What is it?

Fuzzgrind is a fully automatic fuzzing tool, generating test files with the purpose of discovering new execution paths likely to trigger bugs and potentially vulnerabilities.

It is based on the concept of symbolic execution. Thus, the tool starts from a file considered valid by the software under test, and analyses the execution path to extract any constraints tied to branch instructions followed by this software. By resolving constraints one by one, Fuzzgrind will alter the valid file to explore possible new branches of the software under test, in order to discover new vulnerabilities.

Fuzzgrind is licensed under the terms of the GNU GPL. Anybody is welcome to contribute!



Quick run

$ ./install.sh
$ cat fuzz/settings.cfg
prog      = /usr/bin/readelf
input     = input.elf
arg       = -h $input
max_bound = 200
$ ./fuzz/gui.py readelf


Articles, slides, doc, ...

  • SSTIC09: slides and paper in french.

Authors & Contributors

  • Gabriel Campana
  • Contact: gabriel(at)security-labs.org