// the find
AFLplusplus/LibAFL
Advanced Fuzzing Library - Slot your Fuzzer together in Rust! Scales across cores and machines. For Windows, Android, MacOS, Linux, no_std, ...
LibAFL is a Rust library for building custom coverage-guided fuzzers from composable pieces — corpus schedulers, mutators, executors, feedback mechanisms — rather than forcing you into a fixed fuzzer architecture. It targets security researchers and fuzzing engineers who need more control than libFuzzer or AFL++ gives them out of the box. The LLMP transport layer lets it scale across cores and machines without a shared-memory bottleneck.
The component model is genuinely well-designed: Corpus, Scheduler, Mutator, Observer, and Feedback are separate traits you can swap independently, so you're not hacking around a monolith when you need structured inputs or a custom coverage metric. LLMP (shared-memory message passing with TCP fallback) gets real-world linear scaling across cores, which most fuzzers fake with fork-and-pray. The QEMU integration covers both user-mode and system-mode emulation with inline hooks, making binary-only targets first-class rather than an afterthought. Frida-mode hitting 120k execs/sec on a phone is a credible number given the architecture.
The learning curve is steep and the book is still marked WIP — you will spend real time reading example fuzzers before writing your own, and examples vary significantly in quality and recency. Build requirements are non-trivial: specific LLVM version range (15–18.1.3), just, and platform-specific toolchains mean the setup story for Windows or embedded targets is genuinely painful. The API surface is large and unstable enough that MIGRATION.md exists and needs to exist — adopting this in a long-running project means budgeting for breaking changes. Python bindings exist but are thin and clearly not a primary target, so if your harness glue is in Python you're on your own.