===============
Sister projects
===============

  This doc lists some of the projects that are inspired by, derived from,
  designed for, or meant to integrate with AFL. See README for the general
  instruction manual.

-----------------
General interest:
-----------------

AFL Utils (rc0r)
----------------

  Simplifies the triage of discovered crashes, start parallel instances, etc.

  https://github.com/rc0r/afl-utils

afl-fuzzing-scripts (Tobias Ospelt)
-----------------------------------

  Simplifies starting up multiple parallel AFL jobs.

  https://github.com/floyd-fuh/afl-fuzzing-scripts/

Crashwalk (Ben Nagy)
--------------------

  AFL-aware tool to annotate and sort through crashing test cases.

  https://github.com/bnagy/crashwalk

Distfuzz-AFL (Martijn Bogaard)
------------------------------

  Simplifies the management of afl-fuzz instances on remote machines. The
  author notes that the current implementation isn't secure and should not
  be exposed on the Internet.

  https://github.com/MartijnB/disfuzz-afl

AFL fixup shim (Ben Nagy)
-------------------------

  Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
  that don't have C / .so bindings. Includes examples in Go.

  https://github.com/bnagy/aflfix

RecidiVM (Jakub Wilk)
---------------------

  Makes it easy to estimate memory usage limits when fuzzing with ASAN or MSAN.

  http://jwilk.net/software/recidivm

Static binary-only instrumentation (Aleksandar Nikolich)
--------------------------------------------------------

  Allows black-box binaries to be instrumented statically (i.e., by modifying
  the binary ahead of the time, rather than translating it on the run). Author
  reports better performance compared to QEMU, but occasional translation
  errors with stripped binaries.

  https://github.com/vrtadmin/moflow/tree/master/afl-dyninst

AFL PIN (Parker Thompson)
-------------------------

  Early-stage Intel PIN instrumentation support (from before we settled on
  faster-running QEMU).

  https://github.com/mothran/aflpin

AFL-style instrumentation in llvm (Kostya Serebryany)
-----------------------------------------------------

  Allows AFL-equivalent instrumentation to be injected at compiler level.
  This is currently not supported by AFL as-is, but may be useful in other
  projects.

  https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters

AFL-style in-process fuzzer for llvm (Kostya Serebryany)
--------------------------------------------------------

  Provides an evolutionary instrumentation-guided fuzzing harness that allows
  some programs to be fuzzed without the fork / execve overhead.

  https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer

Python AFL (Jakub Wilk)
-----------------------

  Allows fuzz-testing of Python programs. Uses custom instrumentation and its
  own forkserver.

  https://bitbucket.org/jwilk/python-afl

-------------------------------
Narrow-purpose or experimental:
-------------------------------

AFL JS (Han Choongwoo)
----------------------

  One-off optimizations to speed up the fuzzing of JavaScriptCore.

  https://github.com/tunz/afl-fuzz-js

afl.rs (Keegan McAllister)
--------------------------

  Allows Rust features to be easily fuzzed with AFL (using the LLVM mode).

  https://github.com/kmcallister/afl.rs

AFL harness for fwknop (Michael Rash)
-------------------------------------

  An example of a fairly involved integration with AFL.

  https://github.com/mrash/fwknop/tree/master/test/afl

Fuzzer shell for SQLite (Richard Hipp)
--------------------------------------

  A simple SQL shell designed specifically for fuzzing the underlying library.

  http://www.sqlite.org/src/artifact/9e7e273da2030371
