此内容尚未提供您的语言版本,正在以英文显示。

LibFuzzer

技能已验证活跃

Coverage-guided fuzzer built into LLVM for C/C++ projects. Use for fuzzing C/C++ code that can be compiled with Clang.

目的

To guide developers in quickly setting up and effectively using libFuzzer for fuzzing C/C++ code, enabling them to find bugs and improve code security.

功能

Coverage-guided fuzzing with libFuzzer
Detailed harness writing guidance
Compilation instructions with sanitizers
Corpus management and optimization strategies
Running fuzzing campaigns and interpreting results

使用场景

When needing to set up fuzzing for a C/C++ project compiled with Clang.
When wanting a simple, integrated fuzzing solution for quick setup.
When transitioning from libFuzzer to more advanced fuzzers.
When aiming to find memory errors and undefined behavior in C/C++ code.

非目标

Providing alternative fuzzers like AFL++ or LibAFL as the primary solution.
Fuzzing code not compatible with Clang.
Guiding advanced custom fuzzer development beyond standard libFuzzer usage.

工作流

Understand libFuzzer's purpose and when to use it.
Install prerequisites (LLVM/Clang).
Write a fuzzing harness (LLVMFuzzerTestOneInput).
Compile the target code with fuzzing instrumentation.
Manage the corpus (initial seeds, minimization).
Run fuzzing campaigns and interpret results/crashes.

先决条件

LLVM/Clang compiler
Optional: LLVM tools for coverage analysis

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills

/plugin install testing-handbook-skills@trailofbits

质量评分

已验证

95 /100

1 day ago 分析

信任信号

最近提交3 days ago

GitHub 所有者 trailofbits

星标5.2k

许可证CC-BY-SA-4.0

状态

查看源代码

类似扩展

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

技能

alirezarezvani

AFL++ Fuzzer

AFL++ is a fork of AFL with better fuzzing performance and advanced features. Use for multi-core fuzzing of C/C++ projects.

技能

trailofbits

AddressSanitizer

AddressSanitizer detects memory errors during fuzzing. Use when fuzzing C/C++ code to find buffer overflows and use-after-free bugs.

技能

trailofbits

Libafl

LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets.

技能

trailofbits

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

技能

wshobson

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

技能

trailofbits