- build tool:
- makes target builds suitable for fuzzing
- supports different build types (sanitizers, coverage, etc)
- AFL++ builder (afl-gcc, afl-gcc-fast, afl-clang-fast, afl-clang-lto)
- libFuzzer builder (clang)
- corpus tool:
- moves fuzzer-generated samples between fuzzer sync dir and storage (both ways)
- sha1-based deduplication
- tool-based minimization (afl-cmin)
- fuzz tool:
- runs fuzzers with tested application builds allocated to different CPU cores
- supports time-based stop conditions
- AFL++ support
- libFuzzer support
- coverage tool:
- runs coverage build of tested application on fuzzer-generated samples
- lcov coverage collectors and report generators for targets built with `--coverage` flag using gcc (lcov) or clang (lcov-llvm)
- lcov HTML report parser
- llvm-cov summary.txt report parser (unused yet)
- reproduce tool:
- runs tested application on fuzzer-generated crashes and hangs
- extracts bugs' descriptions (generic crashes, sanitizer messages, gdb stacktraces)
- send tool
- sends reproduce results to vulnerability management system
- Defect Dojo support
- report tool:
- generates fuzzing report with use of Jinja2 templates
- Markdown generator
- screenshot tool:
- converts files to images
- uses ansifilter and pango-view tools for tmux dumps of fuzzer screens
- uses WeasyPrint python library for HTML coverage reports
Initial commit: 2021-10-21