API endpoint discovery. It also details workflow optimizations like rate limiting and Burp Suite integration, while warning against common pitfalls such as unauthorized testing and aggressive scanning. |
| 2026-04-11 2026 | FFUF Mastery: Advanced Web Fuzzing intermediate | Library for advanced web fuzzing using FFuf, transforming standard workflows into an optimized offensive security methodology. It details sophisticated response matching techniques, practical attack scenarios leveraging HTTP response characteristics, and provides battle-tested command snippets and visual pipeline examples for immediate implementation in security testing. Techniques include response-pattern differential analysis, multi-vector fuzzing, layered match profiles, calibration for false positive reduction, content discovery with anti-false-positive profiles, and virtual host discovery. |
| 2026-04-11 2026 | Looking for RCE Bugs in the Linux Kernel advanced | Library for fuzzing the Linux kernel externally over the network, extending the syzkaller fuzzer to inject network packets via TUN/TAP and collect coverage with KCOV. The article details the integration process, including adding pseudo-syscalls and handling network specifics like checksums and TCP connections, ultimately leading to the discovery of a one-shot RCE in a non-public kernel flavor. |
| 2026-04-11 2026 | Syzkaller Summer: Fixing False Positive Soft Lockups in net/sched advanced | Tool detailing Syzkaller's challenges with net/sched fuzzing, specifically addressing false positive soft lockups. The author's research revealed that Syzkaller's network namespace reset was insufficient, leaving residual state that triggered hangs. This led to the creation of the HangBuzz101 CTF challenge and the identification of several vulnerabilities, including CVE-2025-38001 and CVE-2025-38616, some of which were exploitable and contributed to significant bounty payouts. Modifications to the net/sched grammar in Syzlang were implemented to mitigate these false positives. |
| 2026-04-11 2026 | Writing Harnesses - Testing Handbook intermediate | Handbook on writing fuzzing harnesses, detailing techniques beyond simple byte arrays. It demonstrates how to derive complex inputs like integers and strings from raw data, using tools such as `FuzzedDataProvider` to handle variable-length consumption and parsing. The handbook also explores interleaved fuzzing, where the initial input byte steers execution through multiple related APIs, and discusses structured fuzzing concepts for improved efficiency, including integrating with formats like protobufs. Examples cover potential vulnerabilities like division by zero and buffer overflows when manipulating input data. → appsec.guide |
| 2026-04-11 2026 | Secrets of Effective Fuzzing Harnesses intermediate | Library on writing effective fuzzing harnesses, emphasizing harness scope, avoiding common pitfalls like data reuse and reinterpretation, and embracing best practices such as early input validation with tools like FuzzedDataProvider, output validation, state resetting, and stateless, efficient harness design for C/C++, GO, Python, and Rust. |
| 2026-04-11 2026 | Beginner's Guide to Writing a Fuzzing Harness beginner | Library for writing fuzzing harnesses, this guide details connecting fuzzers like AFL++ and Honggfuzz to specific target functions. It covers identifying target functions, implementing resource management (e.g., `xmlFreeTextReader`), and performing validation checks on function return results. The entry emphasizes the iterative nature of fuzzing and the importance of a well-designed harness for maximizing code coverage and enabling targeted testing of complex APIs and non-standard input formats. |
| 2026-04-11 2026 | The Art of Fuzzing: Harnessing Libraries intermediate | The Art of Fuzzing: Harnessing Libraries |
| 2026-04-11 2026 | AFL++ - Testing Handbook intermediate | Library detailing the installation and usage of AFL++, a fork of the AFL fuzzer offering enhanced performance and features for C/C++ binaries. It covers multi-core fuzzing, recommended Ubuntu and Docker environments, and compilation modes like LTO, LLVM, and GCC. The guide emphasizes system configuration scripts such as `afl-system-config` and `afl-persistent-config` for optimizing fuzzing performance, while warning against their use on production systems. It also demonstrates compilation commands using wrappers like `afl-clang-lto++` and `afl-clang-fast++`. → appsec.guide |
