Fuzzing : A Comparison of Fuzzing Tools

It is critical to detect bugs or vulnerabilities in software because they can serve as an entry point for an attacker, potentially leading to serious consequences. These bugs or vulnerabilities could be the result of a programming error in the design of the software or program. Manually locating all bugs or vulnerabilities in the field of software security is an error-prone and complex task. These efforts can be reduced by a technique known as Fuzzing or Fuzz Testing, which is based on the ability to detect bugs or vulnerabilities by generating inputs of various types (valid, invalid, malformed, etc.) that are fed into the software and tested repeatedly. There are several Fuzzing Tools (Fuzzers) available that frequently succeed in identifying vulnerabilities. This work demonstrates the complete operation of three fuzzers, namely American Fuzzy Lop (AFL), LibFuzzer, and Angora Fuzzer, as well as a comparison of these fuzzers with program metrics such as code coverage, types of bugs or vulnerabilities detected, number of bugs detected, and execution speed, which in turn measures the fuzzer’s performance.