{"id":20481294,"url":"https://github.com/0xricksanchez/hantu","last_synced_at":"2025-09-25T03:30:24.024Z","repository":{"id":62664199,"uuid":"559556074","full_name":"0xricksanchez/hantu","owner":"0xricksanchez","description":"An educational toy fuzzer with big dreams","archived":false,"fork":false,"pushed_at":"2023-12-12T06:18:23.000Z","size":28844,"stargazers_count":6,"open_issues_count":6,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-11-15T16:07:36.540Z","etag":null,"topics":["fuzzer","fuzzing","generator","grammar","hypervisor","mutation","performance","prng","rust","testcase-generator"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xricksanchez.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-10-30T13:41:37.000Z","updated_at":"2024-11-14T04:00:50.000Z","dependencies_parsed_at":"2023-12-12T07:36:50.019Z","dependency_job_id":null,"html_url":"https://github.com/0xricksanchez/hantu","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fhantu","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fhantu/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fhantu/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xricksanchez%2Fhantu/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xricksanchez","download_url":"https://codeload.github.com/0xricksanchez/hantu/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234147901,"owners_count":18786934,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzer","fuzzing","generator","grammar","hypervisor","mutation","performance","prng","rust","testcase-generator"],"created_at":"2024-11-15T16:07:40.126Z","updated_at":"2025-09-25T03:30:22.315Z","avatar_url":"https://github.com/0xricksanchez.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# README\n\n**TLDR:** Toy project that aims to build a usable fuzzer from the ground up\nfor educational purposes.\n\n**Hantu** aims to provide a platform for learning and exploring various fuzzing\ntechniques and their inner workings. It's mainly a project for me to get a better\nunderstanding of all low level concepts that are required in fuzzing. From building\na fuzzer from scratch, over operating system quirks, to performance optimizations\nto in the end automatic bug hunting via effective fuzzing.\n\nI aim at offering a wide range of features, some may not or never be production ready.\nHowever, for benchmarking and educational purposes they'll likely remain in this\nrepository. You may now think that this oddly sounds like a bad rewrite of LibAFL\nand you're not wrong.\n\n## Why not LibAFL?\n\n[LibAFL](https://github.com/AFLplusplus/LibAFL) is a genius project that\nis ready to use in the real world to find bugs and its modular system\nallows for a high customization. I like the philosophy of it.\nHowever, as it basically builds on top of AFL(++) and years of experience\nwith ready made and established features it wasn't what I wanted.\nI wanted a clean slate which I could model however I like.\n\nWhile this may sounds like an insane task to build everything from scratch\nit's all about the journey for me not about the quick _\"hey look I found another\nbug in binutils\"_.\n\n## Why Rust?\n\nI'm a sucker for this language. While I'm myself still exploring all the capabilities\nof Rust I found myself quite fond of it, so much that I decided to give\nthis a go :).\n\n## Features\n\n**Hantu** is in a very active WIP state that's still far from it being usable.\nCurrently, I implemented the following things to a varying degree:\n\n- [ ] Mutator\n  - [x] AFL/libfuzzer style byte and bit level mutations\n    - [x] Shuffle bytes\n    - [x] Erase bytes\n    - [x] Insert bytes\n    - [x] Swap neighbors with different widths\n    - [x] Swap endianness with different widths\n    - [x] Change a bit\n    - [x] Change a byte\n    - [x] Negate a byte\n    - [x] Arithmetic operations on numbers\n    - [x] Copy chunk\n    - [x] Change an ASCII integer\n    - [x] Change a Binary integer\n    - [x] Cross-over\n    - [x] Splice\n    - [x] Truncate\n    - [x] Append\n    - [x] Add from magic constants\n    - [x] Add from a TORC\n  - [ ] Custom mutators\n    - [x] Radamsa mutator based on [ni](https://github.com/aoh/ni)\n    - [x] A grammar generator and a handful of grammars based on [F1](https://github.com/vrthra/F1)\n      - You can check all the grammars in `src/libs/mutation_engine/src/custom_mutators/grammar_mutator/grammars`\n- [ ] Custom Pseudo Random Number Generators\n  - [x] I implemented a couple of different generators that you can find in `src/libs/prng/src/`:\n    - [x] Lehmer64\n    - [x] RomuDuoJr / RomuTrio\n    - [x] ShiShua\n    - [x] SplitMix64\n    - [x] Xorshift\n    - [x] XorShiro128**\n    - [x] XorShuro256**\n- [x] Magic constants\n- [x] A simple `Command.run()` executor\n- [x] A `TestCase` consumer interface\n\nAs this project is still in its very early stages expect things to break,\nto have awful performance, missing tests/documentation or other horrors.\n\n## Benchmarks\n\nSome implementations, especially the PRNG, and grammar/ni mutator have some preliminary\nbenchmarks attached to them. Don't treat those as final or representative as things\nshift around rather quickly.\n\n## Future direction\n\nThe only clear goal of this is to learn as much as possible about the topic. So there's\nnot an expected feature set. However a minimal working fuzzer should have some guiding\nmechanism. I'll tackle code-coverage or any other viable option in the foreseeable\nfuture.\n\nI'm also playing with the thought of going in the hypervisor direction with\nthis fuzzer. That said, nothing is set in stone and priorities will change\naccording to my time/interest.\n\n## Contributions\n\nAs long as this is my toy project where I'm exploring things on my own and at\nmy own pace I won't accept feature requests of any kind. That said if some lost\nsoul ends up reading the code and finds issues in the current implementation,\nwhether it's a logic flaw or a performance loss I'd be happy to discuss those at\nany point in time.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fhantu","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xricksanchez%2Fhantu","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xricksanchez%2Fhantu/lists"}