| 2026-04-11 2026 | AFL++ Tutorials beginner | Tutorials covering AFL++ usage are available, including guides on libxml2, blackbox fuzzing with QEMU mode, and fuzzing various protocols like FTP and FreeRDP. Structured data fuzzing techniques for libprotobuf and Superion are also detailed, alongside in-depth explanations of AFL++'s inner workings and video resources for installation and practical application. |
| 2026-04-11 2026 | Fuzzing with AFL++: Exercise 1 (simple_crash) intermediate | Fuzzing with AFL++: Exercise 1 (simple_crash) |
| 2026-04-10 2026 | Fuzzing in Smart City IoT Ecosystems intermediate | Fuzzing in Smart City IoT Ecosystems |
| 2026-04-10 2026 | Multi-target Coverage-based Greybox Fuzzer advanced | Library implementing Multi-target Coverage-based Greybox Fuzzing (MTCFuzz) for architectures where operating systems and firmware cooperate. It leverages code coverage from both components within a QEMU virtualization environment to achieve deeper system exploration than single-target fuzzing, addressing issues like those observed with OpenSBI bugs. → arxiv.org |
| 2026-04-10 2026 | A Gentle Introduction to Linux Kernel Fuzzing beginner | Tutorial on Linux kernel fuzzing using AFL and KCOV, detailing coverage-guided techniques to discover bugs in the kernel's netlink machinery. It explains how to configure a custom Linux kernel with KCOV enabled and integrate kernel code coverage reporting into AFL, a popular fuzzer by Michał Zalewski, for effective memory corruption bug detection. The tutorial also references prior work with tools like syzkaller. |
| 2026-04-10 2026 | Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra beginner | Fuzzing Cheat Sheet: AFL++, libFuzzer, Boofuzz, WinDBG, Ghidra |
| 2026-04-10 2026 | Fuzzing: What Are the Latest Developments? news | Library covering modern fuzzing advancements, highlighting its evolution into a core assurance technique for embedded, real-time, and safety-critical software. It details how fuzzing complements static analysis, runtime verification, and formal methods for high-integrity systems and explores recent innovations like grammar-based, hybrid, and AI-assisted fuzzing to improve defect detection and robustness. |
| 2026-04-10 2026 | A Survey of Kernel Fuzzing advanced | A Survey of Kernel Fuzzing |
| 2026-04-10 2026 | Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer intermediate | Step-by-Step Guide to Coverage-Guided Fuzzing with libFuzzer |
| 2026-04-10 2026 | Fuzzing: Brute Force Vulnerability Discovery - ACM beginner | Fuzzing: Brute Force Vulnerability Discovery - ACM → dl.acm.org |
| 2026-04-10 2026 | Fuzzing Vulnerability Discovery Techniques - ACM intermediate | Fuzzing Vulnerability Discovery Techniques - ACM → dl.acm.org |
| 2026-04-10 2026 | Vulnerability Discovery in ICS Using Fuzzing intermediate | Dissertation detailing strategies for fuzzing Industrial Control Systems (ICS). It presents a specialized fuzzing framework for translating PLC languages like Ladder Logic and Structured Text into C/C++, along with a reinforcement learning-driven technique for adaptive input mutation and LLMs for generating functionally diverse test cases. Silent crashes are detected using electromagnetic side-channel analysis, achieving significant improvements in crash detection, coverage, test case reduction, and silent crash identification. |
| 2026-04-10 2026 | A Directed Greybox Fuzzer for Windows Applications advanced | Tool for directed greybox fuzzing on Windows applications, WinDGF, addresses challenges in target function localization, GUI bypassing, and fitness metric calculation. It offers two modes: WinDGF_path for deep path exploration and WinDGF_keyblock for focused defect identification. Evaluations against WinAFL and Winnie show significant improvements in unique crash discovery, with WinDGF_keyblock showing up to a 79.48% increase over WinAFL. WinDGF also successfully reproduces 11 known crash points. |
| 2026-04-10 2026 | GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning advanced | GRLFuzz: Optimizing Mutation Strategies with Reinforcement Learning |
