{"id":13798340,"url":"https://github.com/intel/tsffs","last_synced_at":"2025-05-13T05:32:15.040Z","repository":{"id":194814258,"uuid":"690799710","full_name":"intel/tsffs","owner":"intel","description":"A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS","archived":false,"fork":false,"pushed_at":"2024-04-12T23:20:47.000Z","size":103514,"stargazers_count":250,"open_issues_count":18,"forks_count":13,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-04-13T22:57:39.892Z","etag":null,"topics":["fuzzing","rust","security","simics"],"latest_commit_sha":null,"homepage":"https://intel.github.io/tsffs/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/intel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":"CITATION.cff","codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2023-09-12T22:54:46.000Z","updated_at":"2024-04-19T03:48:35.806Z","dependencies_parsed_at":"2024-04-19T03:58:34.773Z","dependency_job_id":null,"html_url":"https://github.com/intel/tsffs","commit_stats":null,"previous_names":["intel/tsffs"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2Ftsffs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2Ftsffs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2Ftsffs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/intel%2Ftsffs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/intel","download_url":"https://codeload.github.com/intel/tsffs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213867517,"owners_count":15649764,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fuzzing","rust","security","simics"],"created_at":"2024-08-04T00:00:42.192Z","updated_at":"2024-11-18T13:31:10.460Z","avatar_url":"https://github.com/intel.png","language":"Rust","readme":"[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9349/badge)](https://www.bestpractices.dev/projects/9349)\n\n# TSFFS: Target Software Fuzzer For SIMICS\n\nTSFFS is a snapshotting, coverage-guided fuzzer built on the\n[SIMICS](https://www.intel.com/content/www/us/en/developer/articles/tool/simics-simulator.html)\nfull system simulator. TSFFS makes it easy to fuzz and triage crashes on\ntraditionally challenging targets including UEFI applications, bootloaders,\nBIOS, kernel modules, and device firmware. TSSFS can even fuzz user-space\napplications on Linux and Windows. See the\n[requirements](https://intel.github.io/tsffs/fuzzing/compatibility.html) to\nfind out if TSSFS can fuzz your code.\n\n- [TSFFS: Target Software Fuzzer For SIMICS](#tsffs-target-software-fuzzer-for-simics)\n  - [Quick Start](#quick-start)\n  - [Documentation \\\u0026 Setup](#documentation--setup)\n  - [Capabilities](#capabilities)\n  - [Use Cases](#use-cases)\n  - [Contact](#contact)\n  - [Help Wanted / Roadmap](#help-wanted--roadmap)\n  - [Authors](#authors)\n\n## Quick Start\n\nThe fastest way to start using TSFFS is with our [dockerfile](Dockerfile). To set up\nTSFFS locally instead, read the [documentation](https://intel.github.io/tsffs). To start\nusing TSFFS right away:\n\n```sh\ngit clone https://github.com/intel/tsffs\ncd tsffs\ndocker build -t tsffs .\ndocker run -it tsffs\n```\n\nThen, run the provided example target and fuzzing configuration:\n\n```sh\n./simics -no-gui --no-win ./fuzz.simics\n```\n\n## Documentation \u0026 Setup\n\nDocumentation for setup \u0026 usage of this project lives online at\n[intel.github.io/tsffs](https://intel.github.io/tsffs).\n\n## Capabilities\n\nThis fuzzer is built using [LibAFL](https://github.com/AFLplusplus/LibAFL) and SIMICS\nand takes advantage of several of the state of the art capabilities of both.\n\n- Edge coverage guided\n- Snapshotting (fully deterministic)\n- Parallel fuzzing (across cores, machines soon)\n- Easy to add to existing SIMICS projects\n- Triage mode to reproduce and debug crashes\n- Modern fuzzing methodologies:\n  - Redqueen/I2S taint-based mutation\n  - MOpt \u0026 Auto-token mutations\n  - More coming soon!\n\n## Use Cases\n\nTSFFS is focused on several primary use cases:\n\n- UEFI and BIOS code, particulary based on [EDKII](https://github.com/tianocore/edk2)\n- Pre- and early-silicon firmware and device drivers\n- Hardware-dependent kernel and firmware code\n- Fuzzing for complex error conditions\n\nHowever, TSFFS is also capable of fuzzing:\n\n- Kernel \u0026 kernel drivers on Windows Linux, and more\n- User-space applications on Windows, Linux, and more\n- Network applications\n- Hypervisors and bare-metal systems\n\n## Contact\n\nIf you discover a non-security issue or problem, please file an\n[issue](https://github.com/intel/tsffs/issues)!\n\nThe best place to ask questions about and get help using TSFFS is in the [Awesome\nFuzzing](https://discord.gg/gCraWct) Discord server. If you prefer, you can email the\n[authors](#authors). Questions we receive are periodically added from both Discord and\nemail to the [FAQ](./docs/FAQ.md).\n\nPlease do not create issues or ask publicly about possible security issues you discover\nin TSFFS. Instead, see our [Security Policy](./SECURITY.md) and follow the linked\nguidelines.\n\n## Help Wanted / Roadmap\n\nSee the\n[issues](https://github.com/intel/tsffs/issues?q=is%3Aopen+is%3Aissue+label%3Afeature)\nfor a roadmap of planned features and enhancements. Help is welcome for any features\nlisted here. If someone is assigned an issue you'd like to work on, please ping them to\navoid duplicating effort!\n\n\n## Authors\n\nRowan Hart\n\u003crowan.hart@intel.com\u003e\n\nBrandon Marken Ph.D.\n\u003cbrandon.marken@intel.com\u003e\n\nRobert Guenzel Ph.D.\n\u003crobert.guenzel@intel.com\u003e\n\n","funding_links":[],"categories":["Tools :hammer:"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintel%2Ftsffs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fintel%2Ftsffs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fintel%2Ftsffs/lists"}