sourcepulse logobeta
HomeBrowse all repos

oss-fuzz  by google

Continuous fuzzing for open source software

created 9 years ago
11,210 stars

Top 4.6% on sourcepulse

GitHubView on GitHub
6 Experts Love This Project
bcherny
Boris Cherny
Creator of Claude Code; MTS at Anthropic
hsbt
Hiroshi Shibata
Core Contributor to Ruby
alexey-milovidov
Alexey Milovidov
Cofounder of Clickhouse
bagder
Daniel Stenberg
Author of curl
and 2 more!
Project Summary

OSS-Fuzz provides a free, continuous fuzzing service for open-source projects to detect security vulnerabilities and stability bugs. It targets developers and maintainers of open-source software, aiming to improve overall software security and reliability by leveraging Google's extensive experience in fuzzing.

How It Works

OSS-Fuzz utilizes a combination of guided fuzzing engines (libFuzzer, AFL++, Honggfuzz) with sanitizers and a distributed execution environment called ClusterFuzz. This approach allows for scalable, in-depth analysis of code, effectively uncovering memory corruption bugs and other vulnerabilities that might be missed by traditional testing methods.

Quick Start & Requirements

To integrate a project, follow the detailed documentation available at https://github.com/google/oss-fuzz/blob/main/docs/adding_new_project.md. Projects typically require a fuzzing target (a function that takes input and passes it to the code being fuzzed) and a build configuration. OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript.

Highlighted Details

  • Identified over 10,000 vulnerabilities and 36,000 bugs across 1,000 projects as of August 2023.
  • Supports multiple fuzzing engines: libFuzzer, AFL++, and Honggfuzz.
  • Integrates with sanitizers for enhanced bug detection.
  • Supports fuzzing for x86_64 and i386 architectures.

Maintenance & Community

OSS-Fuzz is a Google-backed initiative, in cooperation with the Core Infrastructure Initiative and the OpenSSF. Blog posts detail ongoing developments and research in fuzzing.

Licensing & Compatibility

The project itself is licensed under the Apache 2.0 license. It is designed to fuzz open-source software, and the service is provided free of charge to qualifying projects.

Limitations & Caveats

OSS-Fuzz is primarily focused on open-source projects; closed-source projects need to run their own instances of ClusterFuzz or ClusterFuzzLite. While it supports many languages, effectiveness may vary, and some languages supported by LLVM might work but are not explicitly guaranteed.

Health Check
Last commit

1 day ago

Responsiveness

1 day

Pull Requests (30d)
254
Issues (30d)
6
Star History
231 stars in the last 90 days

Explore Similar Projects

PromptFuzz by FuzzAnything

0.4%
280
Fuzzing tool for automated fuzz driver generation
created 1 year ago
updated 4 days ago

fuzz4all by fuzz4all

0.4%
275
Fuzzer using LLMs for universal input generation
created 1 year ago
updated 9 months ago

LLMFuzzer by mnns

0.7%
303
Fuzzing framework for LLM API integrations
created 2 years ago
updated 1 year ago

fuzzware by fuzzware-fuzzer

0.3%
343
Firmware fuzzer for ARM Cortex-M, using emulation and MMIO modeling
created 3 years ago
updated 2 weeks ago

bbFuzzing.txt by reewardius

0.3%
394
Fuzzing wordlist, mostly AI-generated, for web app security testing
created 2 years ago
updated 1 month ago

kAFL by IntelLabs

1.0%
729
HW-assisted fuzzer for x86 VMs
created 5 years ago
updated 3 weeks ago
Starred by Georgios Konstantopoulos Georgios Konstantopoulos(CTO, General Partner at Paradigm) and David Phillips David Phillips(Author of Trino, Presto).

deepstate by trailofbits

0%
837
Testing framework for fuzzing and symbolic execution of C/C++ code
created 7 years ago
updated 6 months ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

funfuzz by MozillaSecurity

0%
636
Fuzzing harness for SpiderMonkey JavaScript engine testing
created 10 years ago
updated 2 years ago

FuzzingPaper by fengjixuchui

0%
352
Fuzzing papers collection, classified by conference and subject
created 6 years ago
updated 4 years ago

qsym by sslab-gatech

0.1%
648
Concolic execution engine for hybrid fuzzing
created 7 years ago
updated 2 years ago
Starred by Eric Zhang Eric Zhang(Founding Engineer at Modal) and Georgios Konstantopoulos Georgios Konstantopoulos(CTO, General Partner at Paradigm).

Angora by AngoraFuzzer

0%
946
Mutation-based fuzzer increasing branch coverage
created 7 years ago
updated 3 years ago
Starred by Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), Chip Huyen Chip Huyen(Author of AI Engineering, Designing Machine Learning Systems), and
1 more.

oss-fuzz-gen by google

0.3%
1k
LLM-powered fuzz target generator for C/C++/Java/Python projects, benchmarked via OSS-Fuzz
created 1 year ago
updated 5 days ago
Feedback? Help us improve.