| 2026-04-10 2026 | Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions beginner | Fuzzing Vulnerability Discovery Techniques: Survey and Future Directions |
| 2026-04-10 2026 | Ultimate Guide to Fuzzing and Exploit Development beginner | Library of curated resources for mastering fuzzing and exploit development, including books, courses, video tutorials, tools, and practice labs. This comprehensive collection aids in identifying software vulnerabilities and building foundational ethical hacking skills. It emphasizes leveraging these materials, such as Awesome-Fuzzing, for accelerated learning in cybersecurity. |
| 2026-04-10 2026 | Mastering Fuzzing For Vulnerability Research: A Practical Guide beginner | Library for mastering fuzzing techniques, detailing setup with AFL++ and WinAFL, creating fuzzing harnesses, running fuzzers on target binaries, and analyzing crashes with GDB. It covers mitigating common vulnerabilities like stack overflows by replacing functions such as `strcpy` with safer alternatives like `strncpy`, and explores advanced fuzzing with libFuzzer. → undercodetesting.com |
| 2026-04-10 2026 | Revolutionizing Vulnerability Discovery with AI-Powered Fuzzing advanced | Library for AI-powered fuzzing, featuring tools like cleverhans and torch-fuzz. This resource details how AI enhances vulnerability discovery by automating test case generation and improving coverage, applicable to complex systems and IoT. It offers a step-by-step guide to setting up an AI fuzzing environment and discusses best practices for effective implementation, drawing parallels to Google's Fuzz Testing and Microsoft's Security Risk Detection. |
| 2026-04-09 2026 | Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook news | Mythos autonomously exploited vulnerabilities that survived 27 years of human review. Security teams need a new detection playbook https://ift.tt/dPpaVmM |
| 2026-04-06 2026 | Enhancing REST API Fuzzing with Access Policy Violation Detection intermediate API Sec | Library for enhancing REST API fuzzing by integrating novel automated oracles. These oracles detect violations of access policies, specifically addressing Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA), alongside traditional attacks like SQL Injection and XSS. The techniques are integrated into EvoMaster, a state-of-the-art REST API fuzzer, and can generate executable test cases in multiple programming languages upon detecting security faults. Experiments demonstrate improved detection of security issues compared to existing methods. → arxiv.org |
| 2026-04-06 2026 | Fuzzing REST APIs in Industry: Necessary Features and Lessons Learned intermediate | Tool detailing the integration of the open-source fuzzer EvoMaster into industrial REST API testing at Volkswagen AG. It shares lessons learned and discusses necessary features for academic prototypes to achieve real impact in software engineering, based on evaluations of four APIs and a user study with eleven testing specialists. → arxiv.org |
| 2026-04-03 2026 | MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing advanced | Framework MALF integrates multi-agent large language models for intelligent fuzzing of industrial control protocols like Modbus/TCP, S7Comm, and Ethernet/IP. It utilizes Retrieval-Augmented Generation and QLoRA fine-tuning for protocol-aware input generation, optimizing seed selection, mutation strategies, and feedback loops. In real-world ICS environments, MALF identified critical vulnerabilities, including zero-days registered by CNVD, surpassing traditional fuzzing methods with higher test case pass rates and improved exception trigger generation. → arxiv.org |
| 2026-04-03 2026 | Automating App Security with Advanced Fuzz Testing Techniques intermediate | Library for automating application security through advanced fuzz testing techniques, uncovering subtle edge-case bugs and zero-day vulnerabilities. It offers detailed explanations of fuzzing's evolution, its effectiveness in finding buffer overflows, memory leaks, and denial-of-service vectors, and how to integrate it into CI/CD pipelines. The resource highlights mutation-based, generation-based, and coverage-guided fuzzing, mentioning tools like AFL++, libFuzzer, and OneFuzz, and discusses its advantages over static analysis and manual testing for proactive vulnerability discovery. |
