Crates.io | libafl |
lib.rs | libafl |
version | 0.13.2 |
source | src |
created_at | 2021-04-30 13:41:02.765574 |
updated_at | 2024-07-31 20:01:28.341509 |
description | Slot your own fuzzers together and extend their features using Rust |
homepage | |
repository | https://github.com/AFLplusplus/LibAFL/ |
max_upload_size | |
id | 391548 |
size | 1,905,567 |
Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust.
LibAFL is written and maintained by
LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include:
fast
: We do everything we can at compile time, keeping runtime overhead minimal. Users reach 120k execs/sec in frida-mode on a phone (using all cores).scalable
: Low Level Message Passing
, LLMP
for short, allows LibAFL to scale almost linearly over cores, and via TCP to multiple machines.adaptable
: You can replace each part of LibAFL. For example, BytesInput
is just one potential form input:
feel free to add an AST-based input for structured fuzzing, and more.multi platform
: LibAFL was confirmed to work on Windows, MacOS, Linux, and Android on x86_64 and aarch64. LibAFL
can be built in no_std
mode to inject LibAFL into obscure targets like embedded devices and hypervisors.bring your own target
: We support binary-only modes, like Frida-Mode, as well as multiple compilation passes for sourced-based instrumentation. Of course it's easy to add custom instrumentation backends.LibAFL is a collection of reusable pieces of fuzzers, written in Rust. It is fast, multi-platform, no_std compatible, and scales over cores and machines.
It offers a main crate that provide building blocks for custom fuzzers, libafl, a library containing common code that can be used for targets instrumentation, libafl_targets, and a library providing facilities to wrap compilers, libafl_cc.
LibAFL offers integrations with popular instrumentation frameworks. At the moment, the supported backends are:
The Rust development language.
We highly recommend not to use e.g. your Linux distribition package as this is likely outdated. So rather install
Rust directly, instructions can be found here.
LLVM tools
The LLVM tools (including clang, clang++) are needed (newer than LLVM 15.0.0 up to LLVM 18.1.3)
If you are using Debian/Ubuntu, again, we highly recommmend that you install the package from here
(In libafl_concolic
, we only support LLVM version newer than 18)
fuzzers/
directory. You can install it withcargo install cargo-make
git clone https://github.com/AFLplusplus/LibAFL
cargo build --release
cargo doc
cd docs && mdbook serve
We collect all example fuzzers in ./fuzzers
.
Be sure to read their documentation (and source), this is the natural way to get started!
You can run each example fuzzer with
cargo make run
as long as the fuzzer directory has Makefile.toml
file.
The best-tested fuzzer is ./fuzzers/libfuzzer_libpng
, a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.
Our research paper
Our RC3 talk explaining the core concepts
Our Fuzzcon Europe talk with a (a bit but not so much outdated) step-by-step discussion on how to build some example fuzzers
The Fuzzing101 solutions & series of blog posts by epi
Blogpost on binary-only fuzzing lib libaf_qemu, Hacking TMNF - Fuzzing the game server, by RickdeJager.
Please check out CONTRIBUTING.md for the contributing guideline.
If you use LibAFL for your academic work, please cite the following paper:
@inproceedings{libafl,
author = {Andrea Fioraldi and Dominik Maier and Dongjia Zhang and Davide Balzarotti},
title = {{LibAFL: A Framework to Build Modular and Reusable Fuzzers}},
booktitle = {Proceedings of the 29th ACM conference on Computer and communications security (CCS)},
series = {CCS '22},
year = {2022},
month = {November},
location = {Los Angeles, U.S.A.},
publisher = {ACM},
}