Linux repositories inspector

afl - Security-oriented fuzzer using compile-time instrumentation and genetic algorithms

American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road.

Compared to other instrumented fuzzers, afl-fuzz is designed to be practical: it has modest performance overhead, uses a variety of highly effective fuzzing strategies and effort minimization tricks, requires essentially no configuration, and seamlessly handles complex, real-world use cases - say, common image parsing or file compression libraries.
OpenSUSE iconOpenSUSE Tumbleweed
Arch iconArch rolling
Debian iconDebian 10.0
Manjaro iconManjaro rolling
OpenSUSE iconOpenSUSE Leap 15.0
OpenSUSE iconOpenSUSE Leap 15.1
OpenSUSE iconOpenSUSE Leap 15.2
Ubuntu iconUbuntu 18.04 LTS
Ubuntu iconUbuntu 18.10
Ubuntu iconUbuntu 19.04
Ubuntu iconUbuntu 17.10
Debian iconDebian 9.0
Ubuntu iconUbuntu 16.04 LTS
OpenSUSE iconOpenSUSE Leap 42.3
Arch iconArch rolling community/oszst2.56b-22020-02-16639 kiB2.59 MiB
Debian iconDebian 10.0 buster/maindeb2.52b-52019-01-29142 kiB430 kiB
Debian iconDebian 9.0 stretch/maindeb2.36b-12017-11-10139 kiB387 kiB
Manjaro iconManjaro rolling stable/communityxz2.52b-22019-02-19563 kiB2.73 MiB
Manjaro iconManjaro rolling testing/communityxz2.52b-22019-02-14563 kiB2.73 MiB
Manjaro iconManjaro rolling unstable/communityxz2.52b-22019-02-12563 kiB2.73 MiB
OpenSUSE iconOpenSUSE Leap 15.0 ossrpm2.52b-lp150.1.32019-01-17211 kiB546 kiB
OpenSUSE iconOpenSUSE Leap 15.1 ossrpm2.52b-lp151.2.32019-01-23211 kiB546 kiB
OpenSUSE iconOpenSUSE Leap 15.2 ossrpm2.52b-lp152.3.42020-01-07211 kiB546 kiB
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm1.92b-4.12019-01-17168 kiB461 kiB
OpenSUSE iconOpenSUSE Tumbleweed ossrpm2.62c-1.12020-03-02393 kiB1.21 MiB
Ubuntu iconUbuntu 17.10 artful/universedeb2.49b-12017-11-10110 kiB369 kiB
Ubuntu iconUbuntu 18.04 LTS bionic/universedeb2.52b-22018-02-26109 kiB367 kiB
Ubuntu iconUbuntu 18.10 cosmic/universedeb2.52b-22019-01-14109 kiB367 kiB
Ubuntu iconUbuntu 19.04 disco/universedeb2.52b-5ubuntu12019-01-27109 kiB407 kiB
Ubuntu iconUbuntu 16.04 LTS xenial/universedeb1.96b-22017-11-1093.4 kiB305 kiB

Manual pages


afl-analyze - file format analyzer for American Fuzzy Lop (afl)


afl-cmin - corpus minimization tool for American Fuzzy Lop (afl)


afl-fuzz - code fuzzer for American Fuzzy Lop (afl)


afl-g++ - g++ wrapper for American Fuzzy Lop (afl)


afl-gcc - gcc wrapper for American Fuzzy Lop (afl)


afl-gotcpu - CPU gizmo for American Fuzzy Lop (afl)


afl-plot - progress plotting utility for American Fuzzy Lop (afl)


afl-showmap - map display utility for American Fuzzy Lop (afl)


afl-tmin - test case minimizer for American Fuzzy Lop (afl)


afl-whatsup - status check tool for American Fuzzy Lop (afl)

























Latest updates

OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.61c-1.1 to 2.62c-1.1

  • updated to 2.62c
    • Important fix for memory allocation functions that result in afl-fuzz not identifying crashes - UPDATE!
    • Small fix for -E/-V to release the CPU
    • CmpLog does not need sancov anymore
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.60c-2.1 to 2.61c-1.1

