Skill

performing-fuzzing-with-aflplusplus

From asi

Perform coverage-guided fuzzing of compiled binaries using AFL++ to discover crashes, memory corruption, and vulnerabilities. Instruments with afl-cc, manages corpora via afl-cmin/tmin, runs afl-fuzz campaigns, triages with GDB.

Linux

security

testing

npx claudepluginhub plurigrid/asi --plugin asi

Tool Access

This skill uses the workspace's default tool permissions.

Preview

AFL++ is a community-maintained fork of American Fuzzy Lop (AFL) that provides coverage-guided

SKILL.md

Similar Skills

performing-fuzzing-with-aflplusplus

5.9k

Performs coverage-guided fuzzing of compiled binaries with AFL++ to discover crashes and vulnerabilities. Instruments targets, manages corpora, runs parallel campaigns, triages crashes.

3 files

cybersecurity-skills

performing-fuzzing-with-aflplusplus

Executes coverage-guided fuzzing with AFL++ on compiled binaries to discover memory corruption, crashes, and security vulnerabilities. Covers instrumentation with afl-cc, corpus management via afl-cmin/afl-tmin, parallel fuzzing, and crash triage using CASR/GDB.

3 files

cybersecurity-skills-zh

aflpp

Fuzzes binaries and source code using AFL++ to discover vulnerabilities and crashes. Useful for security audits and bug hunting in compiled programs.

asi

Stats

Parent Repo Stars16

Parent Repo Forks5

Last CommitApr 4, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Performing Fuzzing with AFL++

Overview

AFL++ is a community-maintained fork of American Fuzzy Lop (AFL) that provides coverage-guided fuzzing for compiled binaries. It instruments targets at compile time or via QEMU/Unicorn mode for binary-only fuzzing, then mutates input corpora to discover new code paths. AFL++ includes advanced scheduling (MOpt, rare), custom mutators, CMPLOG for input-to-state comparison solving, and persistent mode for high-throughput fuzzing.

When to Use

When conducting security assessments that involve performing fuzzing with aflplusplus

When following incident response procedures for related security events

When performing scheduled security testing or auditing activities

When validating security controls through hands-on testing

Prerequisites

AFL++ installed (apt install afl++ or build from source)

Target binary source code (for compile-time instrumentation) or QEMU mode for binary-only

Initial seed corpus of valid inputs for the target format

Linux system with /proc/sys/kernel/core_pattern configured

Steps

Instrument the target binary with afl-cc or afl-clang-fast

Prepare seed corpus directory with minimal valid inputs

Minimize corpus with afl-cmin to remove redundant seeds

Run afl-fuzz with appropriate flags (-i input -o output)

Monitor fuzzing progress via afl-whatsup and UI stats

Triage crashes with afl-tmin minimization and CASR/GDB analysis

Report unique crashes with reproduction steps

Expected Output

+++ Findings +++ unique crashes: 12 unique hangs: 3 last crash: 00:02:15 ago +++ Coverage +++ map density: 4.23% / 8.41% paths found: 1847 exec speed: 2145/sec