Live Stream | Tuesday, October 4th | 16:00 CEST
Uncovering Hidden Bugs and Vulnerabilities in C/C++
How to Fuzz Your Code With 3 Commands
Upcoming Live Stream
What to Expect
CI Fuzz CLI is an open-source solution that lets you run feedback-based fuzz tests from your command line. Every developer can use it to find bugs and vulnerabilities with three simple commands.
In this live stream, our expert Jochen will:
- Cover the current state of fuzz testing
- Set up CLI fuzzing within 3 commands
- Uncover multiple bugs and severe memory corruption vulnerabilities
All code examples and tools used are open-source.
# Initialize fuzzing
$ cifuzz init
# Create your first fuzz test
$ cifuzz create my_fuzz_test
# Run fuzz test and find bugs
$ cifuzz run my_fuzz_test
Your host Jochen Hilgers is one of the maintainers of CI Fuzz CLI. In his work as a Senior Software Engineer at Code Intelligence, he specializes in CLI-integrated software testing solutions. Jochen also holds a master's in Computer Science from Hochschule Trier and has a background in Backend and Web Development with a strong focus on software quality.
IMPORTANT: This project is under active development. Be aware that the behaviour of the commands or the configuration can change.
cifuzz is a CLI tool that helps you to integrate and run fuzzing based tests into your project.
If you are new to the world of fuzzing, we recommend you to take a look at our Glossary.
Building from Source (Linux)
CMake >= 3.16
LLVM >= 11
go >= 1.18
Ubuntu / Debian
sudo apt install git make cmake clang llvm golang-go libcap-dev
sudo pacman -S git make cmake clang llvm go libcap
To build cifuzz from source you have to execute the following steps:
git clone https://github.com/CodeIntelligenceTesting/cifuzz.git
If everything went fine, you will find the newly created directory
~/cifuzz. Do not forget to add
~/cifuzz/bin to your
To verify the installation we recommend you to start a fuzzing run in one of our example projects:
cifuzz run my_fuzz_target
This should stop after a few seconds with an actual finding.
Setup / Create Your First Fuzz Target
cifuzz commands will interactively guide you through the needed options and show next steps. You can find a complete list of the available commands with all supported options and parameters by calling
cifuzz command --help or here.
Step 1: To initialize your project with cifuzz just execute
cifuzz init in the root directory of your project. This will create a file named
cifuzz.yaml containing the needed configuration.
Step 2: The next step is to create a fuzz target. Execute
cifuzz create and follow the instructions given by the command. This will create a stub for your fuzz test (aka fuzz target), lets say it is called
Step 3: Edit
my_fuzz_test.cpp so it actually calls the function you want to test with the input generated by the fuzzer. To learn more about writing fuzz tests, you can take a look at our Tutorial or one of the example projects.
Step 4: Start the fuzzing by executing
cifuzz run my_fuzz_test. cifuzz now tries to build the fuzz test and starts a fuzzing run.