Fuzzing

The golang-testing skill helps you write and improve Go tests with table-driven cases, subtests, benchmarks, fuzzing, and coverage-aware TDD. It is designed for developers working on real Go code who want practical, idiomatic guidance rather than generic testing advice.

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Learn the ossfuzz skill for continuous fuzzing setup, project enrollment, harness planning, and build workflow review. This guide helps security engineers and maintainers assess readiness, spot build blockers, and prepare a practical path from source tree to OSS-Fuzz or private fuzzing infrastructure.

libfuzzer is a coverage-guided fuzzer for C/C++ projects compiled with Clang. This libfuzzer skill helps you install, understand, and use the workflow for harnessing targets, running sanitizers, and starting a practical security audit with minimal setup.

The libafl skill helps you plan and build modular fuzzers with LibAFL for custom targets, mutation strategies, and security audit workflows. Use this libafl guide to move from target details to a practical harness, feedback model, and run plan with fewer assumptions.

harness-writing helps you design fuzzing harnesses that turn raw bytes into meaningful, reproducible tests for a system under test. Use the harness-writing skill when you need a new fuzz target or want to improve coverage, stability, and bug-finding for Code Generation tasks. It focuses on deterministic input parsing, valid call sequences, and reproducible crashes.

fuzzing-obstacles helps you patch a target program so fuzzers can bypass checksums, global state, validation gates, and other blockers. Use this fuzzing-obstacles skill to make a System Under Test more fuzzable while keeping production behavior intact. It’s a practical guide for Security Audit workflows and deeper coverage.

The fuzzing-dictionary skill helps you build fuzzing dictionaries with domain-specific tokens, magic values, and protocol strings for parsers, protocols, and file formats. It is useful when blind mutation stalls and you need more coverage with libFuzzer, AFL++, or cargo-fuzz.

coverage-analysis helps you measure code exercised during fuzzing, spot blockers like magic value checks, and compare harness changes. Use this coverage-analysis skill for Security Audit workflows when you need clear coverage-analysis usage, install guidance, and repeatable coverage-analysis guide decisions.

cargo-fuzz is a Rust/Cargo fuzzing skill for building libFuzzer harnesses, enabling sanitizer-backed runs, and finding crashes in parser, unsafe, and input-handling code. Use this cargo-fuzz guide when you need practical install and usage guidance for security audit and regression testing in Cargo-based projects.

Atheris is a coverage-guided Python fuzzing skill built on libFuzzer. Use the atheris skill to fuzz pure Python code and Python C extensions, find crashes, hangs, and memory-safety bugs, and support Security Audit workflows with fast, practical harness guidance.

address-sanitizer helps you install and use AddressSanitizer (ASan) to catch memory safety bugs during testing, fuzzing, and crash triage. It is useful for C/C++, Rust unsafe code, and security audit workflows when you need reproducible stack traces and clearer failure signals.