Read the core fuzzing concepts document to learn the basic methodology from scratch.
Follow the toolchain setup notes to configure your own fuzzing environment.
Practice crash analysis and triage against the included sample vulnerable programs.
Reference the notes on coverage-guided fuzzing and building input corpora.
| 0xazanul/fuzz-skill | jakobfriedl/logon-monitor-bof | lessica/unseen | |
|---|---|---|---|
| Stars | 31 | 31 | 31 |
| Language | C | C | C |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 3/5 | 4/5 | 3/5 |
| Audience | researcher | ops devops | general |
Figures from each repo's GitHub metadata at analysis time.
This is a reference collection of notes and sample programs, not a runnable tool, and requires authorization before testing any system you do not own.
fuzz-skill is a personal reference collection covering fuzzing, a software testing technique where you feed a program large volumes of random or semi-random inputs to find crashes, unexpected behavior, or security vulnerabilities. The repository is built from the author's own experience in vulnerability research rather than being a polished tutorial. The contents are organized around a few practical documents. One file covers core fuzzing concepts and methodology. Another covers toolchain setup, meaning how to configure the tools you actually run fuzzes with. A third document walks through crash analysis and triage, which is the process of examining what happened after a fuzzer finds a crash and deciding whether it represents a real security flaw or a benign failure. The repository also includes sample vulnerable programs for practicing against. The topics listed give a sense of the depth: coverage-guided fuzzing (where the fuzzer tracks which code paths it has reached and steers inputs toward unexplored ones), writing harnesses that connect a fuzzer to the target code, building and shrinking input collections called corpora, integrating memory-safety checkers like AddressSanitizer, and automating the overall process. The README explicitly states this material is for educational, research, and defensive security purposes, and notes that authorization is required before testing software or systems you do not own. No license has been set on the repository. The content is sparse in places given the short README, but the structure suggests it is an evolving personal knowledge base.
A personal reference collection of notes on fuzzing, a technique for finding software bugs with random inputs, for educational use.
Mainly C. The stack also includes C, AddressSanitizer.
No license has been set on the repository, so no rights are granted to use, modify, or redistribute it beyond viewing.
Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.
Mainly researcher.
This repo across BitVibe Labs
Verify against the repo before relying on details.