Convert Figma logo to code with AI

google logohonggfuzz

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

3,286
533
3,286
29
View on GitHub

Top Related Projects

google's avatar

clusterfuzz

5,500

Scalable fuzzing infrastructure.

google's avatar

oss-fuzz

11,863

OSS-Fuzz - continuous fuzzing for open source software.

fuzzdb-project's avatar

fuzzdb

8,724

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Quick Overview

Honggfuzz is a security-oriented fuzzer with powerful analysis options. It's designed to be easy to use, fast, and effective at finding software bugs. Honggfuzz supports various operating systems and architectures, making it a versatile tool for developers and security researchers.

Pros

  • Supports multiple platforms (Linux, macOS, Windows) and CPU architectures
  • Offers various fuzzing techniques, including feedback-driven fuzzing
  • Provides built-in instrumentation for better code coverage
  • Integrates well with sanitizers like AddressSanitizer and UndefinedBehaviorSanitizer

Cons

  • Steeper learning curve compared to some simpler fuzzers
  • May require additional setup for certain features or platforms
  • Documentation could be more comprehensive for advanced use cases
  • Performance can vary depending on the target application and configuration

Getting Started

To get started with Honggfuzz, follow these steps:

  1. Clone the repository:

    git clone https://github.com/google/honggfuzz.git

  2. Build Honggfuzz:

    cd honggfuzz
make

  3. Run Honggfuzz on a sample target:

    ./honggfuzz -f input_corpus/ -w output_corpus/ -- ./target_binary ___FILE___

Replace input_corpus/ with your initial input files, output_corpus/ with the directory for new test cases, and ./target_binary with the path to your target application. The ___FILE___ placeholder will be replaced by Honggfuzz with the input file path.

For more detailed instructions and advanced usage, refer to the project's documentation on GitHub.

Competitor Comparisons

google logo

clusterfuzz

5,500

Scalable fuzzing infrastructure.

Pros of ClusterFuzz

  • Designed for large-scale fuzzing with distributed architecture
  • Supports multiple programming languages and fuzzing engines
  • Provides a web interface for managing and monitoring fuzzing campaigns

Cons of ClusterFuzz

  • More complex setup and infrastructure requirements
  • Steeper learning curve for configuration and deployment
  • May be overkill for smaller projects or individual developers

Code Comparison

Honggfuzz example (main fuzzing loop):

for (;;) {
    if (fuzz_one(hfuzz, fuzzer) == false) {
        break;
    }
}

ClusterFuzz example (job script):

def fuzz(input_corpus, output_corpus, target_binary):
    # Fuzzing logic here
    pass

if __name__ == '__main__':
    fuzz(sys.argv[1], sys.argv[2], sys.argv[3])

Summary

Honggfuzz is a simpler, lightweight fuzzing tool that's easy to set up and use for individual developers or smaller projects. It focuses primarily on coverage-guided fuzzing for C/C++ programs.

ClusterFuzz, on the other hand, is a more comprehensive fuzzing platform designed for large-scale, distributed fuzzing across multiple projects and languages. It offers advanced features like continuous integration, bug tracking, and detailed analytics, but requires more setup and infrastructure.

Choose Honggfuzz for quick, straightforward fuzzing of C/C++ projects, and ClusterFuzz for enterprise-level, multi-language fuzzing campaigns with extensive management and reporting capabilities.

google logo

oss-fuzz

11,863

OSS-Fuzz - continuous fuzzing for open source software.

Pros of OSS-Fuzz

  • Supports multiple fuzzing engines (libFuzzer, AFL++, Honggfuzz)
  • Integrates with ClusterFuzz for scalable fuzzing infrastructure
  • Provides continuous fuzzing for open-source projects

Cons of OSS-Fuzz

  • More complex setup and configuration compared to Honggfuzz
  • Limited to open-source projects (not suitable for proprietary software)
  • Requires more resources due to its comprehensive approach

Code Comparison

OSS-Fuzz (build.sh example):

#!/bin/bash -eu
$CXX $CXXFLAGS -std=c++11 -I. \
    /path/to/fuzz_target.cc -o $OUT/fuzz_target \
    $LIB_FUZZING_ENGINE

Honggfuzz (simple usage):

honggfuzz -f input_dir/ -w output_dir/ -- /path/to/tested/binary @@

OSS-Fuzz focuses on integrating multiple fuzzing engines and providing a comprehensive fuzzing infrastructure, while Honggfuzz offers a more straightforward approach with its own fuzzing engine. OSS-Fuzz is better suited for large-scale, open-source projects, whereas Honggfuzz can be quickly deployed for both open-source and proprietary software fuzzing needs.

fuzzdb-project logo

fuzzdb

8,724

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

Pros of FuzzDB

  • Extensive collection of attack patterns and payloads for various types of security testing
  • Language-agnostic and can be used with any fuzzing tool or framework
  • Regularly updated with new attack vectors and patterns

Cons of FuzzDB

  • Not a standalone fuzzing tool, requires integration with other tools
  • Less automated and intelligent than Honggfuzz's instrumentation-guided fuzzing
  • May require more manual effort to use effectively in complex testing scenarios

