Fuzzing with Fandango#
Fuzzing with Fandango
Fandango produces myriads of high-quality random inputs to test programs, giving users unprecedented control over format and shape of the inputs.
Specify the format of your input data in a single file, combining grammars (for input syntax) and constraints (for arbitrary input features). Constraints come as Python code, so there are no limits to what you can specify.
Produce valid inputs at high speeds, quickly covering the entire input space. Test with extreme and uncommon values, uncovering bugs before your users do. Tie in Python data generators and fakers to obtain realistic inputs.
Check program outputs for correctness. Test and mock clients and servers using protocol testing. Create and check binary strings, using bit fields and bit sequences. Use regular expressions for quick and easy specifications.
Fandango is a project of the CISPA Helmholtz Center for Information Security to facilitate highly efficient and highly customizable software testing.
This research was funded by the European Union (ERC “Semantics of Software Systems”, S3, 101093186). Views and opinions expressed are however those of the authors only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them.