coverage guided fuzz testing for python
Alternatives To Pythonfuzz
Project NameStarsDownloadsRepos Using ThisPackages Using ThisMost Recent CommitTotal ReleasesLatest ReleaseOpen IssuesLicenseLanguage
Istanbul8,577132,06543,4414 months ago95August 21, 2016400otherJavaScript
Yet another JS code coverage tool that computes statement, line, function and branch coverage with module loader hooks to transparently add coverage when running tests. Supports all JS coverage use cases including unit tests, server side functional tests and browser tests. Built for scale.
Keystone7,7511,329423 days ago171July 15, 2019102mitTypeScript
The most powerful headless CMS for Node.js — built with GraphQL and React
19 hours ago95April 25, 2021281apache-2.0Go
syzkaller is an unsupervised coverage-guided kernel fuzzer
Cypress Realworld App4,447
3 days ago16mitTypeScript
A payment application to demonstrate real-world usage of Cypress testing methods, patterns, and workflows.
Intern4,3621,2923622 months ago112November 29, 2021139otherTypeScript
A next-generation code testing stack for JavaScript.
Joint3,849271442 days ago46April 08, 202258mpl-2.0JavaScript
A proven SVG-based JavaScript diagramming library powering exceptional UIs
2 days ago22apache-2.0C
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!
Coverlet2,674918379 days ago13February 06, 2022144mitC#
Cross platform code coverage for .NET
Reportgenerator2,0857592412 days ago267May 18, 20222apache-2.0C#
ReportGenerator converts coverage reports generated by coverlet, OpenCover, dotCover, Visual Studio, NCover, Cobertura, JaCoCo, Clover, gcov or lcov into human readable reports in various formats.
Tarpaulin1,916162 days ago96August 30, 202243apache-2.0Rust
A code coverage tool for Rust projects
Alternatives To Pythonfuzz
Select To Compare

Alternative Project Comparisons
Readme was acquired by GitLab and the new home for this repo is here

pythonfuzz: coverage-guided fuzz testing for python

PythonFuzz is coverage-guided fuzzer for testing python packages.

Fuzzing for safe languages like python is a powerful strategy for finding bugs like unhandled exceptions, logic bugs, security bugs that arise from both logic bugs and Denial-of-Service caused by hangs and excessive memory usage.

Fuzzing can be seen as a powerful and efficient strategy in real-world software in addition to classic unit-tests.


Fuzz Target

The first step is to implement the following function (also called a fuzz target). Here is an example of a simple fuzz function for the built-in html module

from html.parser import HTMLParser
from pythonfuzz.main import PythonFuzz

def fuzz(buf):
        string = buf.decode("ascii")
        parser = HTMLParser()
    except UnicodeDecodeError:

if __name__ == '__main__':

Features of the fuzz target:

  • fuzz will call the fuzz target in an infinite loop with random data (according to the coverage guided algorithm) passed to buf( in a separate process).
  • The function must catch and ignore any expected exceptions that arise when passing invalid input to the tested package.
  • The fuzz target must call the test function/library with with the passed buffer or a transformation on the test buffer if the structure is different or from different type.
  • Fuzz functions can also implement application level checks to catch application/logical bugs - For example: decode the buffer with the testable library, encode it again, and check that both results are equal. To communicate the results the result/bug the function should throw an exception.
  • pythonfuzz will report any unhandled exceptions as crashes as well as inputs that hit the memory limit specified to pythonfuzz or hangs/they run more the the specified timeout limit per testcase.


The next step is to download pythonfuzz and then run your fuzzer

pip install pythonfuzz
python examples/htmlparser/

#394378 NEW     cov: 608 corp: 24 exec/s: 1119 rss: 10.73828125 MB
subclasses of ParserBase must override error()
Traceback (most recent call last):
  File "/Users/yevgenyp/fuzzitdev/pythonfuzz/pythonfuzz/", line 21, in worker
  File "examples/htmlparser/", line 12, in fuzz
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/html/", line 111, in feed
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/html/", line 179, in goahead
    k = self.parse_html_declaration(i)
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/html/", line 264, in parse_html_declaration
    return self.parse_marked_section(i)
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/", line 159, in parse_marked_section
    self.error('unknown status keyword %r in marked section' % rawdata[i+3:j])
  File "/usr/local/Cellar/python/3.7.4/Frameworks/Python.framework/Versions/3.7/lib/python3.7/", line 34, in error
    "subclasses of ParserBase must override error()")
NotImplementedError: subclasses of ParserBase must override error()
crash was written to crash-dbfa437e5956643645681fe6a3ac76997be0b29a7c7af82d88c8c390f379502d
crash = 3c215b63612121

This example quickly finds an an unhandled exception/flow in a few minutes.


PythonFuzz will generate and test various inputs in an infinite loop. corpus is optional directory and will be used to save the generated testcases so later runs can be started from the same point and provided as seed corpus.

PythonFuzz can also start with an empty directory (i.e no seed corpus) though some valid test-cases in the seed corpus may speed up the fuzzing substantially.

PythonFuzz tries to mimic some of the arguments and output style from libFuzzer.

More fuzz targets examples (for real and popular libraries) are located under the examples directory and bugs that were found using those targets are listed in the trophies section.

Credits & Acknowledgments

PythonFuzz is a port of fuzzitdev/jsfuzz

which is in turn heavily based on go-fuzz originally developed by Dmitry Vyukov's. Which is in turn heavily based on Michal Zalewski AFL.


Contributions are welcome!:) There are still a lot of things to improve, and tests and features to add. We will slowly post those in the issues section. Before doing any major contribution please open an issue so we can discuss and help guide the process before any unnecessary work is done.


Feel free to add bugs that you found with pythonfuzz to this list via pull-request

Popular Testing Projects
Popular Code Coverage Projects
Popular Software Quality Categories
Related Searches

Get A Weekly Email With Trending Projects For These Categories
No Spam. Unsubscribe easily at any time.
Fuzz Testing