| 2026-04-03 2026 | Coverage Guided vs Blackbox Fuzzing | ClusterFuzz intermediate | Library for fuzzing applications, detailing coverage-guided techniques like those used by libFuzzer and AFL, and blackbox fuzzing. Coverage-guided fuzzing utilizes program instrumentation for informed input mutation to maximize code coverage, ideal for self-contained, deterministic, and fast targets like binary format parsers. Blackbox fuzzing operates without internal knowledge, suitable for large, non-deterministic, or slow targets with complex input formats, such as browser DOM fuzzers. |
| 2026-04-03 2026 | Make Fuzzing First-Class in CI/CD: Coverage-Guided Testing in 2025 intermediate | Library for integrating coverage-guided fuzzing into CI/CD pipelines, focusing on tools like libFuzzer and AFL++. It details practical implementation steps, including effective sanitizer usage (ASan, UBSan), corpus management, and efficient crash triage. The library supports C/C++, Rust, and Go, with specific guidance on fuzzing services like HTTP, JSON, and gRPC, aiming to make fuzzing a repeatable and low-friction part of the engineering process, akin to compilers and linters. |
| 2026-04-03 2026 | How to Use Fuzzing in Security Research | Keysight beginner | How to Use Fuzzing in Security Research | Keysight |
| 2026-04-03 2026 | Fuzz Testing: A Beginner's Guide | Better Stack beginner | Library for automated testing, fuzzing helps discover vulnerabilities by feeding random inputs to applications, excelling at finding edge cases missed by traditional methods. This guide covers mutation-based vs. generation-based fuzzing, and black-box, white-box, and gray-box approaches. It details common targets like file parsers and network protocols, recommending tools such as AFL and libFuzzer, and demonstrates practical examples of fuzzing file parsers and API endpoints. |
| 2026-04-03 2026 | libFuzzer and AFL++ | ClusterFuzz intermediate | Library for configuring coverage-guided fuzzing with libFuzzer and AFL++. Details setting up clang compilers (version 6.0+ recommended, trunk for serious use), building fuzz targets with AddressSanitizer and fuzzing flags like `-fsanitize=fuzzer` or `-fsanitize-coverage=trace-pc-guard`, and integrating with ClusterFuzz. It covers job naming conventions for libFuzzer and AFL, custom build uploads, seed corpus inclusion, and dictionary support for token-based fuzzing enhancements. |
| 2026-04-03 2026 | libFuzzer - A Library for Coverage-Guided Fuzz Testing | LLVM intermediate | Library for coverage-guided fuzz testing, libFuzzer is an in-process engine linked with target libraries to mutate inputs and maximize code coverage. It uses LLVM's SanitizerCoverage instrumentation and requires a matching Clang version. Fuzz targets, defined by `LLVMFuzzerTestOneInput`, must be deterministic, fast, and tolerate arbitrary inputs. libFuzzer integrates with AddressSanitizer (ASAN) and UndefinedBehaviorSanitizer (UBSAN) via compilation flags like `-fsanitize=fuzzer,address`. It utilizes a corpus of seed inputs and can merge or minimize corpora. Parallel execution with `-jobs` and `-workers` or the experimental `-fork` mode enhances fuzzing efficiency. |
| 2026-04-03 2026 | AFL - American Fuzzy Lop: A Security-Oriented Fuzzer intermediate | Library for security-oriented fuzzing, American Fuzzy Lop (AFL) employs an instrumentation-guided genetic algorithm to identify vulnerabilities. It leverages modified edge coverage to detect program control flow changes and uses an input queue that grows as new states are discovered. AFL supports both compile-time instrumentation for source code availability and experimental binary instrumentation via QEMU user-space emulation for black-box targets. The tool generates a corpus of interesting test cases useful for other testing regimes and offers options for hardening and heap corruption detection. |
| 2026-04-03 2026 | Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster intermediate | Library extending coverage-guided fuzzing instrumentation. This resource details modifying Fuzzilli's instrumentation for JerryScript to incorporate return addresses and symbolization of program counters, enhancing bug hunting beyond simple edge coverage. It leverages Clang's sanitizers, specifically `__sanitizer_cov_trace_pc_guard` and `__builtin_return_address`, to extract richer execution data for more effective vulnerability discovery in complex software. |
