Afl-unicorn allows you to fuzz any binary code that can be emulated using Unicorn Engine. Afl-unicorn can fuzz any binary that can be emulated by Unicorn Engine. Unicorn Mode implements the block-edge instrumentation normally done by AFL's QEMU Mode into Unicorn Engine. AFL will basically use block coverage data from any emulated code to drive its input. The idea revolves around a Unicorn test harness that is constructed correctly. The Unicorn-based testing harness loads the target binary code, sets the initial state and loads data mutated by AFL. The test harness emulates the binary code of the target and, if a crash or an error occurs, it will send a signal. AFL will perform all its usual tasks, but is actually fuzzing the emulated binary code. It was only tested on Ubuntu 16.04 LTS but should work with any OS that can run both AFL and Unicorn.