FRET-LibAFL/README.md

LibAFL, the fuzzer library.

Advanced Fuzzing Library - Slot your own fuzzers together and extend their features using Rust.

LibAFL is written and maintained by Andrea Fioraldi andreafioraldi@gmail.com and Dominik Maier mail@dmnk.co.

Why LibAFL?

LibAFL gives you many of the benefits of an off-the-shelf fuzzer, while being completely customizable. Some highlight features currently include:

• multi platform: LibAFL was confirmed to work on Windows, MacOS, Linux, and Android on x86_64 and aarch64.
• portable: LibAFL can be built in no_std mode. Inject LibAFL in obscure targets like embedded devices and hypervisors.
• adaptable: You can replace each part of LibAFL. For example, BytesInput is just one potential form input: feel free to add an AST-based input for structured fuzzing, and more.
• scalable: Low Level Message Passing, LLMP for short, allows LibAFL to scale almost linearly over cores, and via TCP to multiple machines soon!
• fast: We do everything we can at compile time, keeping runtime overhead minimal.
• bring your own target: We support binary-only modes, like Frida-Mode, as well as multiple compilation passes for sourced-based instrumentation. Of course it's easy to add custom instrumentation backends.
• usable: We hope. But we'll let you be the judge. Enjoy LibAFL.

Overview

LibAFL is a collection of reusable pieces of fuzzers, written in Rust. It is fast, multi-platform, no_std compatible, and scales over cores and machines.

It offers a main crate that provide building blocks for custom fuzzers, libafl, a library containing common code that can be used for targets instrumentation, libafl_targets, and a library providing facilities to wrap compilers, libafl_cc.

LibAFL offers integrations with popular instrumemntation frameworks. At the moment, the supported backends are:

• SanitizerCoverage, in libafl_targets
• Frida, in libafl_frida, by s1341 github@shmarya.net (Windows support is broken atm, it relies on this upstream issue to be fixed.)
• More to come (QEMU-mode, ...)

Getting started

Clone the LibAFL repository with

git clone https://github.com/AFLplusplus/LibAFL

Build the library using

cargo build --release

Build the API documentation with

cargo doc

Browse the LibAFL book (WIP!) with (requires mdbook)

cd docs && mdbook serve

We collect all example fuzzers in ./fuzzers. Be sure to read their documentation (and source), this is the natural way to get started!

The best-tested fuzzer is ./fuzzers/libfuzzer_libpng, a multicore libfuzzer-like fuzzer using LibAFL for a libpng harness.

Resources

• Installation guide

• Our RC3 talk explaining the core concepts

• Online API documentation

• The LibAFL book (very WIP) online or in the repo

Contributing

Check the TODO.md file for features that we plan to support.

For bugs, feel free to open issues or contact us directly. Thank you for your support. <3

License

^{Licensed under either of Apache License, Version 2.0 or MIT license at your option.}
_{Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this crate by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.}