  • updated to 2.61c
    • use -march=native if available
    • most tools now check for mistyped environment variables
    • gcc 10 is now supported
    • the memory safety checks are now disabled for a little more speed during fuzzing (only affects creating queue entries), can be toggled in config.h
    • afl-fuzz:
    • MOpt out of bounds writing crash fixed
    • now prints the real python version support compiled in
    • set stronger performance compile options and little tweaks
    • Android: prefer bigcores when selecting a CPU
    • CmpLog forkserver
    • Redqueen input-2-state mutator (cmp instructions only ATM)
    • all Python 2+3 versions supported now
    • changed execs_per_sec in fuzzer_stats from "current" execs per second (which is pointless) to total execs per second
    • bugfix for dictionary insert stage count (fix via Google repo PR)
    • added warning if -M is used together with custom mutators with _ONLY option
    • AFL_TMPDIR checks are now later and better explained if they fail
    • llvm_mode
    • InsTrim: three bug fixes:
      1. (minor) no pointless instrumentation of 1 block functions
      2. (medium) path bug that leads a few blocks not instrumented that
      should be
      1. (major) incorrect prev_loc was written, fixed!
    • afl-clang-fast:
    • show in the help output for which llvm version it was compiled for
    • now does not need to be recompiled between trace-pc and pass instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
    • LLVM 11 is supported
    • CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog)
    • afl-gcc, afl-clang-fast, afl-gcc-fast:
    • experimental support for undefined behaviour sanitizer UBSAN (set AFL_USE_UBSAN=1)
    • the instrumentation summary output now also lists activated sanitizers
    • afl-as: added isatty(2) check back in
    • added AFL_DEBUG (for upcoming merge)
    • qemu_mode:
    • persistent mode is now also available for arm and aarch64
    • CmpLog instrumentation for QEMU (-c afl-fuzz command line option) for x86, x86_64, arm and aarch64
    • AFL_PERSISTENT_HOOK callback module for persistent QEMU
      (see examples/qemu_persistent_hook)
    • added qemu_mode/ documentation
    • AFL_ENTRYPOINT noew has instruction granularity
    • afl-cmin is now a sh script (invoking awk) instead of bash for portability the original script is still present as afl-cmin.bash
    • afl-showmap: -i dir option now allows processing multiple inputs using the forkserver. This is for enhanced speed in afl-cmin.
    • added blacklist and whitelisting function check in all modules of llvm_mode
    • added fix from Debian project to compile libdislocator and libtokencap
    • libdislocator: AFL_ALIGNED_ALLOC to force size alignment to max_align_t
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.60c-1.1 to 2.60c-2.1

  • added radamsa mutator
Arch icon

Arch rolling community/os: Updated from 2.56b-1 to 2.56b-2

OpenSUSE icon

OpenSUSE Leap 15.2 oss: Version 2.52b-lp152.3.4 introduced

  • Update to version 2.52b:
    • Upgraded QEMU patches from 2.3.0 to 2.10.0. Required troubleshooting several weird issues.
    • Added setsid to afl-showmap. See the notes for 2.51b.
    • Added target mode (deferred, persistent, qemu, etc) to fuzzer_stats.
    • afl-tmin should now save a partially minimized file when Ctrl-C is pressed.
    • Added an option for afl-analyze to dump offsets in hex.
    • Added support for parameters in
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.59c-1.1 to 2.60c-1.1

  • updated to 2.60c
    • fixed a critical bug in afl-tmin that was introduced during ++2.53d
    • added test cases for afl-cmin and afl-tmin to test/
    • added ./experimental/argv_fuzzing ld_preload library by Kjell Braden
    • added preeny's desock_dup ld_preload library as
      ./experimental/socket_fuzzing for network fuzzing
    • added AFL_AS_FORCE_INSTRUMENT environment variable for afl-as - this is for the retrorewrite project
    • we now set QEMU_SET_ENV from AFL_PRELOAD when qemu_mode is used
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.58c-1.1 to 2.59c-1.1

  • updated to 2.59c
    • qbdi_mode: fuzz android native libraries via QBDI framework
    • unicorn_mode: switched to the new unicornafl, thanks domenukk (see
    • afl-fuzz:
    • added radamsa as (an optional) mutator stage (-R[R])
    • added -u command line option to not unlink the fuzz input file
    • Python3 support (autodetect)
    • AFL_DISABLE_TRIM env var to disable the trim stage
    • CPU affinity support for DragonFly
    • llvm_mode:
    • float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
    • support for llvm 10 included now (thanks to devnexen)
    • libtokencap:
    • support for *BSD/OSX/Dragonfly added
    • hook common *cmp functions from widely used libraries
    • compcov:
    • hook common *cmp functions from widely used libraries
    • floating point splitting support for QEMU on x86 targets
    • qemu_mode: AFL_QEMU_DISABLE_CACHE env to disable QEMU TranslationBlocks caching
    • afl-analyze: added AFL_SKIP_BIN_CHECK support
    • better random numbers for gcc_plugin and llvm_mode (thanks to devnexen)
    • Dockerfile by courtesy of devnexen
    • added regex.dictionary
    • qemu and unicorn download scripts now try to download until the full download succeeded. f*ckin travis fails downloading 40% of the time!
    • more support for Android (please test!)
    • added the few Android stuff we didnt have already from Google afl repository
    • removed unnecessary warnings
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.52c-2.1 to 2.58c-1.1

