Grammar fuzzing knowledge #116
Description
Currently we do not have any grammar fuzzing chapters. It's a big part of fuzzing and has be proven to find many bugs int he past. I can help redacting this chapter if anyone is down.
We should especially mention the followings tools:
Grimoir - Coverage-guided fuzzing that learns structure while fuzzing (no grammar required)
Nautilus - Coverage-guided fuzzing with a user-provided grammar (classic “grammar + coverage feedback”)
Gramatron - Coverage-guided grammar-aware fuzzing, but instead of directly mutating parse trees it uses grammar automatons
Autarkie - Instant grammar fuzzing in Rust: the grammar is defined in Rust code and a fuzzer is (mostly) generated for you using procedural macros
Gramarimator - A grammar-based generator/fuzzer built around ANTLR v4 grammars
Fandango - A specification-driven fuzzer/generator where the spec is grammar + constraints.
Nautilus and Fandango are IMO the most important of the list.
Most of them can be plugged into LibAFL.