# Fuzze.rs

> Managed AFL++, libFuzzer, Centipede, and Honggfuzz infrastructure for security teams. Run continuous fuzzing campaigns against your C, C++, and Rust codebases with live coverage, crash reports, a REST API, and scalable dedicated compute.

Fuzze.rs is a commercial managed fuzzing platform. Customers push a Dockerfile and a harness; we operate the fuzzer fleet, schedule jobs, deduplicate crashes, and surface coverage + execs/sec trends in a private dashboard. Plans: Starter (8 cores, $179/mo), Professional (16 cores, $349/mo), Enterprise (custom). First month 50% off.

## Use-case playbooks
- [Fuzzing Rust](https://fuzze.rs/use-cases/fuzzing-rust): Rust's memory safety doesn't cover logic bugs, panics, or unsafe blocks. Fuzze.rs runs continuous libFuzzer and AFL++ campaigns against your crates with zero infrastructure work.
- [Fuzzing C/C++](https://fuzze.rs/use-cases/fuzzing-c-cpp): C and C++ memory bugs are still the #1 source of exploitable CVEs. Fuzze.rs runs AFL++ and libFuzzer campaigns with ASan, UBSan, and MSan against your codebase — fully managed.
- [Fuzzing Embedded Firmware](https://fuzze.rs/use-cases/fuzzing-embedded): Embedded firmware is where the worst-case bugs live and the worst tooling lives. Fuzze.rs runs AFL++ and libFuzzer campaigns against unicorn-/qemu-hosted firmware targets — managed.
- [Fuzzing for CVE Research](https://fuzze.rs/use-cases/cve-research): Bug bounty pays in CVEs. CVEs pay best when you find them faster than the next person. Fuzze.rs gives you serious compute without standing up your own cluster.

## Comparisons
- [Fuzze.rs vs OSS-Fuzz](https://fuzze.rs/compare/fuzze-rs-vs-oss-fuzz): When Google's open-source fuzzing service won't take your code, Fuzze.rs picks up where it leaves off.
- [Fuzze.rs vs ClusterFuzz](https://fuzze.rs/compare/fuzze-rs-vs-clusterfuzz): ClusterFuzz is powerful, but operating it is its own full-time job. Fuzze.rs gives you the same outcomes without the infrastructure burden.
- [Fuzze.rs vs Self-hosted AFL++](https://fuzze.rs/compare/fuzze-rs-vs-self-hosted-afl-plus-plus): AFL++ is free and excellent. Operating it at scale, with crash dedup and triage, is the work.

## Blog
- [Fuzzing a Rust Crate End-to-End with cargo-fuzz](https://fuzze.rs/blog/fuzzing-rust-end-to-end): A complete walkthrough: install cargo-fuzz, write a fuzz target against a real Rust crate, run it, triage a crash, minimise the reproducer, ship a fix.
- [AFL++ vs Honggfuzz — When to Pick Each](https://fuzze.rs/blog/afl-plus-plus-vs-honggfuzz): AFL++ and Honggfuzz are both production-grade fuzzers. They optimise for different things. Architecture, mutators, persistent mode, and how to choose.
- [Reading ASan, UBSan, and MSan Crash Reports — A Field Guide](https://fuzze.rs/blog/reading-sanitizer-output): How to decode AddressSanitizer, UndefinedBehaviorSanitizer, and MemorySanitizer crash reports from a fuzzer. Stack traces, shadow memory, false positives.
- [Your First Fuzz Job on Fuzze.rs: From Zero to a Real Crash](https://fuzze.rs/blog/first-fuzz-job): Submit your first fuzzing job on Fuzze.rs: a tiny deliberately-buggy target, a six-line Dockerfile, and a short JSON config — explained line by line.
- [How to Add Continuous Fuzzing to Your CI/CD Pipeline](https://fuzze.rs/blog/continuous-fuzzing-cicd-pipeline): How to wire AFL++ and libFuzzer into GitHub Actions, GitLab CI, and other CI/CD pipelines — with real configuration examples you can copy and run.
- [libFuzzer vs AFL++: Choosing the Right Fuzzer for Your Project](https://fuzze.rs/blog/libfuzzer-vs-afl-plus-plus): libFuzzer vs AFL++: how the two leading coverage-guided fuzzers differ in architecture, speed, ease of use, and which to pick for your target.
- [AFL++ Tutorial: Getting Started with Coverage-Guided Fuzzing](https://fuzze.rs/blog/afl-plus-plus-getting-started): A hands-on AFL++ guide: instrument your target, build a starter corpus, tune for executions-per-second, and triage the first crashes that land.
- [What Is Fuzz Testing? A Developer's Guide to Finding Hidden Bugs](https://fuzze.rs/blog/what-is-fuzz-testing): Fuzz testing generates millions of random inputs to find crashes and security bugs your unit tests miss. Here's how it works and when to use it.