Code Comparison

FuzzDB (example payload):

<script>alert(1)</script>

Honggfuzz (example usage):

int main(int argc, char **argv) {
    honggfuzz_init(&hfuzz);
    honggfuzz_run();
    return 0;
}

Summary

FuzzDB is a comprehensive database of attack patterns and payloads, while Honggfuzz is a powerful, instrumentation-guided fuzzing tool. FuzzDB offers flexibility and a wide range of pre-built test cases, making it useful for various security testing scenarios. However, it requires integration with other tools and potentially more manual effort. Honggfuzz, on the other hand, provides advanced fuzzing capabilities with built-in instrumentation and automation, but may have a steeper learning curve for beginners.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Honggfuzz

A security-oriented, feedback-driven, evolutionary fuzzer.

Honggfuzz is a general-purpose fuzzer that uses code coverage (software and hardware-based) to find bugs. It is multi-process, multi-threaded, and supports persistent fuzzing for extreme speed.

Key Features

  • Fast: Multi-process and multi-threaded engine. unlocking full CPU potential.
  • Persistent Fuzzing: Test APIs directly in-process with iteration speeds up to 1M/sec.
  • Feedback-Driven: Uses hardware (Intel BTS/PT) and software code coverage to evolve inputs.
  • Easy: Can start with an empty corpus and automatically build a valid input set.
  • Deep Monitoring: Uses low-level APIs (ptrace) to detect hijacked signals and hidden crashes.
  • Broad Support: Linux, macOS, Android, NetBSD, FreeBSD, and Windows (Cygwin).

Installation

Dependencies

Linux (Ubuntu/Debian)

sudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang

macOS Requires Xcode (10.8+) and libblocksruntime.

Build

make
# Compilation wrappers are created in hfuzz_cc/

Usage

1. Compile Target

Use the provided compiler wrappers to automatically add instrumentation:

# C code
./hfuzz_cc/hfuzz-clang -o my_target my_target.c

# C++ code
./hfuzz_cc/hfuzz-clang++ -o my_target my_target.cpp

2. Run Fuzzer

Point it to an input corpus directory (can be empty) and your binary:

# Basic run
./honggfuzz -i input_dir/ -- ./my_target ___FILE___

# Persistent mode (faster)
./honggfuzz -P -i input_dir/ -- ./my_target

Note: ___FILE___ is a placeholder for the input filename generated by honggfuzz.

For advanced examples (Apache, OpenSSL, BIND, etc.), check the examples/ directory.

See USAGE.md for detailed options.

Trophies

Honggfuzz has discovered major security vulnerabilities in critical software.

HTTP & Servers

  • Apache HTTPD:
    • CVE-2017-7659 (mod_http2 remote crash)
    • CVE-2017-9789 (Use-after-free)
    • CVE-2018-1301, CVE-2018-1302, CVE-2018-1303
  • OpenSSH: Pre-auth remote crash (commit 28652bca)
  • BIND: Multiple bugs
  • NGINX Unit: Infinite loop
  • ProFTPD: CVE-2019-18217 (DoS)
  • Samba: CVE-2019-14907, CVE-2020-10745, CVE-2021-20277

Cryptography & SSL

  • OpenSSL:
    • CVE-2016-6309 (Critical, Potential RCE)
    • CVE-2015-1789, CVE-2016-7054, CVE-2017-3731
  • LibreSSL: Multiple crashes and invalid frees
  • BoringSSL: Uninitialized memory use
  • Crypto++: CVE-2016-9939 (Remote DoS)

Languages & Interpreters

  • PHP: WDDX bugs, generic interpreter crashes
  • Python/Ruby: Interpreter bugs
  • Rust: Panics/safety issues in regex, h2, sleep-parser, lewton
  • Perl: Multiple interpreter crashes

Media & Formats

  • FreeType 2: CVE-2010-2497 through CVE-2010-2527 (7+ CVEs)
  • LibTIFF: Multiple bugs
  • LibJPEG/Turbo: Multiple bugs
  • VLC: Double-free RCE
  • Adobe Flash: CVE-2015-0316
  • ImageIO (iOS/macOS): Multiple security problems (Project Zero)
  • LibreOffice: Memory corruption

System & Utils

  • Systemd: Tested by honggfuzz
  • fwupd: 17+ bugs found
  • TCPDump: Multiple bugs
  • Rsyslog: Multiple bugs

(See OSS-Fuzz for hundreds more)

Projects Using Honggfuzz

  • Google OSS-Fuzz: Continuous fuzzing for open source software.
  • Android: Used by Android Security team.
  • Rust: honggfuzz-rs crate for fuzzing Rust code.
  • Bitcoin Core: Fuzzing infrastructure.
  • Apache HTTP Server: CI fuzzing.
  • Systemd: CI fuzzing.
  • Cifasis QuickFuzz
  • Mozilla FuzzOS

License

Apache License 2.0.

This is NOT an official Google product