├── stat.sh ├── rank.txt └── Readme.md /stat.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cat Readme.md| awk ' BEGIN { RS = "\n" ; FS = "," } /^\-/ {tot[$1]++} END {for (i in tot) print tot[i],i} ' | sort -r -n > rank.txt -------------------------------------------------------------------------------- /rank.txt: -------------------------------------------------------------------------------- 1 | 11 - libpng 2 | 10 - libpcap 3 | 10 - libjpeg 4 | 9 - tcpdump (libpcap) 5 | 9 - binutils 6 | 8 - libpoppler 7 | 7 - objdump (binutils) 8 | 6 - nm (binutils) 9 | 6 - mupdf 10 | 6 - gif2png (libpng) 11 | 6 - djpeg (libjpeg) 12 | 5 - readelf (binutils) 13 | 5 - pdf2svg (libpoppler) 14 | 5 - libtiff 15 | 5 - ffmpeg 16 | 4 - size (binutils) 17 | 4 - libxml2 18 | 3 - tcptrace (libpcap) 19 | 3 - jhead 20 | 3 - c++filt (binutils) 21 | 3 - ImageMagick 22 | 2 - xpdf 23 | 2 - tiff2ps (libtiff) 24 | 2 - tiff2pdf (libtiff) 25 | 2 - swftools 26 | 2 - strings (binutils) 27 | 2 - readpng (libpng) 28 | 2 - pngfix (libpng) 29 | 2 - openssl 30 | 2 - nginx 31 | 2 - mruby 32 | 2 - mpg321 (libasound) 33 | 2 - libasound 34 | 2 - libarchive 35 | 2 - gzip 36 | 2 - file 37 | 2 - convert 38 | 2 - clamav (libclamav) 39 | 2 - audiofile 40 | 1 - zlib 41 | 1 - xzutils 42 | 1 - xtokkaetama 43 | 1 - xmlwf (expat) 44 | 1 - xmllint (libxml2) 45 | 1 - xgalaga 46 | 1 - wren 47 | 1 - wolfssl 48 | 1 - woff2 49 | 1 - wine 50 | 1 - vim 51 | 1 - tipxd 52 | 1 - tinyvm 53 | 1 - tiffset (libtiff) 54 | 1 - tiffinfo (libtiff) 55 | 1 - tiffcp (libtiff) 56 | 1 - strip 57 | 1 - squirrel mail 58 | 1 - speexenc 59 | 1 - socat 60 | 1 - snort 61 | 1 - sharutils 62 | 1 - sfconvert (audiofile) 63 | 1 - sam2p 64 | 1 - rsync 65 | 1 - raptor 66 | 1 - psutils 67 | 1 - ps2pdf 68 | 1 - potrace (libpotrace) 69 | 1 - poppler (libpoppler) 70 | 1 - png2swf (swftools) 71 | 1 - picoc 72 | 1 - perl 73 | 1 - pdftops 74 | 1 - pdftohtml (lipoppler) 75 | 1 - pdftohtml (libpoppler) 76 | 1 - pdftocairo (libcairo) 77 | 1 - pdftocairo 78 | 1 - orzhttpd 79 | 1 - openjpeg 80 | 1 - nconvert 81 | 1 - ncompress 82 | 1 - nasm 83 | 1 - nDPI 84 | 1 - mutool draw (mupdf) 85 | 1 - mudraw 86 | 1 - mplayer 87 | 1 - mpg321 88 | 1 - mpeg3dump (libmpeg3) 89 | 1 - mp3gain 90 | 1 - metacam 91 | 1 - mbse-bbs 92 | 1 - mbedtls 93 | 1 - macOS API 94 | 1 - macOS 95 | 1 - listswf (libming) 96 | 1 - libxslt 97 | 1 - libxml 98 | 1 - libtorrent 99 | 1 - libsass 100 | 1 - libressl 101 | 1 - libpspp 102 | 1 - libncurses 103 | 1 - libmpeg3 104 | 1 - libming 105 | 1 - libksba 106 | 1 - libexif 107 | 1 - libdwarf 108 | 1 - libav 109 | 1 - lepton 110 | 1 - lci 111 | 1 - jpegtran (libjpeg) 112 | 1 - jbig2dev (libjbig2dev) 113 | 1 - iwdconfig 114 | 1 - ioctl handlers 115 | 1 - inspircd 116 | 1 - inkscape 117 | 1 - htpasswd 118 | 1 - htget 119 | 1 - harfbuzz 120 | 1 - gprof 121 | 1 - gnutls 122 | 1 - gnugol 123 | 1 - glftpd 124 | 1 - gif2swf (swftools) 125 | 1 - ghostscript 126 | 1 - firefox 127 | 1 - figtoipe 128 | 1 - fdk-acc 129 | 1 - faceradius 130 | 1 - expat 131 | 1 - exiv2 132 | 1 - exifprobe 133 | 1 - evince 134 | 1 - espruino 135 | 1 - eog 136 | 1 - convert (*libGraphicsMagick) 137 | 1 - cjson 138 | 1 - cjpeg (libjpeg) 139 | 1 - chorme 140 | 1 - cflow 141 | 1 - cer-basic (libksba) 142 | 1 - catdvi 143 | 1 - catdoc 144 | 1 - capstone 145 | 1 - c-ares 146 | 1 - bsdtar (libarchive) 147 | 1 - boringssl 148 | 1 - bison 149 | 1 - binutils (libbfd) 150 | 1 - bib2xml 151 | 1 - bash 152 | 1 - avconv 153 | 1 - autotrace (libautotrace) 154 | 1 - autotrace 155 | 1 - atphttpd 156 | 1 - aspell 157 | 1 - as (bintutils) 158 | 1 - ar (binutils) 159 | 1 - apche 160 | 1 - aeon 161 | 1 - abcm2ps 162 | 1 - a2ps 163 | 1 - Windows 164 | 1 - Virtual devices 165 | 1 - Sablotron 166 | 1 - PHP7 167 | 1 - PHP 168 | 1 - Lua 169 | 1 - Linux 170 | 1 - Javascript engine in Internet Explorer 171 | 1 - ChakracCore 172 | 1 - Android services 173 | 1 - 100 different Linux applications (unknown) 174 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | # Fuzzing Benchmark - Real world programs 2 | List the real world programs evaluated in fuzzing papers. [Rank](./rank.txt) 3 | 4 | TODO: count #CVE 5 | 6 | ## Dowser - Dowsing for Overflows: A Guided Fuzzer to Find Buffer Boundary Violations 7 | - nginx 8 | - ffmpeg 9 | - inspircd 10 | - poppler (libpoppler) 11 | - libpoppler 12 | - libexif 13 | - snort 14 | 15 | ## MAYHEM - Unleashing Mayhem on Binary Code 16 | - a2ps 17 | - aeon 18 | - aspell 19 | - atphttpd 20 | - faceradius 21 | - ghostscript 22 | - glftpd 23 | - gnugol 24 | - htget 25 | - htpasswd 26 | - iwdconfig 27 | - mbse-bbs 28 | - ncompress 29 | - orzhttpd 30 | - psutils 31 | - rsync 32 | - sharutils 33 | - socat 34 | - squirrel mail 35 | - tipxd 36 | - xgalaga 37 | - xtokkaetama 38 | 39 | ## FuzzSim -Scheduling Black-box Mutational Fuzzing 40 | - ffmpeg 41 | - 100 different Linux applications (unknown) 42 | 43 | ## COVERSET - Optimizing Seed Selection for Fuzzing 44 | - xpdf 45 | - mupdf 46 | - pdf2svg (libpoppler) 47 | - libpoppler 48 | - ffmpeg 49 | - mplayer 50 | - mp3gain 51 | - eog 52 | - convert 53 | - gif2png (libpng) 54 | - libpng 55 | - jpegtran (libjpeg) 56 | - libjpeg 57 | 58 | ## SYMFUZZ - Program-Adaptive Mutational Fuzzing 59 | - abcm2ps 60 | - autotrace 61 | - bib2xml 62 | - catdvi 63 | - figtoipe 64 | - gif2png (libpng) 65 | - libpng 66 | - pdf2svg (libpoppler) 67 | - libpoppler 68 | - mupdf 69 | 70 | ## MutaGen - Turning Programs Against Each Other: High Coverage Fuzz-testing Using Binary-code Mutation and Dynamic Slicing. 71 | - avconv 72 | - convert 73 | - nconvert 74 | - pdftocairo 75 | - mudraw 76 | - mupdf 77 | - pdftops 78 | - ps2pdf 79 | - inkscape 80 | 81 | ## AFLFast - Coverage-based Greybox Fuzzing as Markov Chain 82 | - nm (binutils) 83 | - objdump (binutils) 84 | - strings (binutils) 85 | - size (binutils) 86 | - c++filt (binutils) 87 | - binutils 88 | 89 | ## SeededFuzz - Selecting and Generating Seeds for Directed Fuzzing 90 | - mpeg3dump (libmpeg3) 91 | - libmpeg3 92 | - png2swf (swftools) 93 | - gif2swf (swftools) 94 | - swftools 95 | - cjpeg (libjpeg) 