Skip to main content

LibFuzzer

Skill Verified Active
Part of:Testing Handbook Skills

Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.

Purpose

To guide developers in quickly setting up and effectively using libFuzzer for fuzzing C/C++ code, enabling them to find bugs and improve code security.

Features

  • Coverage-guided fuzzing with libFuzzer
  • Detailed harness writing guidance
  • Compilation instructions with sanitizers
  • Corpus management and optimization strategies
  • Running fuzzing campaigns and interpreting results

Use Cases

  • When needing to set up fuzzing for a C/C++ project compiled with Clang.
  • When wanting a simple, integrated fuzzing solution for quick setup.
  • When transitioning from libFuzzer to more advanced fuzzers.
  • When aiming to find memory errors and undefined behavior in C/C++ code.

Non-Goals

  • Providing alternative fuzzers like AFL++ or LibAFL as the primary solution.
  • Fuzzing code not compatible with Clang.
  • Guiding advanced custom fuzzer development beyond standard libFuzzer usage.

Workflow

  1. Understand libFuzzer's purpose and when to use it.
  2. Install prerequisites (LLVM/Clang).
  3. Write a fuzzing harness (LLVMFuzzerTestOneInput).
  4. Compile the target code with fuzzing instrumentation.
  5. Manage the corpus (initial seeds, minimization).
  6. Run fuzzing campaigns and interpret results/crashes.

Prerequisites

  • LLVM/Clang compiler
  • Optional: LLVM tools for coverage analysis

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Quality Score

Verified
95 /100
Analyzed about 15 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

Skill
alirezarezvani

AFL++ Fuzzer

95

AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.

Skill
trailofbits

AddressSanitizer

85

AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.

Skill
trailofbits

Libafl

79

LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.

Skill
trailofbits

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Skill
wshobson

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill
trailofbits

© 2025 SkillRepo · Find the right skill, skip the noise.