American Fuzzy Lop plus plus (AFL++) is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
Fuzzing (sometimes known as fuzz testing) is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program.
AFL++ is the daughter of the American Fuzzy Lop fuzzer.
This is free and open source software.
Key Features
- AFLfast’s power schedules.
- MOpt mutator.
- InsTrim, a very effective CFG llvm_mode instrumentation implementation for large targets.
- afl-fuzz Python mutator module and llvm_mode whitelist support.
- Custom mutator by a library (instead of Python)
- Unicorn mode which allows fuzzing of binaries from completely different pla.tforms.
- LAF-Intel or CompCov support for llvm_mode, qemu_mode and unicorn_mode.
- NeverZero patch for afl-gcc, llvm_mode, qemu_mode and unicorn_mode which prevents a wrapping map value to zero, increases coverage.
- Persistent mode and deferred forkserver for qemu_mode.
- Win32 PE binary-only fuzzing with QEMU and Wine.
- Radamsa mutator (enable with -R to add or -RR to run it exclusively).
- QBDI mode to fuzz android native libraries via QBDI framework.
- The new CmpLog instrumentation for LLVM and QEMU.
- LLVM mode Ngram coverage.
The AFL++ fuzzing framework includes the following:
- A fuzzer with many mutators and configurations: afl-fuzz.
- Different source code instrumentation modules: LLVM mode, afl-as, GCC plugin.
- Different binary code instrumentation modules: QEMU mode, Unicorn mode, QBDI mode.
- Utilities for testcase/corpus minimization: afl-tmin, afl-cmin.
- Helper libraries: libtokencap, libdislocator, libcompcov.
Website: aflplus.plus
Support: GitHub Code Repository
Developer: van Hauser, hexcoder, and many other contributors
License: Apache License 2.0
AFL++ is written in C and C++. Learn C with our recommended free books and free tutorials. Learn C++ with our recommended free books and free tutorials.
Related Software
| Vulnerability Analysis Tools | |
|---|---|
| sqlmap | Penetration testing tool |
| BeEF | The Browser Exploitation Framework |
| pocsuite3 | Remote vulnerability testing framework |
| AFL++ | Security-oriented fuzzer |
| Wapiti | "Black-box" vulnerability scanner |
| jSQL Injection | Automatic SQL database injection |
| sif | Pentesting (recon/exploitation) suite |
| XSSer | Detect, exploit and report XSS vulnerabilities |
| Kanha | Web-app pentesting suite |
| simple fuzzer | A fuzzer with two network modes of operation |
| Doona | Fork of the Bruteforce Exploit Detector Tool |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |