SoftSec-KAIST/Fuzzing-Survey SoftSec-KAIST/Fuzzing-Survey

  • Stars
    star
    181
  • Rank 204,527 (Top 5 %)
  • Language
    JavaScript
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated about 1 month ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
SoftSec-KAIST/Fuzzing-Survey
github

SoftSec-KAIST

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

The Art, Science, and Engineering of Fuzzing: A Survey

Genealogy Database of Fuzzers

This repository is our attempt to maintain an up-to-date genealogy database of fuzzers and relevant papers. It is the continuation of an initial effort made by Manès et al. in "The Art, Science, and Engineering of Fuzzing: A Survey", published in 2019 in IEEE Transactions on Software Engineering. You can visit https://fuzzing-survey.org to see an interactive site backed by this database.

What is this survey about?

Our survey is about fuzzers and the relevant literature. Since "fuzzing" is a largely overloaded term, a primary goal of our survey is to precisely define what fuzzing is and to characterize various fuzzers. To this end, we split the process of fuzzing into several steps and use them to systematically categorize fuzzers based on their features. This repository maintains one of the major outcomes of this effort, namely a genealogy graph of fuzzers.

How is this genealogy graph rendered?

We use a force-directed graph layout algorithm with several tweaks. In our current layout, nodes tend to be sorted vertically based on their year of publication and inter-linked nodes tend to be spatially clustered together.

How can I contribute?

We have seeded this repository with the data we collected for our 2019 survey. Due to the rapid development in fuzzing, we realize our database will quickly become outdated due to missing papers and tools. It is our hope that, by hosting this repository in public, you can contribute to this database and help keep it up-to-date. Please proceed to the contribution guideline if you wish to contribute.

Who are the maintainers of this database?

This database is currently maintained by:

How do I cite this work?

If you plan to refer to this work, please consider citing our 2019 survey using the following BibTeX entry. Thank you!

(We are hosting a pre-print of our survey until the final version is published at IEEE.)

@ARTICLE{manes:tse:2021,
  author = {Valentin J. M. Man{\`{e}}s and HyungSeok Han and Choongwoo Han and Sang Kil Cha and Manuel Egele and Edward J. Schwartz and Maverick Woo},
  title = {The Art, Science, and Engineering of Fuzzing: A Survey},
  journal = {IEEE Transactions on Software Engineering},
  volume = {47},
  number = {11},
  pages = {2312--2331},
  year = 2021
}

More Repositories

1

CodeAlchemist

CodeAlchemist: Semantics-Aware Code Generation to Find Vulnerabilities in JavaScript Engines (NDSS '19)
F#
231
star
2

Eclipser

Grey-box Concolic Testing on Binary Code (ICSE '19)
F#
147
star
3

Smartian

Smartian: Enhancing Smart Contract Fuzzing with Static and Dynamic Data-Flow Analyses (ASE '21)
F#
128
star
4

BinKit

Binary Code Similarity Analysis (BCSA) Benchmark
Shell
116
star
5

IMF

Inferred Model-based Fuzzer
Python
107
star
6

TikNib

Binary Code Similarity Analysis (BCSA) Tool
Python
106
star
7

NTFuzz

NTFUZZ: Enabling Type-Aware Kernel Fuzzing on Windows with Static Binary Analysis (IEEE S&P '21)
F#
85
star
8

MeanDiff

Testing Intermediate Representations for Binary Analysis (ASE '17)
F#
77
star
9

GitCTF

Git-based CTF
Python
59
star
10

Ankou

Ankou: Guiding Grey-box Fuzzing towards Combinatorial Difference (ICSE '20)
Go
54
star
11

Fuzzle

Fuzzle: Making a Puzzle for Fuzzers (ASE'22)
Python
37
star
12

Reassessor

Reassembly is Hard: A Reflection on Challenges and Strategies (USENIX Security '23)
Python
27
star
13

Smartian-Artifact

Artifacts for Smartian, a grey-box fuzzer for Ethereum smart contracts.
Solidity
12
star
14

BotScreen

BotScreen: Trust Everybody, but Cut the Aimbots Yourself (USENIX Security '23)
Python
10
star
15

Eclipser-Artifact

Docker image for Eclipser
Shell
4
star
16

Fuzzle-artifact

Artifact evaluation repository for Fuzzle
C
3
star
17

MeanDiff-LifterPyVEX

Lift instruction to VEX, using PyVEX, and translate to MeanDiff's UIR
Python
2
star
18

Ankou-Benchmark

2
star
19

MeanDiff-LifterBINSEC

Lift instruction to DBA, using BINSEC, and translate to MeanDiff's UIR
OCaml
1
star
20

MeanDiff-ExternalXED

C
1
star
21

MeanDiff-LifterBAP

Lift instruction to BIL, using BAP, and translate to MeanDiff's UIR
OCaml
1
star
22

MeanDiff-DockerBaseImage

Shell
1
star