ziggy 0.1.0

A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

# `ziggy`

`ziggy` is a tool we are building to:
- launch different fuzzers in parallel for all of our fuzzing campaigns, with a shared corpus
- create and monitor continuous fuzzing pipelines

## Feature set

Features will include:

- 🀹 handling of different fuzzing processes in parallel (libfuzzer, honggfuzz, afl++, libafl)
- πŸ—ƒοΈ one shared corpus for all fuzzers
- 🀏 regular corpus minimization
- πŸ“Š insightful monitoring
- 🎯 easy coverage report generation

Features could also include:
- πŸ“¨ notification of new crashes via a simple email hook (limited to 1/day to avoid spamming)
- πŸ˜Άβ€πŸŒ«οΈ Arbitrary trait support ([like here](https://github.com/rust-fuzz/afl.rs/blob/master/examples/arbitrary.rs))
- ⬇️ Auto-pull of latest target project version

## Usage example

First, you install `ziggy` by running:
```
cargo install ziggy
```

Here is a potential output of the tool's help:
```
$ cargo ziggy
cargo-ziggy 0.1.0
A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€

USAGE:
    cargo ziggy COMMAND

OPTIONS:
    -h, --help       Print help information
    -V, --version    Print version information

COMMANDS:
    cover   Generate code coverage information using the existing corpus
    fuzz    Fuzz targets using different fuzzers in parallel
    help    Print this message or the help of the given subcommand(s)
    init    Create a new fuzzing target
    run     Run a specific input or a directory of inputs to analyze backtrace
```

Let's say we want to fuzz the `url` crate (which is the example used [here](https://rust-fuzz.github.io/book/cargo-fuzz/tutorial.html)).
First, we clone the `rust-url` repository. Inside of it, we initiate the fuzz project.

```
cargo ziggy init
```

This will create a cargo sub-crate, which can contain a collection of fuzzing targets.

Our harness might look like:

```rust
extern crate url;

// A fuzz target starts with `fuzz_`
pub fn fuzz_url(data: &[u8]) {
    if let Ok(s) = std::str::from_utf8(data) {
        let _ = url::Url::parse(&s);
    }
}
```

We can then launch the fuzzers by running:

```
cargo ziggy fuzz
```

This will use sensible defaults (e.g. only use 1/4 of the machine's ressources in total), but some options will be available for `ziggy` and every underlying fuzzer.

For example:
- defining a specific dictionary file
- defining a custom directory for the corpus
- defining the CPUS/threads available