sourcepulse logobeta
HomeBrowse all repos

PromptFuzz  by FuzzAnything

Fuzzing tool for automated fuzz driver generation

created 1 year ago
280 stars

Top 93.9% on sourcepulse

GitHubView on GitHub
Project Summary

PromptFuzz is an automated tool for generating fuzz drivers for libraries by mutating LLM prompts within a fuzz loop. It targets researchers and developers seeking to improve code coverage and discover security vulnerabilities in C/C++ libraries, offering a novel approach to fuzzing that leverages LLMs for API interaction discovery.

How It Works

PromptFuzz employs a feedback-driven fuzz loop that mutates LLM prompts to generate fuzz drivers. It extracts library context to construct these prompts, prioritizing mutations that explore complex API interrelationships guided by code coverage. The generated programs undergo rigorous sanitization for syntax, semantics, behavior, and coverage before being integrated with the LibFuzzer grey-box fuzzing engine.

Quick Start & Requirements

  • Install: pip install promptfuzz
  • Prerequisites: Python 3.8+, LLM API access (e.g., OpenAI API key for ChatGPT/GPT-4), LibFuzzer.
  • Setup: Requires configuration of LLM API keys and potentially building target libraries with fuzzing instrumentation.
  • Docs: https://github.com/FuzzAnything/PromptFuzz

Highlighted Details

  • Achieved 40.12% branch coverage on tested libraries, outperforming OSS-Fuzz and Hopper.
  • Detected 33 valid security bugs across multiple libraries, including CVEs in libaom, libvpx, and libTIFF.
  • Supports multiple LLMs (Codex, Incoder, ChatGPT, GPT4) and prioritizes API combinations for mutation.
  • Integrates with LibFuzzer for grey-box fuzzing.

Maintenance & Community

The project appears to be research-driven with contributions from academic institutions. Further community engagement channels are not explicitly listed in the README.

Licensing & Compatibility

The README does not specify a license. This lack of explicit licensing makes commercial use or integration into closed-source projects uncertain without further clarification.

Limitations & Caveats

PromptFuzz is currently tested on ChatGPT and primarily targets C/C++ libraries. Future work aims to generalize to binary programs and apply to closed-source libraries via LLM fine-tuning, indicating current limitations in these areas.

Health Check
Last commit

4 days ago

Responsiveness

1 week

Pull Requests (30d)
1
Issues (30d)
3
Star History
21 stars in the last 90 days

Explore Similar Projects

Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

ChatAFL by ChatAFLndss

0.6%
348
Protocol fuzzer guided by LLMs (NDSS'24 paper)
created 1 year ago
updated 1 month ago

fuzz4all by fuzz4all

0.4%
275
Fuzzer using LLMs for universal input generation
created 1 year ago
updated 9 months ago

LLMFuzzer by mnns

0.7%
303
Fuzzing framework for LLM API integrations
created 2 years ago
updated 1 year ago

LLMDebugger by FloridSleeves

0.5%
554
LLM debugger refines programs using runtime execution info
created 1 year ago
updated 10 months ago

GPTFuzz by sherdencooper

0.6%
510
Red-teaming tool for LLMs using auto-generated jailbreak prompts
created 1 year ago
updated 10 months ago
Starred by Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind).

ps-fuzz by prompt-security

0.6%
526
GenAI security tool to harden system prompts against LLM attacks
created 1 year ago
updated 3 days ago

bbFuzzing.txt by reewardius

0.3%
394
Fuzzing wordlist, mostly AI-generated, for web app security testing
created 2 years ago
updated 1 month ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

funfuzz by MozillaSecurity

0%
636
Fuzzing harness for SpiderMonkey JavaScript engine testing
created 10 years ago
updated 2 years ago

qsym by sslab-gatech

0.1%
648
Concolic execution engine for hybrid fuzzing
created 7 years ago
updated 2 years ago
Starred by Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), Chip Huyen Chip Huyen(Author of AI Engineering, Designing Machine Learning Systems), and
1 more.

oss-fuzz-gen by google

0.3%
1k
LLM-powered fuzz target generator for C/C++/Java/Python projects, benchmarked via OSS-Fuzz
created 1 year ago
updated 5 days ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

vulnhuntr by protectai

13.5%
2k
LLM-powered tool for zero-day vulnerability discovery via static code analysis
created 9 months ago
updated 5 months ago
Starred by Boris Cherny Boris Cherny(Creator of Claude Code; MTS at Anthropic), Hiroshi Shibata Hiroshi Shibata(Core Contributor to Ruby), and
4 more.

oss-fuzz by google

0.2%
11k
Continuous fuzzing for open source software
created 9 years ago
updated 1 day ago
Feedback? Help us improve.