0Day Exploits, Afl(American Fuzzy Lop), Afl++
This article delves into the world of fuzzing tools like AFL and AFL++ for identifying vulnerabilities. It also covers seed generation techniques such as Skyfire and Learn&Fuzz. Furthermore, it explores static and dynamic analysis methods including LSTM, RL, ILF, VUzzer, GreyOne, and discusses efficiency metrics in software testing.
oss-fuzz supports fuzzing C/C++, Rust, Go, Python and Java/JVM code
blog about greyone Discover Vulnerabilities with Flow Sensitive Fuzzing
AFL(American Fuzzy Lop)是由安全研究员Michał Zalewski(@lcamtuf)开发的一款基于覆盖引导(Coverage-guided)的模糊测试工具,它通过记录输入样本的代码覆盖率,从而调整输入样本以提高覆盖率,增加发现漏洞的概率
intro-to-american-fuzzy-lop-fuzzing-in-5-steps
fuzzing-with-american-fuzzy-lop-afl
AFL++ can fuzz c source code, binary targets, network services, gui programs
Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer
seed generation
AI based
Skyfire (learn a probabilistic CFG grammar)
Learn&Fuzz (learn a RNN model of valid inputs)
GAN (learn a GAN to generate legitimate seeds)
Neuzz (learn a NN to model input -> coverage)
Symbolic Execution
Driller
QSYM
DigFuzz
SAVIOR
Intriguer
Matryoshka
HFL
static/dynamic analysis
FANS
seed mutation
AI based
Mopt
LSTM
RL
ILF
program based
VUzzer
GreyOne