Glossary

Dictionary

A file of format-specific tokens or magic bytes provided to the fuzzer to help it construct semantically meaningful mutations.

A dictionary is a list of byte strings — keywords, magic numbers, delimiters, protocol constants — that the fuzzer splices into mutations to help it construct inputs that pass structural validation in the target. Without a dictionary, a fuzzer mutating a PNG file may take millions of iterations before randomly producing the four-byte `\x89PNG` magic at offset zero; with a dictionary entry for that value, it can combine the magic with mutations from the corpus immediately. AFL++ and libFuzzer both support the same dictionary file format (one quoted token per line). Dictionaries are particularly high value for text-based formats (HTML, SQL, JavaScript), binary format magic bytes, and network protocol keywords. A dictionary does not replace a good seed corpus but complements it: seeds provide structural coverage, dictionaries provide the vocabulary the fuzzer needs to construct valid variants.

Mutation-Based Fuzzing

A fuzzing approach that generates new inputs by systematically modifying existing corpus entries.

Corpus

The evolving collection of test inputs a fuzzer maintains, used as the base for generating new mutations.

Seed Corpus

The initial set of valid, well-structured inputs provided to a fuzzer before it begins mutation.

Generation-Based Fuzzing

A fuzzing approach that synthesizes inputs from scratch using a grammar or format specification.

AFL++

A community-maintained, highly optimised fork of American Fuzzy Lop that is the most widely deployed coverage-guided fuzzer.

Dictionary

Related