Top Related Projects
Scalable fuzzing infrastructure.
OSS-Fuzz - continuous fuzzing for open source software.
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Quick Overview
OneFuzz is a self-hosted Fuzzing-As-A-Service platform developed by Microsoft. It automates and scales fuzzing, a software testing technique that involves providing invalid, unexpected, or random data to programs to discover security vulnerabilities, crashes, and bugs.
Pros
- Scalable and cloud-native architecture, supporting major cloud providers
- Integrates with existing CI/CD pipelines for continuous fuzzing
- Supports multiple programming languages and fuzzing engines
- Provides detailed crash reports and reproducible test cases
Cons
- Requires significant setup and infrastructure management
- Learning curve for users unfamiliar with fuzzing concepts
- Limited documentation for advanced use cases
- May require substantial computational resources for large-scale fuzzing
Getting Started
To get started with OneFuzz, follow these steps:
-
Clone the repository:
git clone https://github.com/microsoft/onefuzz.git
-
Install the OneFuzz CLI:
pip install onefuzz
-
Set up your cloud environment (Azure, AWS, or GCP) and configure OneFuzz:
onefuzz config --endpoint <your_onefuzz_endpoint> onefuzz config --authority <your_auth_provider> onefuzz config --client_id <your_client_id>
-
Create a new fuzzing job:
onefuzz template libfuzzer basic --project myproject --name myfuzz --build 1 --pool windows --target_exe my_target.exe --setup_dir ./
-
Monitor your fuzzing job:
onefuzz jobs list onefuzz jobs info <job_id>
For more detailed instructions and advanced usage, refer to the official OneFuzz documentation.
Competitor Comparisons
Scalable fuzzing infrastructure.
Pros of ClusterFuzz
- More mature project with a longer history and larger community
- Supports a wider range of programming languages and fuzzing engines
- Offers advanced features like corpus management and crash analysis
Cons of ClusterFuzz
- More complex setup and configuration process
- Requires more resources to run effectively
- Steeper learning curve for new users
Code Comparison
ClusterFuzz (Python):
def fuzz_task(self):
try:
testcase = self.get_testcase()
result = self.execute_testcase(testcase)
self.process_result(result)
except Exception as e:
self.handle_error(e)
OneFuzz (Rust):
fn fuzz_task(&self) -> Result<(), Error> {
let testcase = self.get_testcase()?;
let result = self.execute_testcase(&testcase)?;
self.process_result(result)?;
Ok(())
}
Both projects aim to provide scalable fuzzing solutions, but they differ in implementation and target audience. ClusterFuzz offers a more comprehensive set of features and supports a broader range of languages, making it suitable for large-scale projects. OneFuzz, being newer and focused on Rust, provides a more streamlined experience for specific use cases and may be easier to integrate into existing workflows for some teams.
OSS-Fuzz - continuous fuzzing for open source software.
Pros of OSS-Fuzz
- Broader ecosystem support with integration for multiple languages and build systems
- Extensive documentation and tutorials for users and contributors
- Large-scale continuous fuzzing infrastructure provided by Google
Cons of OSS-Fuzz
- More complex setup process for new projects
- Limited to open-source projects only
- Less flexibility in customizing fuzzing strategies
Code Comparison
OneFuzz (PowerShell):
$setup = Setup-OneFuzz -InstanceName "example" -Region "westus2"
$project = New-OneFuzzProject -Name "MyProject"
$target = New-OneFuzzTarget -ProjectName $project.name -Name "MyTarget"
OSS-Fuzz (Python):
import sys
import atheris
def TestOneInput(data):
if len(data) > 1:
if data[0] == ord('b'):
if data[1] == ord('a'):
if data[2] == ord('d'):
raise RuntimeError("Bad input")
atheris.Setup(sys.argv, TestOneInput)
atheris.Fuzz()
Both OneFuzz and OSS-Fuzz are powerful fuzzing platforms, but they cater to different needs. OneFuzz offers more flexibility and is suitable for both open-source and proprietary projects, while OSS-Fuzz provides a robust ecosystem for open-source projects with extensive language support and Google's infrastructure backing.
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Pros of AFLplusplus
- More mature and widely used in the fuzzing community
- Extensive documentation and active community support
- Supports a wide range of target types and architectures
Cons of AFLplusplus
- Steeper learning curve for beginners
- Requires more manual configuration and setup
- Limited scalability for large-scale fuzzing campaigns
Code Comparison
AFLplusplus example:
#include "afl-fuzz.h"
int main(int argc, char **argv) {
AFL_INIT_PREAMBLE(argc, argv);
// ... rest of the code
}
OneFuzz example:
from onefuzz import Onefuzz
of = Onefuzz()
job = of.jobs.create()
# ... rest of the code
AFLplusplus focuses on low-level C implementation, while OneFuzz provides a higher-level Python API for easier integration and management of fuzzing tasks.
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Pros of FuzzDB
- Extensive collection of pre-made fuzzing patterns and payloads
- Language-agnostic and can be used with various fuzzing tools
- Regularly updated with new attack patterns and vulnerabilities
Cons of FuzzDB
- Lacks built-in fuzzing engine or automation capabilities
- Requires integration with other tools for effective fuzzing
- May include outdated or irrelevant patterns without proper curation
Code Comparison
FuzzDB (example pattern):
../../../../etc/passwd
..\..\..\..\windows\system.ini
OneFuzz (example configuration):
from onefuzz.api import Onefuzz
of = Onefuzz()
job = of.jobs.create()
target = of.targets.create(job, "my_target")
Key Differences
- FuzzDB is primarily a collection of fuzzing data, while OneFuzz is a complete fuzzing platform
- OneFuzz offers scalable cloud-based fuzzing, whereas FuzzDB requires separate tooling
- FuzzDB is more flexible for use with various tools, but OneFuzz provides an integrated ecosystem
Use Cases
- FuzzDB: Best for manual testing, integration with existing tools, or as a reference for creating custom fuzzers
- OneFuzz: Ideal for large-scale, automated fuzzing campaigns, especially in CI/CD pipelines or cloud environments
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
:exclamation: IMPORTANT NOTICE :exclamation:
August 31, 2023.
Since September 2020 when OneFuzz was first open sourced, weâve been on a journey to create a best-in-class orchestrator for running fuzzers, driving security and quality into our products.
Initially launched by a small group in MSR, OneFuzz has now become a significant internal platform within Microsoft. As such, we are regretfully archiving the project to focus our attention on becoming a more deeply integrated service within the company. Unfortunately, we arenât a large enough team to live in both the open-source world and the internal Microsoft world with its own unique set of requirements.
Our current plan is to archive the project in the next few months. That means weâll still be making updates for a little while. Of course, even after itâs archived, youâll still be able to fork it and make the changes you need. Once weâve decided on a specific date for archiving, weâll update this readme.
Thanks for taking the journey with us.
The OneFuzz team.
Update: September 15 2023: Our current target to archive the project is September 30th, 2023.
A self-hosted Fuzzing-As-A-Service platform
Project OneFuzz enables continuous developer-driven fuzzing to proactively harden software prior to release. With a single command, which can be baked into CICD, developers can launch fuzz jobs from a few virtual machines to thousands of cores.
Features
- Composable fuzzing workflows: Open source allows users to onboard their own fuzzers, swap instrumentation, and manage seed inputs.
- Built-in ensemble fuzzing: By default, fuzzers work as a team to share strengths, swapping inputs of interest between fuzzing technologies.
- Programmatic triage and result de-duplication: It provides unique flaw cases that always reproduce.
- On-demand live-debugging of found crashes: It lets you summon a live debugging session on-demand or from your build system.
- Observable and Debug-able: Transparent design allows introspection into every stage.
- Fuzz on Windows and Linux: Multi-platform by design. Fuzz using your own OS build, kernel, or nested hypervisor.
- Crash reporting notification callbacks: Including Azure DevOps Work Items and Microsoft Teams messages
For information, check out some of our guides:
Are you a Microsoft employee interested in fuzzing? Join us on Teams at Fuzzing @ Microsoft.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Data Collection
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
For more information:
Reporting Security Issues
Security issues and bugs should be reported privately to the Microsoft Security Response Center (MSRC). For more information, please see SECURITY.md.
Top Related Projects
Scalable fuzzing infrastructure.
OSS-Fuzz - continuous fuzzing for open source software.
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot