Home

Awesome

OSS-Sydr-Fuzz: Hybrid Fuzzing for Open Source Software

This repository is a fork of OSS-Fuzz project. OSS-Sydr-Fuzz contains open source software targets for sydr-fuzz that combines fuzzing (libFuzzer, AFL++) with the power of dynamic symbolic execution (Sydr).

Project Structure

Each open source target project provides:

NOTE: Some listed above files may not be present or can be gathered from external repositories.

Supported Open Source Projects

Supported projects are located here. In addition to C/C++ projects Sydr-Fuzz currently supports:

Contributing

Feel free to support new fuzz targets. The workflow is following:

  1. Compose targets for libFuzzer and Sydr.
  2. Prepare build script.
  3. Build Dockerfile with all targets.
  4. Provide sydr-fuzz configuration files.
  5. Write README with commands to run fuzzing.

Trophies

The list of discovered bugs can be found here.

Cite Us

Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle [paper] [demo] [slides]

Vishnyakov A., Kuts D., Logunova V., Parygina D., Kobrin E., Savidov G., Fedotov A. Sydr-Fuzz: Continuous Hybrid Fuzzing and Dynamic Analysis for Security Development Lifecycle. 2022 Ivannikov ISPRAS Open Conference (ISPRAS), IEEE, 2022, pp. 111-123. DOI: 10.1109/ISPRAS57371.2022.10076861

@inproceedings{vishnyakov22-sydr-fuzz,
  title = {{{Sydr-Fuzz}}: Continuous Hybrid Fuzzing and Dynamic Analysis for
           Security Development Lifecycle},
  author = {Vishnyakov, Alexey and Kuts, Daniil and Logunova, Vlada and
            Parygina, Darya and Kobrin, Eli and Savidov, Georgy and Fedotov,
            Andrey},
  booktitle = {2022 Ivannikov ISPRAS Open Conference (ISPRAS)},
  pages = {111--123},
  year = {2022},
  publisher = {IEEE},
  doi = {10.1109/ISPRAS57371.2022.10076861},
}