search

ossf / fuzz-introspector

Fuzz Introspector -- introspect, extend and optimise fuzzers
https://fuzz-introspector.readthedocs.io
Apache License 2.0
384 stars 57 forks source link
fuzz-testing fuzzing security security-research testing vulnerability-analysis

readme

OpenSSF Scorecard

Fuzz introspector

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers. Fuzz introspector aggregates the fuzzers’ functional data like coverage, hit frequency, entry points, etc to give the developer a birds eye view of their fuzzer. This helps with identifying fuzz bottlenecks and blockers and eventually helps in developing better fuzzers.

Fuzz-introspector aims to improve fuzzing experience of a project by guiding on whether you should:

Indexing OSS-Fuzz projects

Open Source Fuzzing Introspection provides introspection capabilities to OSS-Fuzz projects and is powered by Fuzz Introspector. This page gives macro insights into the fuzzing of open source projects.

On this page you'll see a list of all the projects that are currently analysed by Fuzz Introspector:

Docs and demonstrations

The main Fuzz Introspector documentation is available here: https://fuzz-introspector.readthedocs.io This documentation includes user guides, OSS-Fuzz instructions, tutorials, development docs and more. Additionally, there is more information:

Architecture

The workflow of fuzz-introspector can be visualised as follows: Functions table

A more detailed description is available in doc/Architecture

Contribute

Code of Conduct

Before contributing, please follow our Code of Conduct.

Connect with the Fuzzing Community

If you want to get involved in the Fuzzing community or have ideas to chat about, we discuss this project in the OSSF Security Tooling Working Group meetings.

More specifically, you can attend Fuzzing Collaboration meeting (monthly on the first Tuesday 10:30am - 11:30am PST Calendar, Zoom Link).