fuzzing-dictionary

by trailofbits

The fuzzing-dictionary skill helps you build fuzzing dictionaries with domain-specific tokens, magic values, and protocol strings for parsers, protocols, and file formats. It is useful when blind mutation stalls and you need more coverage with libFuzzer, AFL++, or cargo-fuzz.

Stars5k

Favorites0

Comments0

AddedMay 7, 2026

CategoryCode Generation

Install Command

npx skills add trailofbits/skills --skill fuzzing-dictionary

Curation Score

This skill scores 78/100, which means it is a solid listing candidate: directory users can quickly tell when to use it, and the content gives enough workflow detail to reduce guesswork versus a generic fuzzing prompt. It is useful for installing if you want a reusable guide for dictionary-driven fuzzing, though it is more technique-oriented than tool-operational.

78/100

Strengths

Explicit trigger guidance for parsers, protocols, and file-format fuzzing makes it easy for an agent to know when to apply the skill.
Operational content is substantial, with concrete concepts like quoted entries, hex escapes, token injection, and cross-fuzzer formats (libFuzzer, AFL++, cargo-fuzz).
The body includes structured headings and workflow signals, which supports progressive disclosure and quicker agent understanding.

Cautions

No install command, scripts, or companion files are provided, so users should not expect automation or ready-to-run tooling.
The skill is technique-focused rather than a full end-to-end fuzzing workflow, so agents may still need external context for target-specific dictionary creation.

Fuzzing Libfuzzer Testing

Overview

Overview of fuzzing-dictionary skill

The fuzzing-dictionary skill helps you build and use fuzzing dictionaries: curated tokens, magic values, and protocol strings that steer a fuzzer toward deeper parser, protocol, or file-format code. If you are fuzzing with libFuzzer, AFL++, or cargo-fuzz and blind mutation is stalling, the fuzzing-dictionary skill gives you a practical way to improve coverage without rewriting your fuzz target.

This skill is best for people who already have a target that runs, but need better reach into validation-heavy logic. It is especially useful when your inputs contain reserved keywords, structured headers, command verbs, or format-specific constants that random fuzzing misses.

What fuzzing-dictionary solves

The main job is to turn “my fuzzer is stuck” into a more guided input strategy. A good fuzzing dictionary can help bypass early rejects, unlock stateful parsing branches, and expose edge cases that only appear after a few valid-looking tokens are present.

Where it fits best

Use fuzzing-dictionary when you are fuzzing parsers, protocol handlers, or file readers with recognizable tokens. It is a strong fit for cases where input structure matters more than raw byte chaos, and a weaker fit for pure arithmetic, image transform, or logic-heavy code with no token vocabulary.

Why this skill is different

The fuzzing-dictionary skill is not just “add more strings.” It focuses on choosing tokens that match the target’s validation and parse rules, then formatting them in a way your fuzzer can actually consume. That makes it more useful than a generic prompt when you need a dictionary that is actionable, not merely plausible.

How to Use fuzzing-dictionary skill

Install and locate the source

Use the directory install flow first: npx skills add trailofbits/skills --skill fuzzing-dictionary. After install, start with SKILL.md, then read any linked material in the same skill folder. In this repo, the skill is self-contained, so the main source is the skill file itself.

Turn your target into a usable prompt

The fuzzing-dictionary usage works best when you provide the target’s domain, input format, and failure mode. For example, instead of asking for “a fuzzing dictionary for my app,” ask for:

the parser or protocol name
sample inputs or grammar hints
known keywords, headers, magic bytes, or delimiters
the fuzzer you use and its dictionary format expectations
what coverage is missing or where validation fails

A strong prompt sounds like: “Create a fuzzing-dictionary for a DNS-like protocol parser. Include common record types, delimiters, and control tokens, and format it for AFL++.”

