FuzzSim[1]: Black-box Fuzzing Simulator

Black-box mutational fuzzing is an effective, albeit simple, way to find bugs in software. Given a set of fuzzing configurations, which can be thought of as pairs of programs and seeds, FuzzSim evaluates various methods for scheduling the fuzzing of these pairs. The key feature of the system is that comprehensive data on fuzzing all pairs is obtained in advance, so that any scheduling algorithm's performance can be observed without duplication of fuzzing effort. Thus, we call FuzzSim a simulated scheduler for black-box fuzzing. The main purpose of FuzzSim is to determine the method of scheduling fuzzing on the input pairs that generates the most unique bugs in a fixed amount of time.

Installation

Download FuzzSim source code and baseline data from the link.
After downloading the source code, simply type:
$ tar xvfz fuzzsim-0.1.tgz
$ cd fuzzsim-0.1
$ ./configure
$ make

Quick Start

To see the usage, type:
$ ./fuzzsim -help
For example, you can simulate RPM algorithm with epsilon-greedy and fixed-time epoch on the intra-program dataset (see [1] for more information about our datasets) using the following command:
$ ./fuzzsim -load ./fuzzsim-ffmpeg.dat \
    -t 864000 \
    -belief rpm \
    -epoch t \
    -mab e \
    -dedup -seed 0 -epsilon 0.1 -alpha 0.0 -beta 1.0
We also provide an online API document for FuzzSim from the following link: (doc).

Reference

[1] Scheduling Black-box Mutational Fuzzing, Maverick Woo, Sang Kil Cha, Samantha Gottlieb, and David Brumley, In Proc. of 20th ACM CCS, 2013