| 2025-12-30 2025 | Teycir/BurpAPISecuritySuite: Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage. intermediate API Sec Burp GraphQL | Library for comprehensive API security testing within Burp Suite. It consolidates 15 attack types, including BOLA, IDOR, SQL injection, XSS, and GraphQL vulnerabilities, with over 108 payloads and intelligent fuzzing capabilities. The extension offers automated reconnaissance, detects security issues across the OWASP API Top 10, and integrates with external tools like Nuclei, Turbo Intruder, SQLMap, and Dalfox. It features AI integration for payload generation and supports REST, GraphQL, and SOAP APIs. |
| 2025-08-14 2025 | NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open intermediate SQLi SSRF XSS | "NucleiFuzzer is an automation tool designed to detect vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated testing and identification of security flaws in web applications." → kitploit.com |
| 2025-08-14 2025 | raminfp/fuzzer-development-with-rust beginner | Library for developing custom fuzzing tools in Rust, covering fundamental concepts like basic, general, seed, targeted, hybrid, generative, in-memory, and disk-based corpuses. It details various mutation strategies including arithmetic, bitmask, and token mutations, alongside feedback-driven approaches such as block, branch, function, loop, path, and statement coverage. This resource enables researchers to build tailored fuzzers for discovering vulnerabilities in open-source and internal codebases. |
| 2025-08-14 2025 | Fuzzing Forum beginner | Library hosting tutorials, examples, and research on fuzzing techniques, covering topics like structure-aware fuzzing with libFuzzer, AFL-based fuzzers, and the OSS-Fuzz continuous fuzzing service. It includes a glossary and details on ClusterFuzz and FuzzBench infrastructure. |
| 2024-12-31 2024 | GitHub - danialhalo/SqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers intermediate Python SQLi | Tool for detecting time-based blind SQL injection vulnerabilities specifically within HTTP headers. SqliSniper utilizes multi-threaded scanning to accelerate discovery and incorporates response time analysis to reduce false positives. It supports custom payloads and headers, and can send alerts to Discord webhooks upon successful detection of vulnerabilities. |
| 2024-12-21 2024 | GitHub - Cybersecurity-Ethical-Hacker/xssdynagen: 🪄 XSSDynaGen is a tool designed to analyze URLs with parameters, identify the characters allowed by the server, and generate advanced XSS payloads based on the analysis results. intermediate XSS | Library for advanced XSS payload generation that analyzes URLs with parameters to identify server-allowed characters. It leverages AsyncIO and aiohttp for speed, supports custom character sets, and generates payloads using techniques like null bytes, Unicode encoding, and obfuscation. Features include batch processing, proxy support, rate limiting, retry logic, and JSON output, integrating with tools like paramspider and httpx-toolkit. |
| 2024-09-24 2024 | GitHub - raminfp/the-art-of-fuzzing: Application Fuzzing: Tools, Techniques, and Best Practices beginner | Library covering application fuzzing, detailing static, dynamic, symbolic, and concolic execution techniques. It provides language-specific guidance for Python, Go, and Rust fuzzing, alongside strategies for Java applications and web technologies. The resource explores tools like `cargo-fuzz` and case studies involving libraries such as Gson and JSoup, offering best practices for integrating fuzzing into development workflows. |
| 2024-08-12 2024 | GitHub - Brum3ns/firefly: Black box fuzzer for web applications beginner API Sec | Library for black-box fuzzing of web applications, Firefly utilizes goroutines for performance and offers advanced features like payload tampering, encoding, and request verification to refine results. It supports custom wordlists, filters responses by status codes or line counts, and allows matching specific regex patterns, with options for plaintext or JSON output, and customizable concurrency and delays. |
