0Day Exploits, Afl(American Fuzzy Lop), Afl++

This article delves into the world of fuzzing tools like AFL and AFL++ for identifying vulnerabilities. It also covers seed generation techniques such as Skyfire and Learn&Fuzz. Furthermore, it explores static and dynamic analysis methods including LSTM, RL, ILF, VUzzer, GreyOne, and discusses efficiency metrics in software testing.

---

oss-fuzz supports fuzzing C/C++, Rust, Go, Python and Java/JVM code

blog about greyone Discover Vulnerabilities with Flow Sensitive Fuzzing

AFL（American Fuzzy Lop）是由安全研究员Michał Zalewski（@lcamtuf）开发的一款基于覆盖引导（Coverage-guided）的模糊测试工具，它通过记录输入样本的代码覆盖率，从而调整输入样本以提高覆盖率，增加发现漏洞的概率

intro-to-american-fuzzy-lop-fuzzing-in-5-steps

fuzzing-with-american-fuzzy-lop-afl

AFL++ can fuzz c source code, binary targets, network services, gui programs

Montage: A Neural Network Language Model-Guided JavaScript Engine Fuzzer

seed generation

AI based

Skyfire (learn a probabilistic CFG grammar)

Learn&Fuzz (learn a RNN model of valid inputs)

GAN (learn a GAN to generate legitimate seeds)

Neuzz (learn a NN to model input -> coverage)

Symbolic Execution

Driller

QSYM

DigFuzz

SAVIOR

Intriguer

Matryoshka

HFL

static/dynamic analysis

FANS

seed mutation

AI based

Mopt

LSTM

RL

ILF

program based

VUzzer

GreyOne

efficient testing

coverage metrics