96 | - libjpeg 97 | - speexenc 98 | 99 | ## VUzzer - Application-aware Evolutionary Fuzzing 100 | - mpg321 (libasound) 101 | - libasound 102 | - gif2png (libpng) 103 | - libpng 104 | - pdf2svg (libpoppler) 105 | - libpoppler 106 | - tcpdump (libpcap) 107 | - tcptrace (libpcap) 108 | - libpcap 109 | - djpeg (libjpeg) 110 | - libjpeg 111 | 112 | ## Steelix - Program-State Based Binary Fuzzing 113 | - tiff2pdf (libtiff) 114 | - tiffcp (libtiff) 115 | - libtiff 116 | - pngfix (libpng) 117 | - libpng 118 | - gzip 119 | - tcpdump (libpcap) 120 | - libpcap 121 | 122 | ## Skyfire - Data-Driven Seed Generation for Fuzzing 123 | - Sablotron 124 | - libxslt 125 | - libxml2 126 | - Javascript engine in Internet Explorer 127 | 128 | ## kAFL - Hardware-Assisted Feedback Fuzzing for OS Kernels 129 | - Windows 130 | - Linux 131 | - macOS 132 | 133 | ## DIFUZE - Interface Aware Fuzzing for Kernel Drivers. 134 | - ioctl handlers 135 | 136 | ## Orthrus - Static Program Analysis as a Fuzzing Aid 137 | - c-ares 138 | - libxml2 139 | - openssl 140 | - nDPI 141 | - tcpdump (libpcap) 142 | - libpcap 143 | - woff2 144 | 145 | ## Chizpurfle - A Gray-Box Android Fuzzer for Vendor Service Customizations 146 | - Android services 147 | 148 | ## VDF - Targeted Evolutionary Fuzz Testing of Virtual Devices 149 | - Virtual devices 150 | 151 | ## IMF - Inferred Model-based Fuzzer 152 | - macOS API 153 | 154 | ## NEZHA - Efficient Domain-Independent Differential Testing 155 | - openssl 156 | - libressl 157 | - boringssl 158 | - wolfssl 159 | - mbedtls 160 | - gnutls 161 | - binutils (libbfd) 162 | - clamav (libclamav) 163 | - xzutils 164 | - evince 165 | - mupdf 166 | - xpdf 167 | 168 | ## S2F - Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing 169 | - readelf (binutils) 170 | - objdump (binutils) 171 | - binutils 172 | - djpeg (libjpeg) 173 | - libjpeg 174 | - gzip 175 | - ffmpeg 176 | - tcpdump (libpcap) 177 | - libpcap 178 | - capstone 179 | - gif2png (libpng) 180 | - libpng 181 | 182 | ## FairFuzz - Targeting Rare Branches to Rapidly Increase Greybox Fuzz Testing Coverage 183 | - tcpdump (libpcap) 184 | - libpcap 185 | - nm (binutils) 186 | - objdump (binutils) 187 | - readelf (binutils) 188 | - c++filt (binutils) 189 | - binutils 190 | - mutool draw (mupdf) 191 | - mupdf 192 | - xmllint (libxml2) 193 | - libxml2 194 | - djpeg (libjpeg) 195 | - libjpeg 196 | - readpng (libpng) 197 | - libpng 198 | 199 | ## Angora - Efficient Fuzzing by Principled Search 200 | - file 201 | - jhead 202 | - xmlwf (expat) 203 | - expat 204 | - djpeg (libjpeg) 205 | - libjpeg 206 | - readpng (libpng) 207 | - libpng 208 | - nm (binutils) 209 | - objdump (binutils) 210 | - size (binutils) 211 | - binutils 212 | 213 | ## T-Fuzz - fuzzing by program transformation 214 | - pngfix (libpng) 215 | - libpng 216 | - tiffinfo (libtiff) 217 | - libtiff 218 | - ImageMagick 219 | - pdftohtml (lipoppler) 220 | - libpoppler 221 | 222 | ## MEDS - Enhancing Memory Error Detection for Large-Scale Applications and Fuzz Testing 223 | - chorme 