23 releases

new 0.15.12 Nov 20, 2024
0.15.10 Jul 19, 2024
0.15.4 Mar 11, 2024
0.15.1 Dec 16, 2023
0.0.0 Mar 27, 2023

#406 in Testing

Download history 1114/week @ 2024-08-05 640/week @ 2024-08-12 994/week @ 2024-08-19 302/week @ 2024-08-26 567/week @ 2024-09-02 432/week @ 2024-09-09 361/week @ 2024-09-16 620/week @ 2024-09-23 632/week @ 2024-09-30 309/week @ 2024-10-07 1020/week @ 2024-10-14 640/week @ 2024-10-21 432/week @ 2024-10-28 559/week @ 2024-11-04 861/week @ 2024-11-11 1065/week @ 2024-11-18

3,047 downloads per month

Apache-2.0

5MB
122K SLoC

C 97K SLoC // 0.1% comments C++ 15K SLoC // 0.1% comments Python 4K SLoC // 0.2% comments Shell 3K SLoC // 0.1% comments Rust 747 SLoC // 0.1% comments JavaScript 552 SLoC // 0.2% comments BASH 363 SLoC // 0.2% comments TypeScript 328 SLoC // 0.4% comments Jupyter Notebooks 99 SLoC // 0.4% comments CodeQL 45 SLoC // 0.1% comments Java 43 SLoC // 0.4% comments Bitbake 33 SLoC SQL 3 SLoC

Contains (ELF exe/lib, 21KB) persistent_target, (ELF exe/lib, 17KB) persistent_target_x86_64, (ELF exe/lib, 18KB) simple_target_x86_64, (ELF exe/lib, 17KB) persistent_target_x86_64, (ELF exe/lib, 18KB) simple_target_x86_64, (static library, 1KB) small_archive.a and 2 more.

afl.rs logo
afl.rs

Fuzzing Rust code with AFLplusplus

What is it?

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. AFLplusplus is a popular, effective, and modern fuzz testing tool based on AFL. This library, afl.rs, allows one to run AFLplusplus on code written in the Rust programming language.

Documentation

Documentation can be found in the Rust Fuzz Book.

What does it look like?

Screen recording of afl

Screen recording of AFL running on Rust code.

Hints

Before starting to fuzz, you should reconfigure your system for optimal performance and better crash detection. This can be done with cargo afl system-config. But this subcommand requires root, so it uses sudo internally. Hence, you might need to enter your password.

By default, the AFL++ CMPLOG feature is activated, which helps to achieve good code coverage. However, it is not beneficial to activate CMPLOG on more than two instances. So if you run multiple AFL++ instances on your fuzzing target, you can disable CMPLOG by specifying the command line parameter '-c -'.

This document will familiarize you with AFL++ features to help in running a successful fuzzing campaign.

By default, the fuzzing config is set when cargo-afl is used to build. If you want to prevent this, just set the environment variable AFL_NO_CFG_FUZZING to 1 when building.

Dependencies

~5–15MB
~217K SLoC