| 2024-08-03 2024 | Beyond the Limit: Expanding single-packet race condition with a first sequence sync for breaking the 65,535 byte limit advanced API Sec | Writeup detailing a technique to bypass the 1,500-byte single-packet attack limit for race conditions by combining IP fragmentation and TCP sequence number reordering. This method allows for the exploitation of vulnerabilities requiring a large number of simultaneous requests, potentially overcoming limitations like HTTP/2's SETTINGS_MAX_CONCURRENT_STREAMS by sending many large TCP packets out-of-order until the final packet with the first sequence number triggers simultaneous processing. |
| 2023-10-05 2023 | How to build custom scanners for web security research automation intermediate Burp Recon | Tool for automating web security research, specifically focusing on detecting race conditions and information leaks. This Burp Suite extension leverages techniques like the single-packet attack to probe for anomalies and utilizes "gadgets" such as user request data embedded in JavaScript to identify vulnerabilities like race-infoleak, inspired by research on Cloudbleed and web race conditions. → portswigger.net |
| 2023-10-01 2023 | intrudir/BypassFuzzer intermediate | Tool for fuzzing 401/403 endpoints for bypasses, performing checks via headers, path normalization, and verbs. BypassFuzzer outputs response codes and lengths, features a "smart" filter to mute repeated responses, and accepts raw HTTP requests from Burp. It saves successful request/response pairs to a SQLite database for later inspection and supports out-of-band (OOB) interactions. |
| 2023-09-03 2023 | ffuf advanced tricks - ACCEIS intermediate API Sec | Library for advanced web application fuzzing, `ffuf` goes beyond simple directory enumeration. It supports injecting wordlists into URLs, GET/POST parameters, and HTTP headers, and can read from STDIN or use external generators like Radamsa. This resource details `ffuf`'s configuration file, enabling persistent settings for colorization, custom headers, proxy usage, and multiple simultaneous wordlists, enhancing its capabilities for penetration testing. |
| 2023-08-11 2023 | [tl;dr sec] #194 - CNAPPGoat KubeFuzz tl;dr sec swag news | Library for deploying vulnerable-by-design cloud resources, CNAPPgoat, modularly provisions components across AWS, Azure, and GCP. Fuzzing Kubernetes Admission Controllers is enabled by KubeFuzz, a generative and mutative fuzzer designed to uncover unexpected behavior in complex admission controller setups. |
| 2023-05-29 2023 | RepeaterSearch intermediate Burp | Extension that adds a search bar to Burp Suite's Repeater tab, enabling users to find requests and/or responses containing a specific string or regular expression. This functionality helps in quickly locating relevant data within the Repeater history. |
| 2023-04-03 2023 | Download and Installation Scapy 2.4.5. documentation beginner Python | Library for network packet manipulation, Scapy offers installation instructions for various platforms including Unix-like systems, macOS, and Windows. It details installation via pip, including options for the development version, and outlines optional dependencies for features like plotting (Matplotlib), 2D graphics (PyX), graphs (Graphviz, ImageMagick), 3D graphics (VPython-Jupyter), WEP decryption and TLS decryption (cryptography), fingerprinting (Nmap), and VOIP (SoX). The documentation also covers building Scapy's offline documentation with Sphinx and generating UML diagrams with pyreverse. |
| 2023-04-03 2023 | Scapy beginner Python | Scapy http://scapy.net/ |
| 2023-04-03 2023 | Usage Scapy 2.4.5. documentation beginner Python | Library for crafting, sending, receiving, and dissecting network packets. It features an interactive shell, packet construction with layer stacking and field manipulation, PCAP file reading/writing, graphical dumps, set generation for multiple packet variations, and functions for sending packets at layers 2 and 3 (sendp and send). Scapy also supports multicast with scope identifiers and includes a fuzz() function for randomizing packet fields. |
| 2022-01-16 2022 | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes intermediate Recon SQLi | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes |
