ziggy 1.3.5

A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99

# `ziggy`

`ziggy` is a fuzzer manager for Rust projects which is built to:

- launch different fuzzers in parallel with a shared corpus
- create and monitor continuous fuzzing pipelines

## Feature set

- 🀹 handling of different fuzzing processes in parallel ([honggfuzz](https://github.com/google/honggfuzz), [AFL++](https://github.com/aflplusplus/aflplusplus))
- πŸ—ƒοΈ one shared corpus for all fuzzers
- 🀏 effortless corpus minimization
- πŸ“Š insightful monitoring
- 🎯 easy coverage report generation
- πŸ˜Άβ€πŸŒ«οΈ Arbitrary trait support

Features will also include:

- πŸ‡ [LibAFL](https://github.com/aflplusplus/libafl) integration
- πŸ“¨ notification of new crashes via bash hook

## Usage example

First, install `ziggy` and its dependencies by running:

```bash
cargo install --force ziggy cargo-afl honggfuzz grcov
```

Here is the output of the tool's help:

```text
$ cargo ziggy
A multi-fuzzer management utility for all of your Rust fuzzing needs πŸ§‘β€πŸŽ€

Usage: cargo ziggy <COMMAND>

Commands:
  build      Build the fuzzer and the runner binaries
  fuzz       Fuzz targets using different fuzzers in parallel
  run        Run a specific input or a directory of inputs to analyze backtrace
  minimize   Minimize the input corpus using the given fuzzing target
  cover      Generate code coverage information using the existing corpus
  plot       Plot AFL++ data using afl-plot
  add-seeds  Add seeds to the running AFL++ fuzzers
  triage     Triage crashes found with casr - currently only works for AFL++
  help       Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version
```

To create a fuzzer, simply add `ziggy` as a dependency.

```toml
[dependencies]
ziggy = { version = "1.3.5", default-features = false }
```

Then use the `fuzz!` macro inside your `main` to create a harness.

```rust
fn main() {
    ziggy::fuzz!(|data: &[u8]| {
        println!("{data:?}");
    });
}
```

For a well-documented fuzzer, see [the url example](./examples/url/).

## The `output` directory

After you've launched your fuzzer, you'll find a couple of items in the `output` directory:

- the `corpus` directory containing the full corpus
- the `crashes` directory containing any crashes detected by the fuzzers
- the `logs` directory containing a fuzzer log files
- the `afl` directory containing AFL++'s output
- the `honggfuzz` directory containing Honggfuzz's output
- the `queue` directory that is used by ziggy to pass items from AFL++ to Honggfuzz

## Note about coverage

The `cargo cover` command will not generate coverage for the dependencies of your fuzzed project
by default.

If this is something you would like to change, you can use the following trick:
```bash
CARGO_HOME=.cargo cargo ziggy cover 
```

This will clone every dependency into a `.cargo` directory and this directory will be included in
the generated coverage.

## `ziggy` logs

If you want to see `ziggy`'s internal logs, you can set `RUST_LOG=INFO`.