224 | - firefox 225 | - apche 226 | - nginx 227 | - PHP7 228 | - lci 229 | - picoc 230 | - ImageMagick 231 | - wren 232 | - espruino 233 | - tinyvm 234 | - raptor 235 | - swftools 236 | - exifprobe 237 | - metacam 238 | - jhead 239 | 240 | ## CollAFL - Path Sensitive Fuzzing 241 | - catdoc 242 | - tiff2pdf (libtiff) 243 | - tiff2ps (libtiff) 244 | - tiffset (libtiff) 245 | - libtiff 246 | - listswf (libming) 247 | - libming 248 | - objdump (binutils) 249 | - nm (binutils) 250 | - binutils 251 | - tcpdump (libpcap) 252 | - libpcap 253 | - exiv2 254 | - vim 255 | - nasm 256 | - libncurses 257 | - clamav (libclamav) 258 | - libav 259 | - libtorrent 260 | - libpspp 261 | - libsass 262 | - libdwarf 263 | - bison 264 | - cflow 265 | 266 | ## NEUZZ - Efficient Fuzzing with Neural Program Smoothing 267 | - readelf (binutils) 268 | - harfbuzz 269 | - libjpeg 270 | - mupdf 271 | - libxml 272 | - nm (binutils) 273 | - objdump (binutils) 274 | - size (binutils) 275 | - strip 276 | - zlib 277 | - binutils 278 | 279 | ## Full-speed Fuzzing: Reducing Fuzzing Overhead through Coverage-guided Tracing 280 | - bsdtar (libarchive) 281 | - libarchive 282 | - cer-basic (libksba) 283 | - libksba 284 | - cjson 285 | - djpeg (libjpeg) 286 | - libjpeg 287 | - pdftohtml (libpoppler) 288 | - libpoppler 289 | - readelf (binutils) 290 | - binutils 291 | - sfconvert (audiofile) 292 | - audiofile 293 | - tcpdump (libpcap) 294 | - libpcap 295 | 296 | ## REDQUEEN: Fuzzing with Input-to-State Correspondence 297 | - ar (binutils) 298 | - size (binutils) 299 | - c++filt (binutils) 300 | - strings (binutils) 301 | - nm (binutils) 302 | - objdump (binutils) 303 | - readelf (binutils) 304 | - as (bintutils) 305 | - binutils 306 | - gprof 307 | - tiff2ps (libtiff) 308 | - libtiff 309 | - jhead 310 | - fdk-acc 311 | - ImageMagick 312 | - wine 313 | - mruby 314 | - sam2p 315 | - bash 316 | - libxml2 317 | - perl 318 | 319 | ## NAUTILUS: Fishing for Deep Bugs with Grammars 320 | - mruby 321 | - PHP 322 | - Lua 323 | - ChakracCore 324 | 325 | ## Smart Greybox Fuzzing 326 | - mpg321 327 | - gif2png (libpng) 328 | - libpng 329 | - pdf2svg (libpoppler) 330 | - libpoppler 331 | - tcpdump (libpcap) 332 | - tcptrace (libpcap) 333 | - libpcap 334 | - djpeg (libjpeg) 335 | - libjpeg 336 | 337 | ## Qsym : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing 338 | - libjpeg 339 | - libpng 340 | - libtiff 341 | - lepton 342 | - openjpeg 343 | - tcpdump (libpcap) 344 | - libpcap 345 | - file 346 | - libarchive 347 | - audiofile 348 | - ffmpeg 349 | - binutils 350 | 351 | ## TIFF: Using Input Type Inference To Improve Fuzzing 352 | - mpg321 (libasound) 353 | - libasound 354 | - pdf2svg (libpoppler) 355 | - libpoppler 356 | - jbig2dev (libjbig2dev) 357 | - potrace (libpotrace) 358 | - gif2png (libpng) 359 | - libpng 360 | - tcptrace (libpcap) 361 | - libpcap 362 | - autotrace (libautotrace) 363 | - pdftocairo (libcairo) 364 | - convert (*libGraphicsMagick) --------------------------------------------------------------------------------