Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers. Fuzz introspector aggregates the fuzzers’ functional data like coverage, hit frequency, entry points, etc to give the developer a birds eye view of their fuzzer. This helps with identifying fuzz bottlenecks and blockers and eventually helps in developing better fuzzers.
Fuzz-introspector aims to improve fuzzing experience of a project by guiding on whether you should:
- introduce new fuzzers to a fuzz harness
- modify existing fuzzers to improve the quality of your harness.
Open Source Fuzzing Introspection provides introspection capabilities to OSS-Fuzz projects and is powered by Fuzz Introspector. This page gives macro insights into the fuzzing of open source projects.
On this page you'll see a list of all the projects that are currently analysed by Fuzz Introspector:
- Table of projects with Fuzz Introspector analysis
- Examples, with links in profile to latest Fuzz Introspector analysis:
The main Fuzz Introspector documentation is available here: https://fuzz-introspector.readthedocs.io This documentation includes user guides, OSS-Fuzz instructions, tutorials, development docs and more. Additionally, there is more information:
- Video demonstration
- List of Case studies
- Screenshots
- Feature list
- Try yourself:
- Use with OSS-Fuzz (Recommended)
- Use without OSS-Fuzz
The workflow of fuzz-introspector can be visualised as follows:
A more detailed description is available in doc/Architecture
Before contributing, please follow our Code of Conduct.
If you want to get involved in the Fuzzing community or have ideas to chat about, we discuss this project in the OSSF Security Tooling Working Group meetings.
More specifically, you can attend Fuzzing Collaboration meeting (monthly on the first Tuesday 10:30am - 11:30am PST Calendar, Zoom Link).