google
honggfuzz
C

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)

Last updated Jul 9, 2026
3.4k
Stars
534
Forks
28
Issues
+3
Stars/day
Attention Score
98
Language breakdown
C 93.2%
Makefile 4.9%
Python 1.3%
Shell 0.6%
Dockerfile 0.1%
โ–ธ Files click to expand
README

Honggfuzz

A security-oriented, feedback-driven, evolutionary fuzzer.

Honggfuzz is a general-purpose fuzzer that uses code coverage (software and hardware-based) to find bugs. It is multi-process, multi-threaded, and supports persistent fuzzing for extreme speed.

Key Features

  • Fast: Multi-process and multi-threaded engine. unlocking full CPU potential.
  • Persistent Fuzzing: Test APIs directly in-process with iteration speeds up to 1M/sec.
  • Feedback-Driven: Uses hardware (Intel BTS/PT) and software code coverage to evolve inputs.
  • Easy: Can start with an empty corpus and automatically build a valid input set.
  • Deep Monitoring: Uses low-level APIs (ptrace) to detect hijacked signals and hidden crashes.
  • Broad Support: Linux, macOS, Android, NetBSD, FreeBSD, and Windows (Cygwin).

Installation

Dependencies

Linux (Ubuntu/Debian)

sudo apt-get install binutils-dev libunwind-dev libblocksruntime-dev clang

macOS Requires Xcode (10.8+) and libblocksruntime.

Build

make

Compilation wrappers are created in hfuzz_cc/

Usage

1. Compile Target

Use the provided compiler wrappers to automatically add instrumentation:
# C code
./hfuzzcc/hfuzz-clang -o mytarget my_target.c

C++ code

./hfuzzcc/hfuzz-clang++ -o mytarget my_target.cpp

2. Run Fuzzer

Point it to an input corpus directory (can be empty) and your binary:
# Basic run
./honggfuzz -i inputdir/ -- ./mytarget FILE

Persistent mode (faster)

./honggfuzz -P -i inputdir/ -- ./mytarget

Note: FILE is a placeholder for the input filename generated by honggfuzz.

For advanced examples (Apache, OpenSSL, BIND, etc.), check the examples/ directory.

See USAGE.md for detailed options.

Trophies

Honggfuzz has discovered major security vulnerabilities in critical software.

HTTP & Servers

  • Apache HTTPD:
* CVE-2017-7659 (mod_http2 remote crash) * CVE-2017-9789 (Use-after-free) * CVE-2018-1301, CVE-2018-1302, CVE-2018-1303
  • OpenSSH: Pre-auth remote crash (commit 28652bca)
  • BIND: Multiple bugs
  • NGINX Unit: Infinite loop
  • ProFTPD: CVE-2019-18217 (DoS)
  • Samba: CVE-2019-14907, CVE-2020-10745, CVE-2021-20277

Cryptography & SSL

  • OpenSSL:
* CVE-2016-6309 (Critical, Potential RCE) * CVE-2015-1789, CVE-2016-7054, CVE-2017-3731
  • LibreSSL: Multiple crashes and invalid frees
  • BoringSSL: Uninitialized memory use
  • Crypto++: CVE-2016-9939 (Remote DoS)

Languages & Interpreters

  • PHP: WDDX bugs, generic interpreter crashes
  • Python/Ruby: Interpreter bugs
  • Rust: Panics/safety issues in regex, h2, sleep-parser, lewton
  • Perl: Multiple interpreter crashes

Media & Formats

  • FreeType 2: CVE-2010-2497 through CVE-2010-2527 (7+ CVEs)
  • LibTIFF: Multiple bugs
  • LibJPEG/Turbo: Multiple bugs
  • VLC: Double-free RCE
  • Adobe Flash: CVE-2015-0316
  • ImageIO (iOS/macOS): Multiple security problems (Project Zero)
  • LibreOffice: Memory corruption

System & Utils

  • Systemd: Tested by honggfuzz
  • fwupd: 17+ bugs found
  • TCPDump: Multiple bugs
  • Rsyslog: Multiple bugs
(See OSS-Fuzz for hundreds more)

Projects Using Honggfuzz

  • Google OSS-Fuzz: Continuous fuzzing for open source software.
  • Android: Used by Android Security team.
  • Rust: honggfuzz-rs crate for fuzzing Rust code.
  • Bitcoin Core: Fuzzing infrastructure.
  • Apache HTTP Server: CI fuzzing.
  • Systemd: CI fuzzing.
  • Cifasis QuickFuzz
  • Mozilla FuzzOS

License

Apache License 2.0.

This is NOT an official Google product

๐Ÿ”— More in this category

ยฉ 2026 GitRepoTrend ยท google/honggfuzz ยท Updated daily from GitHub