Skip to content
/ ziggy Public

A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€

License

Apache-2.0 license
61 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

srlabs/ziggy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

449 Commits
.github/workflows
.github/workflows
Β 
Β 
examples
examples
Β 
Β 
src
src
Β 
Β 
tests
tests
Β 
Β 
.gitignore
.gitignore
Β 
Β 
CHANGELOG.md
CHANGELOG.md
Β 
Β 
Cargo.lock
Cargo.lock
Β 
Β 
Cargo.toml
Cargo.toml
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 

Repository files navigation

ziggy

ziggy is a fuzzer manager for Rust projects which is built to:

  • launch different fuzzers in parallel with a shared corpus
  • create and monitor continuous fuzzing pipelines

Feature set

  • 🀹 handling of different fuzzing processes in parallel (honggfuzz, AFL++)
  • πŸ—ƒοΈ one shared corpus for all fuzzers
  • 🀏 effortless corpus minimization
  • πŸ“Š insightful monitoring
  • 🎯 easy coverage report generation
  • πŸ˜Άβ€πŸŒ«οΈ Arbitrary trait support

Features will also include:

  • πŸ‡ LibAFL integration
  • πŸ“¨ notification of new crashes via bash hook

Usage example

First, install ziggy and its dependencies by running:

cargo install --force ziggy cargo-afl honggfuzz grcov

Here is the output of the tool's help:

$ cargo ziggy
A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€

Usage: cargo ziggy <COMMAND>

Commands:
  build      Build the fuzzer and the runner binaries
  fuzz       Fuzz targets using different fuzzers in parallel
  run        Run a specific input or a directory of inputs to analyze backtrace
  minimize   Minimize the input corpus using the given fuzzing target
  cover      Generate code coverage information using the existing corpus
  plot       Plot AFL++ data using afl-plot
  add-seeds  Add seeds to the running AFL++ fuzzers
  triage     Triage crashes found with casr - currently only works for AFL++
  help       Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

To create a fuzzer, simply add ziggy as a dependency.

[dependencies]
ziggy = { version = "1.2", default-features = false }

Then use the fuzz! macro inside your main to create a harness.

fn main() {
    ziggy::fuzz!(|data: &[u8]| {
        println!("{data:?}");
    });
}

For a well-documented fuzzer, see the url example.

The output directory

After you've launched your fuzzer, you'll find a couple of items in the output directory:

  • the corpus directory containing the full corpus
  • the crashes directory containing any crashes detected by the fuzzers
  • the logs directory containing a fuzzer log files
  • the afl directory containing AFL++'s output
  • the honggfuzz directory containing Honggfuzz's output
  • the queue directory that is used by ziggy to pass items from AFL++ to Honggfuzz

Note about coverage

The cargo cover command will not generate coverage for the dependencies of your fuzzed project by default.

If this is something you would like to change, you can use the following trick:

CARGO_HOME=.cargo cargo ziggy cover

This will clone every dependency into a .cargo directory and this directory will be included in the generated coverage.

ziggy logs

If you want to see ziggy's internal logs, you can set RUST_LOG=INFO.

About

A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€

Topics

rust fuzzing afl honggfuzz

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

61 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases

37 tags

Contributors 8

Languages