Top Related Projects
A self-hosted Fuzzing-As-A-Service platform
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Quick Overview
OSS-Fuzz is a continuous fuzzing infrastructure for open source software projects. It aims to make common open source software more secure and stable by automatically finding bugs using fuzzing techniques. OSS-Fuzz works with the open source community to integrate projects and improve the security of the overall software ecosystem.
Pros
- Automated and continuous fuzzing for open source projects
- Integrates with multiple fuzzing engines (e.g., libFuzzer, AFL++)
- Provides scalable fuzzing infrastructure using Google Cloud Platform
- Helps discover and fix vulnerabilities before they can be exploited
Cons
- Limited to open source projects that meet certain criteria
- Requires effort to integrate and maintain fuzz targets for each project
- May generate false positives that need manual triage
- Learning curve for developers unfamiliar with fuzzing techniques
Getting Started
To get started with OSS-Fuzz:
- Check if your project meets the requirements.
- Submit your project for integration.
- Set up your project:
- Create a
project.yamlfile in theprojects/directory - Implement fuzz targets for your project
- Create a Dockerfile for building your project
- Create a
- Test your integration locally using the provided scripts
- Submit a pull request to add your project to OSS-Fuzz
For detailed instructions, refer to the Getting Started guide in the OSS-Fuzz documentation.
Competitor Comparisons
A self-hosted Fuzzing-As-A-Service platform
Pros of OneFuzz
- More flexible and customizable fuzzing platform
- Better integration with Azure cloud services
- Supports a wider range of programming languages and frameworks
Cons of OneFuzz
- Less mature and established compared to OSS-Fuzz
- Smaller community and fewer contributed fuzzers
- More complex setup and configuration process
Code Comparison
OneFuzz (Python):
from onefuzz import Onefuzz
of = Onefuzz()
job = of.jobs.create(project="example", name="my-fuzzing-job")
job.target.add_exe_target("my_target", "path/to/target")
job.fuzzing.add_libfuzzer_task()
OSS-Fuzz (Bash):
#!/bin/bash -eu
# Compile fuzz targets
$CXX $CXXFLAGS -std=c++11 -I. \
$SRC/target_fuzzer.cc -o $OUT/target_fuzzer \
$LIB_FUZZING_ENGINE
# Copy seed corpus
cp -r $SRC/seed_corpus $OUT/
Both projects aim to improve software security through fuzzing, but they differ in their approach and implementation. OneFuzz offers more flexibility and cloud integration, while OSS-Fuzz provides a more established and streamlined process for open-source projects.
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Pros of AFLplusplus
- More flexible and customizable fuzzing options
- Supports a wider range of target programs and architectures
- Actively maintained by the community with frequent updates
Cons of AFLplusplus
- Steeper learning curve for beginners
- Requires more manual configuration and setup
- May have less integration with cloud-based fuzzing infrastructure
Code Comparison
AFLplusplus example:
#include "afl-fuzz.h"
int main(int argc, char **argv) {
AFL_INIT_ARGV();
// ... fuzzing setup and execution
}
OSS-Fuzz example:
import atheris
def TestOneInput(data):
# ... fuzzing logic
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()
AFLplusplus offers more low-level control and is typically used with C/C++ targets, while OSS-Fuzz provides a higher-level Python interface for easier integration with various projects. OSS-Fuzz is designed to work seamlessly with Google's infrastructure, making it easier to set up continuous fuzzing for open-source projects. AFLplusplus, on the other hand, offers more advanced fuzzing techniques and customization options for power users.
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Pros of honggfuzz
- Lightweight and easy to set up, with minimal dependencies
- Supports persistent fuzzing mode for improved performance
- Includes unique features like hardware-based feedback fuzzing
Cons of honggfuzz
- Limited integration with continuous integration systems
- Smaller community and ecosystem compared to OSS-Fuzz
- Fewer built-in sanitizers and analysis tools
Code comparison
honggfuzz:
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
if (len < 8) return 0;
if (memcmp(buf, "FUZZ", 4) == 0) {
abort(); // Crash on specific input
}
return 0;
}
OSS-Fuzz:
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
FuzzedDataProvider fdp(data, size);
std::string input = fdp.ConsumeRandomLengthString();
fuzz_target(input);
return 0;
}
Both projects use similar entry points for fuzz targets, but OSS-Fuzz provides additional utilities like FuzzedDataProvider for easier input handling. honggfuzz's example is more straightforward, while OSS-Fuzz's approach offers more flexibility in input processing.
Convert 
designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
OSS-Fuzz: Continuous Fuzzing for Open Source Software
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like buffer overflow, can have serious security implications. Google has found thousands of security vulnerabilities and stability bugs by deploying guided in-process fuzzing of Chrome components, and we now want to share that service with the open source community.
In cooperation with the Core Infrastructure Initiative and the OpenSSF, OSS-Fuzz aims to make common open source software more secure and stable by combining modern fuzzing techniques with scalable, distributed execution. Projects that do not qualify for OSS-Fuzz (e.g. closed source) can run their own instances of ClusterFuzz or ClusterFuzzLite.
We support the libFuzzer, AFL++, and Honggfuzz fuzzing engines in combination with Sanitizers, as well as ClusterFuzz, a distributed fuzzer execution environment and reporting tool.
Currently, OSS-Fuzz supports C/C++, Rust, Go, Python, Java/JVM, and JavaScript code. Other languages supported by LLVM may work too. OSS-Fuzz supports fuzzing x86_64 and i386 builds.
Overview
Documentation
Read our detailed documentation to learn how to use OSS-Fuzz.
Trophies
As of August 2023, OSS-Fuzz has helped identify and fix over 10,000 vulnerabilities and 36,000 bugs across 1,000 projects.
Blog posts
- 2023-08-16 - AI-Powered Fuzzing: Breaking the Bug Hunting Barrier
- 2023-02-01 - Taking the next step: OSS-Fuzz in 2023
- 2022-09-08 - Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically
- 2021-12-16 - Improving OSS-Fuzz and Jazzer to catch Log4Shell
- 2021-03-10 - Fuzzing Java in OSS-Fuzz
- 2020-12-07 - Improving open source security during the Google summer internship program
- 2020-10-09 - Fuzzing internships for Open Source Software
- 2018-11-06 - A New Chapter for OSS-Fuzz
- 2017-05-08 - OSS-Fuzz: Five months later, and rewarding projects
- 2016-12-01 - Announcing OSS-Fuzz: Continuous fuzzing for open source software
Top Related Projects
A self-hosted Fuzzing-As-A-Service platform
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot