https://github.com/antonio-morales/Fuzzing101 Skip to content Navigation Menu Toggle navigation Sign in * Product + Actions Automate any workflow + Security Find and fix vulnerabilities + Codespaces Instant dev environments + GitHub Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions By size + Enterprise + Teams + Startups By industry + Healthcare + Financial services + Manufacturing By use case + CI/CD & Automation + DevOps + DevSecOps * Resources Topics + AI + DevOps + Security + Software Development + View all Explore + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Enterprise + Enterprise platform AI-powered developer platform Available add-ons + Advanced Security Enterprise-grade security features + GitHub Copilot Enterprise-grade AI features + Premium Support Enterprise-grade 24/7 support * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up Reseting focus You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} antonio-morales / Fuzzing101 Public * Notifications You must be signed in to change notification settings * Fork 332 * Star 3k An step by step fuzzing tutorial. A GitHub Security Lab initiative securitylab.github.com/ License Apache-2.0 license 3k stars 332 forks Branches Tags Activity Star Notifications You must be signed in to change notification settings * Code * Issues 14 * Pull requests 8 * Actions * Projects 0 * Security * Insights Additional navigation options * Code * Issues * Pull requests * Actions * Projects * Security * Insights antonio-morales/Fuzzing101 This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main BranchesTags Go to file Code Folders and files Name Name Last commit message Last commit date Latest commit History 110 Commits Exercise 1 Exercise 1 Exercise 10 Exercise 10 Exercise 2 Exercise 2 Exercise 3 Exercise 3 Exercise 4 Exercise 4 Exercise 5 Exercise 5 Exercise 6 Exercise 6 Exercise 7 Exercise 7 Exercise 8 Exercise 8 Exercise 9 Exercise 9 Resources Resources Diagram.png Diagram.png LICENSE LICENSE Readme.md Readme.md View all files Repository files navigation * README * Apache-2.0 license Fuzzing-101 Do you want to learn how to fuzz like a real expert, but don't know how to start? If so, this is the course for you! 10 real targets, 10 exercises. Are you able to solve all 10? Structure Exercise Target CVEs to find Time Main topics No. estimated Exercise 1 Xpdf CVE-2019-13288 120 mins Afl-clang-fast, Afl-fuzz, GDB Exercise 2 libexif CVE-2009-3895, 6 hours Afl-clang-lto, Fuzz CVE-2012-2836 libraries, Eclipse IDE Exercise 3 TCPdump CVE-2017-13028 4 hours ASan, Sanitizers Exercise 4 LibTIFF CVE-2016-9297 3 hours Code coverage, LCOV Dictionaries, Basic Exercise 5 Libxml2 CVE-2017-9048 3 hours parallelization, Fuzzing command-line arguments CVE-2016-4994, Persistent fuzzing, Exercise 6 GIMP Bonus bugs 7 hours Fuzzing interactive applications VLC Partial instrumentation, Exercise 7 media CVE-2019-14776 6 hours Fuzzing harness player Adobe Fuzzing closed-source Exercise 8 Reader 8 hours applications, QEMU instrumentation Exercise 9 7-Zip CVE-2016-2334 8 hours WinAFL, Fuzzing Windows Applications Exercise Google Fuzzilli, Fuzzing 10 (Final Chrome CVE-2019-5847 8 hours Javascript engines Challenge) / V8 Changelog * 02/14/2022: Fixed some 'wget' typos in Exercise 5 * 11/25/2021: Exercise 3 updated with some fixes. Who is the course intended for? * Anyone wishing to learn fuzzing basics * Anyone who wants to learn how to find vulnerabilities in real software projects. Requirements * All you need for this course is a running Linux system with an internet connection. You will find a suitable VMware image in the exercises. * At least basic Linux skills are highly recommended. * All the exercises have been tested on Ubuntu 20.04.2 LTS. You can download it from here * In this course we're going to use AFL++, a newer and superior fork of Michal "lcamtuf" Zalewski's AFL, for solving the fuzzing exercises. What is fuzzing? Fuzz testing (or fuzzing) is an automated software testing technique that is based on feeding the program with random/mutated input values and monitoring it for exceptions/crashes. AFL, libFuzzer and HonggFuzz are three of the most successful fuzzers when it comes to real world applications. All three are examples of Coverage-guided evolutionary fuzzers. Coverage-guided evolutionary fuzzer * Evolutionary: is a metaheuristic approach inspired by evolutionary algorithms, which basically consists in the evolution and mutation of the initial subset (seeds) over time, by using a selection criteria (ex. coverage). * Coverage-guided: To increase the chance of finding new crashes, coverage-guided fuzzers gather and compare code coverage data between different inputs (usually through instrumentation) and pick those inputs which lead to new execution paths. [Diagram] Simplification of the coverage gathering process of a coverage-guided evolutionary fuzzer Thanks Thanks for their help: * Xavier RENE-CORAIL * Alan Vivona * Jason White * Octavio Gianatiempo * van Hauser * Marc Poulhies * Xu Hanyu * tclan126 * epi052 * Jeremias Gomes Contact Are you stuck and looking for help? Do you have suggestions for making this course better or just positive feedback so that we can create more fuzzing content? Do you want to share your fuzzing experience with the community? Join the GitHub Security Lab Slack and head to the #fuzzing channel. Request an invite to the GitHub Security Lab Slack About An step by step fuzzing tutorial. A GitHub Security Lab initiative securitylab.github.com/ Topics testing education security hacking fuzzing fuzz-testing afl afl-fuzz vulnerabilities bugbounty fuzzer bug-hunting fuzzilli Resources Readme License Apache-2.0 license Activity Stars 3k stars Watchers 57 watching Forks 332 forks Report repository Releases No releases published Packages 0 No packages published Contributors 5 * @antonio-morales * @Mundi-Xu * @dkm * @vanhauser-thc * @ogianatiempo Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.