Projects / zzuf


zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data, which frequently comes from untrusted sources on the Internet. It works by intercepting file and network operations and changing random bits in the program's input. zzuf's behavior is deterministic, making it easier to reproduce bugs.

Operating Systems

Recent releases

  •  31 Jan 2010 18:20

    Release Notes: Zzuf now supports OpenSolaris, and support for OS X and BSD was greatly improved. This release also adds network host filtering and a fully programmable debugging tool.

    •  13 Jun 2008 17:19

      Release Notes: This release fixes a few bugs, including a crash with library initialization functions that use realloc() before the libc is ready.

      •  19 May 2008 00:09

        Release Notes: This release includes a randomizer with improved bit coverage and support for very low fuzzing ratios (down to one bit on a whole DVD). It also reimplements the dup and dup2 functions, as well as the glibc unlocked stdio functions found in an increasing number of applications.

        •  03 Nov 2007 01:16

          Release Notes: This release allows the user to select which ports are being fuzzed in network mode. The documentation has been clarified and updated with more use cases.

          •  10 Jul 2007 20:28

            Release Notes: This release adds support for CPU time limitation and file descriptor cherry-picking. Also, zzuf no longer interferes with other tools using LD_PRELOAD mechanisms.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.