american fuzzy lop Description

American fuzzy lop, a security-oriented fuzzer, uses a novel form of compile-time tooling and genetic algorithms to discover clean test cases that trigger internal states within the binary. This improves the functional coverage of the fuzzed codes. The compact corpora generated by the tool can also be used to seed other, more resource-intensive or labor-intensive testing regimes in the future. Afl-fuzz, in comparison to other instrumented fuzzers, is designed to be practical. It has a modest overhead, uses highly effective fuzzing techniques and effort minimization tricks. It requires little configuration and handles complex real-world use-cases, such as common image parsing and file compression libraries. It's an instrumentation-guided genetic fuzzer capable of synthesizing complex file semantics in a wide range of non-trivial targets.

american fuzzy lop Alternatives
Sulley Reviews
Sulley
Sulley is an extensible fuzzing engine, and fuzz testing framework. Sulley (IMHO), surpasses the capabilities of many previously published fuzzing techniques, both commercial and public domain. The framework's goal is to simplify data representation, data transmission, and instrumentation. A pure-Python, fully automated and unattended framework for fuzzing. Sulley has not only impressive data generation, but has gone a step further to include many other important aspects that a modern fuzzer should provide. Sulley keeps meticulous records and monitors the network. Sulley monitors and instruments the target's health, capable of reverting back to a known-good state using multiple methods. Sulley tracks, categorizes and detects faults. Sulley can fuzz simultaneously, increasing test speed. Sulley can automatically identify which unique sequence of test cases triggers a fault.
Learn more
Awesome Fuzzing Reviews
Awesome Fuzzing
Awesome Fuzzing contains a list of fuzzing materials, including books, free and paid courses, videos, tutorials, vulnerable applications, and tools to help you learn fuzzing, as well as the initial phases of exploit creation, such root cause analysis. Videos on fuzzing courses/training, videos discussing fuzzing tools, techniques, and best practices. Blogs, conference talks, tutorials, tools for fuzzing, and fuzzers to help fuzze applications that use network protocols like HTTP, SSH and SMTP. Search for exploits that have apps available to download and then reproduce the exploit using the fuzzer you choose. Set of tests to test fuzzing engines. Includes different well-known bugs. Includes a corpus of files in various formats for fuzzing multiple target targets.
Learn more
Defensics Reviews
Defensics
Defensics, a versatile, automated blackbox fuzzer, allows organizations to quickly and effectively identify and fix security flaws in software. Identify flaws and zero-day vulnerabilities in protocols and services. The generational fuzzer uses an intelligent, targeted approach for negative testing. Advanced protocol template and file fuzzers allow users to create their own test cases. The SDK allows experts to use the Defensics framework for their own test cases. Defensics can be run without the need for source code because it is a black-box fuzzer. Defensics allows users to secure their cyber supply chain and ensure interoperability, robustness and security of software and devices, before introducing them into IT and lab environments. Fuzzing techniques that are properly executed can be a cost-effective and efficient way to find vulnerabilities. They can cover more code paths and iterations than manual analysis.
Learn more
go-fuzz Reviews
go-fuzz
Go-fuzz provides coverage-guided fuzzing for testing Go packages. Fuzzing is most useful for packages that parse binary and text inputs. It is also useful to harden systems that parse inputs that are potentially malicious (anything that is accepted over a LAN). Go Modules are now supported by go-fuzz. Please file an issue if you encounter a module problem. Data is a randomly generated input by go-fuzz. Note that it is usually invalid. The function must return 0 if no input should be added to the corpus, but the fuzzer must increase the priority. The fuzz function has to be in a package go-fuzz is able to import. This means that the code you wish to test cannot be in package main. However, fuzzing internal packages can be done.
Learn more

Pricing

Pricing Starts At:
Free
Free Version:
Yes

Integrations

View Integrations

Reviews

Total
ease
features
design
support

No User Reviews. Be the first to provide a review:

Write a Review

Company Details

Company:
Google
Headquarters:
United States
Website:
github.com/google/AFL

Media

american fuzzy lop Screenshot 1
american fuzzy lop Screenshot 1
Recommended Products
Our Free Plans just got better! | Auth0 by Okta Icon
Our Free Plans just got better! | Auth0 by Okta

With up to 25k MAUs and unlimited Okta connections, our Free Plan lets you focus on what you do best—building great apps.

You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your secuirty. Auth0 now, thank yourself later.
Try free now

Product Details

Platforms
Mac
Linux
Type of Training
Documentation
Customer Support
Online

american fuzzy lop Features and Options

american fuzzy lop User Reviews

Write a Review
  • Previous
  • Next