Andrey Fedotov · @anfedotoff
64 followers · 106 posts · Server infosec.exchangeThe found solution is pretty simple:
1. Do fuzzing your #Go project with #libFuzzer(go-fuzz)
2. Collect coverage using go-fuzz -dumpcover using corpus from 1
3. Use this trick: sed -i '/0.0,1.1/d' coverprofile
4. Create html report: go tool cover -html=coverprofile
5. Enjoy
#fuzzing
Andrey Fedotov · @anfedotoff
63 followers · 105 posts · Server infosec.exchangeDoes anyone know a convenient approach to get html code coverage report after fuzzing #go project with #libFuzzer (go-fuzz)?
I found this project: https://github.com/confluentinc/bincover
Looks good, but maybe we have something more?
#fuzzing
:verified: domenuk · @dmnk
887 followers · 390 posts · Server infosec.exchangeWRT #libfuzzer depreciation: the official alternative uses out-of-process fuzzing, which means the fuzzer doesn't run in the same process as the target.
This is what afl does, as well. It turns out that this doesn't scale well, thanks to IPC overhead and context switches for _every single _ testcase (of which you can reach millions per second of).
We spent years creating good in-process fuzzing with #LibAFL, trying to match the success of libfuzzer, and it's sad to see the OG in-process fuzzer get depreciated in favour of an (IMHO) technically inferior alternative.
This may be a good engineering choice if you don't care about CPU cost and have an almost infinite amount of CPUs to spare.
The amount of companies worldwide that has a virtually infinite amount of CPU cores to spare for #fuzzing is low.
There are multiple ways to bring fuzzing to the masses, but this is not the one I would pick.
Advanced Fuzzing League · @aflplusplus
345 followers · 11 posts · Server infosec.exchange
The depreciation of #libfuzzer is a great time to recompile your fuzzing testcases with AFL++'s afl-cc (supports the same testcases!)
and switch your future fuzzer developments to #LibAFL
#libfuzzer #libafl #fuzzing #fuzzingtips
hardik05 · @hardik05
90 followers · 8 posts · Server infosec.exchangeI have a YouTube channel where I talk about fuzzing, please like subscribe and share:
https://youtube.com/@MrHardik05
#fuzzing #vulnerability #afl #AFLplusplus #libfuzzer #winafl #jackalope #honggfuzz
#fuzzing #vulnerability #afl #aflplusplus #libfuzzer #winafl #jackalope #honggfuzz
hardik05 · @hardik05
90 followers · 8 posts · Server infosec.exchangeLet’s replicate latest #OpenSSL vulnerabilities with the provided test cases and then find one using #libfuzzer #video #spookyssl
#openssl #libfuzzer #video #SpookySSL
ITSEC News · @itsecbot
687 followers · 32461 posts · Server schleuss.online
Google launches FuzzBench service to benchmark fuzzing tools - Google has announced FuzzBench, a free service “for painlessly evaluating fuzzers in a reproducibl... more: https://nakedsecurity.sophos.com/2020/03/05/google-launches-fuzzbench-service-to-benchmark-fuzzing-tools/ #securitythreats #fuzzbench #honggfuzz #libfuzzer #eclipser #oss-fuzz #fuzzers #fuzzing #google #qsym #afl
#afl #qsym #google #fuzzing #fuzzers #oss #eclipser #libfuzzer #honggfuzz #fuzzbench #securitythreats