

Afl-fuzz: crash exploration mode - pjf
http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html

======
djmdjm
afl is great - it is hands-down the most easy to use fuzzer I've ever played
with and it managed to find a couple of (non-exploitable) crashes in OpenSSH
that intensive human review and my own fuzzer missed.

I can't recommend it highly enough - if you care about robustness, and
especially if you write software that has to cope with untrusted input then
please give it a try.

~~~
rwmj
It is very good indeed. And just today we got it through the Fedora review
process so within a few hours you should be able to do 'dnf install american-
fuzzy-lop'.

[https://admin.fedoraproject.org/pkgdb/package/american-
fuzzy...](https://admin.fedoraproject.org/pkgdb/package/american-fuzzy-lop/)

------
0x0
It's quite scary how even well reviewed open source software keeps falling to
fuzzing. What are the chances of standing up against advanced state-sponsored
trojans and malware? Seemingly zero.

Is it time to throw out everything and start from scratch in a safer language?

~~~
rwmj
Yes, use safe languages when you can.

On the other hand, we have all this software written in unsafe languages, but
until afl came out we didn't have really effective, easy to use fuzzers.

~~~
0x0
Actually zzuf [http://caca.zoy.org/wiki/zzuf](http://caca.zoy.org/wiki/zzuf)
has been around for like 7 years - and it's still pretty easy to find exploits
with it.

~~~
the_why_of_y
CERT's BFF is also based on zzuf, and valgrind, very useful.

[http://www.cert.org/vulnerability-
analysis/tools/bff.cfm](http://www.cert.org/vulnerability-
analysis/tools/bff.cfm)
[http://www.cert.org/blogs/certcc/post.cfm?EntryID=53](http://www.cert.org/blogs/certcc/post.cfm?EntryID=53)