  • updated to 2.58c
    • reverted patch to not unlink and recreate the input file, it resulted in performance loss of ~10%
    • added test/ script
    • (re)added gcc_plugin, fast inline instrumentation is not yet finished, however it includes the whitelisting and persistance feature! by hexcoder-
    • gcc_plugin tests added to testing framework
  • jump to 2.57 instead of 2.55 to catch up with Google's versioning
    • persistent mode for QEMU (see qemu_mode/
    • custom mutator library is now an additional mutator, to exclusivly use it
    • add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour)
    • new library qemu_mode/unsigaction which filters sigaction events
    • afl-fuzz: new command line option -I to execute a command on a new crash
    • no more unlinking the input file, this way the input file can also be a
    • FIFO or disk partition
    • setting LLVM_CONFIG for llvm_mode will now again switch to the selected
    • llvm version. If your setup is correct.
    • fuzzing strategy yields for custom mutator were missing from the UI, added them :)
    • added "make tests" which will perform checks to see that all functionality
    • is working as expected. this is currently the starting point, its not complete :)
    • added mutation documentation feature ("make document"), creates afl-fuzz-document
    • and saves all mutations of the first run on the first file into out/queue/mutations
    • libtokencap and libdislocator now compile to the afl_root directory and are
    • installed to the .../lib/afl directory when present during make install
    • more BSD support, e.g. free CPU binding code for FreeBSD (thanks to devnexen)
    • reducing duplicate code in afl-fuzz
    • added "make help"
    • removed compile warnings from python internal stuff
    • added man page for afl-clang-fast[++]
    • updated documentation
    • Wine mode to run Win32 binaries with the QEMU instrumentation (-W)
    • CompareCoverage for ARM target in QEMU/Unicorn
  • 2.54c:
    • big code refactoring:
    • all includes are now in include/
    • all afl sources are now in src/ - see src/README.src
    • afl-fuzz was splitted up in various individual files for including
    • functionality in other programs (e.g. forkserver, memory map, etc.)
    • for better readability.
    • new code indention everywhere
    • auto-generating man pages for all (main) tools
    • added AFL_FORCE_UI to show the UI even if the terminal is not detected
    • llvm 9 is now supported (still needs testing)
    • Android is now supported (thank to JoeyJiao!) - still need to modify the Makefile though
    • fix building qemu on some Ubuntus (thanks to floyd!)
    • custom mutator by a loaded library is now supported (thanks to kyakdan!)
    • added PR that includes peak_rss_mb and slowest_exec_ms in the fuzzer_stats report
    • more support for *BSD (thanks to devnexen!)
    • fix building on *BSD (thanks to tobias.kortkamp for the patch)
    • fix for a few features to support different map sized than 2^16
    • afl-showmap: new option -r now shows the real values in the buckets (stock
    • afl never did), plus shows tuple content summary information now
    • small docu updates
    • NeverZero counters for QEMU
    • NeverZero counters for Unicorn
    • CompareCoverage Unicorn
    • immediates-only instrumentation for CompareCoverage
  • 2.53c release
    • imported the few minor changes from the 2.53b release
    • unicorn_mode got added - thanks to domenukk for the patch!
    • fix llvm_mode AFL_TRACE_PC with modern llvm
    • fix a crash in qemu_mode which also exists in stock afl
    • added libcompcov, a laf-intel implementation for qemu! :) see qemu_mode/libcompcov/README.libcompcov
    • updated afl-fuzz and afl-system-config for new scaling governor location in modern kernels
    • all queue, hang and crash files now have their discovery time in their name
    • if llvm_mode was compiled, afl-clang/afl-clang++ will point to these instead of afl-gcc
    • added instrim, a much faster llvm_mode instrumentation at the cost of path discovery. See llvm_mode/README.instrim (
    • added MOpt ( mode, see docs/README.MOpt
    • added code to make it more portable to other platforms than Intel Linux
    • added never zero counters for afl-gcc and optionally (because of an optimization issue in llvm < 9) for llvm_mode (AFL_LLVM_NEVER_ZERO=1)
    • added a new doc about binary only fuzzing: docs/binaryonly_fuzzing.txt
    • more cpu power for afl-system-config
    • added forkserver patch to afl-tmin, makes it much faster (originally from
    • added whitelist support for llvm_mode via AFL_LLVM_WHITELIST to allow only to instrument what is actually interesting. Gives more speed and less map pollution (originally by choller@mozilla)
    • added Python Module mutator support, python2.7-dev is autodetected. see docs/python_mutators.txt (originally by choller@mozilla)
    • added AFL_CAL_FAST for slow applications and AFL_DEBUG_CHILD_OUTPUT for debugging
    • added -V time and -E execs option to better comparison runs, runs afl-fuzz for a specific time/executions.
    • added a -s seed switch to allow afl run with a fixed initial seed that is not updated. This is good for performance and path discovery tests as the random numbers are deterministic then
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 2.52c-1.2 to 2.52c-2.1

  • Remove obsolete Groups tag (fate#326485)
Arch icon

Arch rolling community/os: Updated from 2.54b-1 to 2.56b-1

Arch icon

Arch rolling community/os: Updated from 2.53b-1 to 2.54b-1

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 removed

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 reintroduced

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 removed

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 reintroduced

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 removed

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 reintroduced

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 removed

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 reintroduced

Ubuntu icon

Ubuntu 19.10 eoan/universe: Version 2.53b-1ubuntu1 removed


Related packages

afl-clang - instrumentation-driven fuzzer for binary formats - clang support
afl-cov - code coverage for afl (American Fuzzy Lop)
afl-debuginfo - Debug information for package afl
afl-debugsource - Debug sources for package afl
afl-doc - instrumentation-driven fuzzer for binary formats - documentation
afl-utils - Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization
⇧ Top