## Glossary
- [Fuzz Testing](https://fuzze.rs/glossary/fuzz-testing): Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.
- [Coverage-Guided Fuzzing](https://fuzze.rs/glossary/coverage-guided-fuzzing): A fuzzing strategy that uses runtime code coverage feedback to steer input mutation toward unexplored code paths.
- [AFL++](https://fuzze.rs/glossary/afl-plus-plus): A community-maintained, highly optimised fork of American Fuzzy Lop that is the most widely deployed coverage-guided fuzzer.
- [libFuzzer](https://fuzze.rs/glossary/libfuzzer): An in-process, coverage-guided fuzzing library built into LLVM that links directly into the target binary.
- [Honggfuzz](https://fuzze.rs/glossary/honggfuzz): A security-oriented multi-process fuzzer from Google with hardware performance-counter coverage and a compact codebase.
- [Centipede](https://fuzze.rs/glossary/centipede): Google's distributed coverage-guided fuzzer designed to scale across many machines with shared central corpus storage.
- [Corpus](https://fuzze.rs/glossary/corpus): The evolving collection of test inputs a fuzzer maintains, used as the base for generating new mutations.
- [Seed Corpus](https://fuzze.rs/glossary/seed-corpus): The initial set of valid, well-structured inputs provided to a fuzzer before it begins mutation.
- [Crash Deduplication](https://fuzze.rs/glossary/crash-deduplication): The process of grouping distinct crash inputs that trigger the same underlying bug into a single unique report.
- [AddressSanitizer (ASan)](https://fuzze.rs/glossary/address-sanitizer): A fast memory-error detector that catches heap/stack buffer overflows, use-after-free, and similar bugs at runtime.
- [UndefinedBehaviorSanitizer (UBSan)](https://fuzze.rs/glossary/undefined-behavior-sanitizer): A runtime checker that detects C/C++ undefined behavior — signed overflow, null dereference, misaligned access, and more.
- [MemorySanitizer (MSan)](https://fuzze.rs/glossary/memory-sanitizer): A detector for uses of uninitialized memory in C/C++ programs, catching a class of bugs that ASan misses.
- [Greybox Fuzzing](https://fuzze.rs/glossary/greybox-fuzzing): Fuzzing that uses partial runtime information — typically coverage feedback — without requiring full program analysis.
- [Blackbox Fuzzing](https://fuzze.rs/glossary/blackbox-fuzzing): Fuzzing that generates inputs with no visibility into the target program's code or execution state.
- [Whitebox Fuzzing](https://fuzze.rs/glossary/whitebox-fuzzing): Fuzzing that uses full program analysis — typically symbolic or concolic execution — to generate inputs that satisfy specific constraints.
- [Mutation-Based Fuzzing](https://fuzze.rs/glossary/mutation-based-fuzzing): A fuzzing approach that generates new inputs by systematically modifying existing corpus entries.
- [Generation-Based Fuzzing](https://fuzze.rs/glossary/generation-based-fuzzing): A fuzzing approach that synthesizes inputs from scratch using a grammar or format specification.
- [Instrumentation](https://fuzze.rs/glossary/instrumentation): The process of inserting probes into a program at compile or binary rewrite time to collect runtime information for the fuzzer.
- [Coverage](https://fuzze.rs/glossary/coverage): A metric measuring which branches, edges, or lines of code were executed during a fuzzing campaign.
- [Triage](https://fuzze.rs/glossary/triage): The workflow of reviewing, prioritizing, and reproducing crashes found by a fuzzer to determine exploitability and root cause.
- [Reproducer](https://fuzze.rs/glossary/reproducer): A minimal input (and the command to run it) that reliably triggers a specific crash or bug found by the fuzzer.
- [Dictionary](https://fuzze.rs/glossary/dictionary): A file of format-specific tokens or magic bytes provided to the fuzzer to help it construct semantically meaningful mutations.

## Reference
- [Pricing](https://fuzze.rs/pricing): Plans, what's included at each tier.
- [About](https://fuzze.rs/about): Who built Fuzze.rs and why.
- [Compliance](https://fuzze.rs/compliance): Security posture, SOC2 / GDPR / data handling.
- [Security](https://fuzze.rs/security): Vulnerability disclosure policy.
- [Status](https://fuzze.rs/status): Live service status.
- [Changelog](https://fuzze.rs/changelog): Recent product updates.

## Optional
- [Contact](https://fuzze.rs/contact): sales@fuzze.rs / support@fuzze.rs
- [Sign in](https://fuzze.rs/signin): Customer dashboard
- [RSS feed](https://fuzze.rs/blog/rss.xml): Blog Atom/RSS feeds for syndication