Work in progress continuous fuzzing infrastructure. Mainly build and maintained
to continuously fuzz Bitcoin Core but
support for adding and fuzzing other projects is available (see projects/).
docker build --tag fuzzor-base:latest --file infra/Dockerfile.base .
cd projects/bitcoin
docker build --tag fuzzor-bitcoin:latest .
docker run -it fuzzor-bitcoin:latest
FUZZ=txgraph ./out/libfuzzer_asan/fuzz- Automatic bug reports
- Automatic coverage report creation
- Support for major fuzzing engines
(
AFL++,libFuzzer,honggfuzz,Native Golang) - Crash deduplication
- Corpus minimization with all supported engines
- Real-time ensemble fuzzing
- Coverage based campaign scheduling
- Support for experimental fuzzing engines (e.g. fuzz driven characterization testing with SemSan)
- Support for more fuzzing engines (e.g.
Radamsa,libafl_libfuzzer,libafl-fuzz, ...) - Snapshot fuzzing support (e.g. using full-system
libafl_qemuand/ornyx) - Concolic fuzzing engine support
- Automatic bug triaging
- Automatic pull request fuzzing
CI is self-hosted on AWS with RunsOn.