AFL++
Last updated
Last updated
American Fuzzy Lop (AFL) is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road.
AFLplusplus (AFL++) is the daughter of the American Fuzzy Lop fuzzer by Michał “lcamtuf” Zalewski and was created initially to incorporate all the best features developed in the years for the fuzzers in the AFL family and not merged in AFL cause it is not updated since November 2017.
The AFL++ fuzzing framework includes the following:
A fuzzer with many mutators and configurations: afl-fuzz.
Different source code instrumentation modules: LLVM mode, afl-as, GCC plugin.
Different binary code instrumentation modules: QEMU mode, Unicorn mode, QBDI mode.
Utilities for testcase/corpus minimization: afl-tmin, afl-cmin.
Helper libraries: libtokencap, libdislocator, libcompcov.
It includes a lot of changes, optimizations and new features respect to AFL like the AFLfast power schedules, QEMU 5.1 upgrade with CompareCoverage, MOpt mutators, InsTrim instrumentation and a lot more.
