加载中
正在获取最新内容,请稍候...
afl++ - Advanced Fuzzing Framework
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
C
Added on 2025年6月28日5,814
Stars1,145
ForksC
LanguageProject Introduction
Summary
afl++ is an advanced, community-driven, and highly optimized version of the popular American Fuzzy Lop (AFL) fuzzer. It combines numerous state-of-the-art techniques and improvements to enhance fuzzing performance, coverage discovery, and bug detection capabilities.
Problem Solved
Software frequently contains hidden bugs and security vulnerabilities that are difficult to find through manual testing. afl++ provides a highly effective, automated, and guided approach to discover these issues by systematically feeding invalid or unexpected data to the target program.
Core Features
Community Patches
Integrates valuable improvements and fixes contributed by the fuzzer community.
QEMU 5.1 Upgrade
Supports fuzzing targets without source code using the updated QEMU 5.1 emulator.
Collision-Free Coverage
Employs advanced techniques to provide more accurate and collision-free coverage tracking.
Enhanced LAF-Intel & Redqueen
Includes sophisticated instrumentation and mutation strategies like enhanced LAF-Intel and Redqueen for better test case generation.
AFLfast++ Power Schedules
Implements efficient power schedules derived from AFLfast++ research for optimized fuzzing campaigns.
MOpt Mutators
Incorporates effective mutation operators from MOpt for generating diverse and powerful test inputs.
Unicorn Mode
Enables fuzzing of firmware and bare-metal code through emulation using the Unicorn engine.
Tech Stack
C
C++
Assembly
Linux Kernel Features
QEMU
Unicorn Engine
使用场景
afl++ is widely applicable for automated software testing and bug/vulnerability discovery across various domains and software types.
文件格式与协议解析器测试
Details
Analyze and find bugs in parsers for various data formats (e.g., images, documents, network protocols) to ensure they handle malformed inputs robustly.
User Value
Significantly reduces the likelihood of crashes or security vulnerabilities triggered by unexpected input data.
闭源软件及固件安全审计
Details
Use emulation modes (QEMU, Unicorn) to test closed-source binaries, libraries, or even firmware for vulnerabilities without needing source code access.
User Value
Enables security analysis of proprietary or embedded systems where source code is unavailable.
持续集成/持续部署中的模糊测试
Details
Integrate afl++ into CI/CD pipelines to continuously test software for new bugs introduced during development.
User Value
Automates bug detection early in the development cycle, reducing remediation costs and improving code quality.
Recommended Projects
You might be interested in these projects
redcanarycoatomic-red-team
Atomic Red Team is a library of simple, highly portable execution tests that map to the MITRE ATT&CK framework. These tests can be used by defenders to validate their security controls and improve detection capabilities.
C
107012936
hexgradkokoro
Kokoro-82M is a compact and efficient AI model optimized for various text generation tasks, making it ideal for applications requiring fast inference and lower resource usage.
JavaScript
3043329
debeziumdebezium
Debezium is an open source distributed platform for change data capture (CDC). It provides a set of connectors to capture row-level changes from various databases and stream them immediately to applications.
Java
115712692