| 2022-01-10 2022 | Install Nuclei beginner Recon | Tool for high-performance vulnerability scanning using YAML-based templates, Nuclei empowers users to create custom detection scenarios that minimize false positives. Supporting multiple protocols like HTTP, DNS, and TCP, it offers ultra-fast parallel processing and integrates with CI/CD pipelines, Jira, and Splunk. Its extensive template library, contributed by security professionals, covers trending vulnerabilities and allows for fine-grained filtering by author, tag, severity, and template ID. |
| 2022-01-10 2022 | Nuclei Templates beginner Recon | Library of community-curated templates for the nuclei scanner, enabling the detection of security vulnerabilities in applications. This repository hosts official and user-contributed templates, with comprehensive documentation available for creating custom scans. The project emphasizes community involvement through template contributions, feature requests, and bug reports, fostering collaboration via GitHub discussions and an active Discord server. |
| 2022-01-10 2022 | ffuf - Fuzz Faster U Fool beginner Recon | Library for fast web fuzzing, written in Go, that allows users to fuzz URLs, headers, and POST data using the `FUZZ` keyword. It supports features like filtering responses by size or status code, recursive scanning, timeouts per job or for the entire process, and integration with mutators like Radamsa for generating payloads. Installation is available via prebuilt binaries, Homebrew, or Go modules. |
| 2022-01-03 2022 | fuzzDicts beginner | Library of web pentesting fuzzing dictionaries, continuously updated. It includes payloads for RCE, directory traversal, user enumeration with Baidu's top 3000 Chinese surnames, common mobile numbers, and Huawei security product default credentials. The collection also features CentOS and AIX file lists for SSRF, Burp's XSS payloads, user IDs from security circles, and strong/weak password lists. It covers parameter fuzzing, API endpoints, router credentials, and file extensions, recommending tools like Burp Suite and sqlmap. |
| 2022-01-02 2022 | a c program containing vulnerable code for common types of vulnerabilities can be used to show fuzzing concepts. beginner RCE | Program containing vulnerable code for common types of vulnerabilities such as integer overflow, out-of-bounds read/write, double free, use-after-free, memory leaks, and stack/heap exhaustion. This C program is designed to be fuzzed using tools like AFL, libafl, libfuzzer, and honggfuzz to demonstrate fuzzing concepts and discover these common vulnerability classes. |
| 2021-11-26 2021 | New differential fuzzing tool reveals novel HTTP request smuggling techniques advanced SSRF | New differential fuzzing tool reveals novel HTTP request smuggling techniques → portswigger.net |
| 2021-11-24 2021 | Fuzzing with Scapy: Introduction to Network Protocol Fuzzing beginner Talks | Fuzzing with Scapy: Introduction to Network Protocol Fuzzing |
Frequently Asked Questions
- What is the difference between dumb and smart fuzzing?
- Dumb fuzzing generates random inputs with no knowledge of the target's expected format. Smart fuzzing uses coverage feedback (coverage-guided) or grammar definitions (grammar-based) to generate inputs that explore new code paths and conform to expected structures. Smart fuzzers like AFL++ and libFuzzer find deeper bugs more efficiently.
- How is web fuzzing different from binary fuzzing?
- Web fuzzing tests HTTP parameters, paths, and headers using wordlists and mutation rules — tools like ffuf and Burp Intruder. Binary fuzzing tests compiled programs by mutating file inputs or network data to trigger crashes — tools like AFL++, libFuzzer, and Honggfuzz. Both aim to find bugs through unexpected inputs but operate at different layers.
- What has fuzzing discovered in the real world?
- Fuzzing has found thousands of critical vulnerabilities. Google's OSS-Fuzz has discovered over 10,000 bugs across hundreds of open-source projects including Chrome, OpenSSL, and the Linux kernel. Heartbleed-class vulnerabilities, parser bugs in image and document formats, and memory corruption in network protocol implementations have all been found through fuzzing.
Weekly AppSec Digest
Get new resources delivered every Monday.