Crate ziggy 

ziggy

ziggy is a fuzzer manager for Rust projects which is built to:

• launch different fuzzers in parallel with a shared corpus
• create and monitor continuous fuzzing pipelines

Feature set

• 🤹 handling of different fuzzing processes in parallel (honggfuzz, AFL++)
• 🗃️ one shared corpus for all fuzzers
• 🤏 effortless corpus minimization
• 📊 insightful monitoring
• 🎯 easy coverage report generation
• 😶‍🌫️ Arbitrary trait support

Features will also include:

• 🐇 LibAFL integration
• 📨 notification of new crashes via bash hook

Usage example

First, install ziggy and its dependencies by running:

cargo install --force ziggy cargo-afl honggfuzz

Here is the output of the tool’s help:

$ cargo ziggy
A multi-fuzzer management utility for all of your Rust fuzzing needs 🧑‍🎤

Usage: cargo ziggy <COMMAND>

Commands:
  build      Build the fuzzer and the runner binaries
  fuzz       Fuzz targets using different fuzzers in parallel
  run        Run a specific input or a directory of inputs to analyze backtrace
  minimize   Minimize the input corpus using the given fuzzing target
  cover      Generate code coverage information using the existing corpus
  plot       Plot AFL++ data using afl-plot
  add-seeds  Add seeds to the running AFL++ fuzzers
  triage     Triage crashes found with CASR - currently only works for AFL++
  stability  Analyze harness stability by detecting non-deterministic code paths
  clean      Remove generated artifacts from the target directory
  help       Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

To create a fuzzer, simply add ziggy as a dependency.

[dependencies]
ziggy = { version = "1.7.0", default-features = false }

Then use the fuzz! macro inside your main to create a harness.

fn main() {
    ziggy::fuzz!(|data: &[u8]| {
        println!("{data:?}");
    });
}

For a well-documented fuzzer, see the url example.

The output directory

After you’ve launched your fuzzer, you’ll find a couple of items in the output/<target> directory:

• the corpus directory containing the full corpus
• the crashes directory containing any crashes detected by the fuzzers
• the timeouts directory containing any timeouts/hangs detected by the fuzzers
• the logs directory containing fuzzer log files
• the afl directory containing AFL++’s output
• the honggfuzz directory containing Honggfuzz’s output
• the queue directory that is used by ziggy to pass items from AFL++ to Honggfuzz

Coverage

Generate an HTML coverage report from your existing shared corpus:

cargo ziggy cover

The report entry point will be in ziggy’s output directory at ./<target>/coverage/index.html. It can be changed to <dir>/index.html using the -o <dir> option.

You can select different output formats or specify a custom input corpus:

cargo ziggy cover \
    -i path/to/corpus \  # custom input corpus directory
    -t html \            # navigable source-level report (default)
    -t text \            # same folder structure as html, but plain-text summaries
    -t json \            # machine-readable per-file data
    -t lcov              # standard tracefile for CI tools like Codecov

Trophy case

CVE-2026-24116 was found in wasmtime by differential fuzzing with wasmi

Macros

fuzz

Fuzz a closure-like block of code by passing a slice or an object of arbitrary type.