Read the skill in the right order

For this repository, the most useful path is:

SKILL.md for the workflow and applicability rules
Any inline examples of dictionary entries and token categories
The “When to Apply” guidance so you do not use the skill on a target that will not benefit

Practical usage tips

Keep entries short, valid-looking, and domain-specific. Mix obvious tokens with a few boundary or malformed variants when the target is known to reject input early. If the first dictionary is too generic, refine it around the exact parse checkpoints that your target reaches before failing.

fuzzing-dictionary skill FAQ

Is fuzzing-dictionary only for fuzzing experts?

No. The fuzzing-dictionary skill is usable by beginners who already know what they are fuzzing and can supply example inputs. You do not need deep fuzzer internals, but you do need enough context to describe the target’s token vocabulary.

When should I not use this skill?

Skip fuzzing-dictionary if the target has no meaningful input tokens, if coverage is already good without guidance, or if the bottleneck is harness design rather than input quality. A dictionary will not fix a broken fuzz target, a crash-only bug, or a problem caused by missing corpus seeds.

How is this different from a normal prompt?

A normal prompt often produces a generic token list. The fuzzing-dictionary skill is more useful because it is oriented around installable workflow, fuzzer-compatible formatting, and the specific conditions where dictionaries actually improve coverage. That makes it better for fuzzing-dictionary install decisions and repeatable use.

Does this fit all fuzzers?

It fits the main dictionary-friendly ecosystems, especially libFuzzer, AFL++, and cargo-fuzz. If your toolchain uses a different input mechanism, you may still borrow the token selection logic, but you should verify the required dictionary syntax before using it.

How to Improve fuzzing-dictionary skill

Provide better target evidence

The best fuzzing-dictionary guide input includes real tokens from the target: protocol verbs, enum names, field labels, magic numbers, or reserved keywords. Even a small sample corpus or a few failing inputs can improve token selection far more than a vague description of the project.

Ask for tokens by purpose

When using fuzzing-dictionary for Code Generation, separate tokens into roles: required keywords, optional modifiers, boundary values, and malformed variants. That helps the output cover both valid parsing paths and near-valid edge cases instead of producing one flat list of strings.

Watch for the common failure modes

The biggest mistakes are overly broad dictionaries, entries that do not match the target grammar, and tokens that are too long to help mutation. If the first result feels generic, narrow the scope to one parser, one protocol command set, or one file format section and regenerate.

Iterate after the first run

Use your first fuzzing pass to see which tokens actually increase coverage or reach new states. Then prune dead entries, add missed keywords from traces or logs, and regenerate a smaller, more precise fuzzing-dictionary rather than expanding it indefinitely.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

dart-flutter-patterns

by affaan-m

dart-flutter-patterns is a practical Dart and Flutter skill for frontend development, covering null safety, immutable state, async composition, widget structure, state management, GoRouter navigation, Dio networking, testing, and clean architecture. Use the dart-flutter-patterns guide to choose production-ready patterns for new features and refactors.

Frontend Development

Favorites 0GitHub 156.1k

vercel-react-native-skills

by vercel-labs

vercel-react-native-skills is a React Native and Expo skill for performance-minded frontend development. Use it to improve list rendering, animations, navigation, UI patterns, state management, and native module setup. It includes practical rules, install guidance, and usage patterns for working through mobile app bottlenecks with less guesswork.

Frontend Development

Favorites 0GitHub 25.9k

terraform-style-guide

by hashicorp

terraform-style-guide helps generate and review Terraform HCL using HashiCorp style conventions, file layout, and security-minded defaults. Use it for Terraform-native code generation, module structure, variables, outputs, and safer configuration in real repositories.

Code Generation

Favorites 0GitHub 583

remotion-video-creation

by affaan-m

remotion-video-creation is a Remotion-focused skill for React video work. It helps reduce rendering mistakes with 29 rules covering animations, assets, audio, captions, charts, compositions, and transitions. Use it for Video Editing workflows, templated explainers, social clips, and data-driven motion graphics.

Video Editing

Favorites 0GitHub 156.2k

terraform-test

by hashicorp

terraform-test is a practical guide for writing and running Terraform tests with .tftest.hcl files, run blocks, assertions, mocks, and CI-friendly workflows. Use it to validate module outputs, resource arguments, conditional logic, and plan or apply behavior before merge.

