Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers. Fuzz introspector aggregates the fuzzers’ functional data like coverage, hit frequency, entry points, etc to give the developer a birds eye view of their fuzzer. This helps with identifying fuzz bottlenecks and blockers and eventually helps in developing better fuzzers.
Fuzz-introspector aims to improve fuzzing experience of a project by guiding on whether you should:
- introduce new fuzzers to a fuzz harness
- modify existing fuzzers to improve the quality of your harness.
The main Fuzz Introspector documentation is available here: https://fuzz-introspector.readthedocs.io This documentation includes user guides, OSS-Fuzz instructions, tutorials, development docs and more.
Additionally, there is more information:
- Sample OSS-Fuzz reports. OSS-Fuzz supports Fuzz Introspector and maintains a list of reports.
- Video demonstration
- List of Case studies
- Screenshots
- Feature list
- Try yourself:
- Use with OSS-Fuzz (Recommended)
- Use without OSS-Fuzz
The workflow of fuzz-introspector can be visualised as follows:
A more detailed description is available in doc/Architecture
Before contributing, please follow our Code of Conduct.
If you want to get involved in the Fuzzing community or have ideas to chat about, we discuss this project in the OSSF Security Tooling Working Group meetings.
More specifically, you can attend Fuzzing Collaboration meeting (monthly on the first Tuesday 10:30am - 11:30am PST Calendar, Zoom Link).