Introduction

Fuzzinator is a fuzzing framework that helps you to automate tasks usually needed during a fuzz session:

  • run your favorite test generator and feed the test cases to the software-under-test,

  • catch and save the unique issues,

  • reduce the failing test cases,

  • ease the reporting of issues in bug trackers (e.g., Bugzilla or GitHub),

  • regularly update SUTs if needed, and

  • schedule multiple SUTs and generators without overloading your workstation.

All the above features are fully customizable either by writing a simple config file or by implementing Python snippets to cover special needs. Check out some slides about Fuzzinator for a general overview, or see the Tutorial for a detailed walk-through. There is also a repository collecting configurations for various real-life SUTs and fuzzers.

To help tracking the progress of the fuzzing, Fuzzinator provides three interfaces:

  • an interactive Web UI (WUI) (supported on all platforms) that gives a continuously updated overview about the currently running tasks, statistics about the efficacy of the test generators, and the found issues (and also supports reporting them);

  • an interactive Text UI (TUI) (supported on Linux and Mac OS X only) that supports the same functionality as the WUI, but as a retro-style console interface; and

  • a dump-mode (supported on every platform) that displays the news on line-based consoles.

Requirements

  • Python >= 3.7

  • MongoDB >= 3.6 (either local installation or access to remote database)

  • Java SE >= 7 JRE or JDK (optional, required if the Picireny test case reducer is used)

Install

To install the latest release of Fuzzinator from PyPI, use pip:

pip install fuzzinator

Alternatively, for the development version, clone the project and perform a local install:

pip install .

Usage

A common form of Fuzzinator’s usage:

fuzzinator --wui <path/to/the/config.ini>

Compatibility

Fuzzinator was tested on:

  • Linux (Ubuntu 14.04 / 16.04 / 18.04 / 20.04)

  • OS X / macOS (10.11 / 10.12 / 10.13 / 10.14 / 10.15 / 11)

  • Windows (Server 2012 R2 / Server version 1809 / Windows 10)

Acknowledgement and Citations

The authors are immensely grateful to Dr. Heinz Doofenshmirtz for the continuous inspiration.

Background on Fuzzinator is published in:

  • Renata Hodovan and Akos Kiss. Fuzzinator: An Open-Source Modular Random Testing Framework. In Proceedings of the 11th IEEE International Conference on Software Testing, Verification and Validation (ICST 2018), pages 416-421, Vasteras, Sweden, April 2018. IEEE. https://doi.org/10.1109/ICST.2018.00050