Code Generation

Favorites 0GitHub 583

open-source

by browser-use

Documentation lookup for the browser-use Python library. The open-source skill helps with install, setup, Agent and Browser code, model env vars, tools, MCP integrations, monitoring, and legacy Actor API guidance.

Code Generation

Favorites 0GitHub 84.9k

source-driven-development

by addyosmani

The source-driven-development skill grounds framework-specific coding in official docs, helping you verify patterns before you implement. It is ideal for source-driven-development usage in React, Vue, Next.js, Svelte, Angular, and similar stacks when correctness, provenance, and version-sensitive decisions matter.

Code Generation

Favorites 0GitHub 18.8k

huggingface-llm-trainer

by huggingface

huggingface-llm-trainer helps you train or fine-tune language and vision models on Hugging Face Jobs with TRL or Unsloth. Use this huggingface-llm-trainer skill for SFT, DPO, GRPO, reward modeling, dataset checks, GPU selection, Hub saving, Trackio monitoring, and GGUF export for backend development workflows.

Backend Development

Favorites 0GitHub 10.4k

azure-ai-openai-dotnet

by microsoft

azure-ai-openai-dotnet helps .NET developers integrate Azure OpenAI with practical guidance on setup, auth, client selection, and usage for chat, embeddings, images, audio, and assistants. It is useful for API Development when you need a working Azure.AI.OpenAI starting point, not just a conceptual summary.

API Development

Favorites 0GitHub 2.2k

plugin-forge

by softaworks

plugin-forge helps Claude Code plugin authors scaffold plugin structure, manage `plugin.json` and marketplace metadata, add components like commands or skills, test locally, and keep versions synchronized with the included helper scripts and workflow references.

Code Generation

Favorites 0GitHub 1.3k

tinybird-typescript-sdk-guidelines

by tinybirdco

tinybird-typescript-sdk-guidelines helps backend developers install, configure, and use @tinybirdco/sdk for type-safe Tinybird datasources, pipes, endpoints, connections, and typed clients in TypeScript projects. Includes migration from legacy .datasource and .pipe files plus dev, build, and deploy workflow guidance.

Backend Development

Favorites 0GitHub 16

variant-analysis

by trailofbits

variant-analysis helps you find similar vulnerabilities and bugs across a codebase after one issue is confirmed. Use it to build CodeQL or Semgrep queries, follow a root-cause-first workflow, and run a focused variant-analysis guide for Security Audit work. It is best for post-discovery searches, not broad initial review.

Security Audit

Favorites 0GitHub 0

dotnet-patterns

by affaan-m

dotnet-patterns is a practical .NET pattern guide for backend development. It helps you write and review idiomatic C# with stronger defaults for immutability, explicit dependencies, async/await, and maintainable ASP.NET Core services. Use it for code generation, refactoring, and review when you want repeatable patterns, not generic advice.

Backend Development

Favorites 1GitHub 156.1k

swift-concurrency-6-2

by affaan-m

swift-concurrency-6-2 helps you adopt Swift 6.2 Approachable Concurrency, fix data-race errors, and decide when to keep work on MainActor or offload with @concurrent. Use this swift-concurrency-6-2 guide for app and backend development migrations.

Backend Development

Favorites 0GitHub 156.3k

rust-patterns

by affaan-m

rust-patterns is a practical guide for idiomatic Rust development, covering ownership, error handling, traits, concurrency, module boundaries, and backend-focused design choices for safer, cleaner code.

Backend Development

Favorites 0GitHub 156.2k

pytorch-patterns

by affaan-m

pytorch-patterns helps you write, review, and debug PyTorch code with device-agnostic patterns, reproducible experiments, and explicit tensor handling. Use the pytorch-patterns skill for cleaner training loops, model refactors, and practical PyTorch guidance.

Code Editing

Favorites 0GitHub 156.2k