gitwtfhub

wtf is fuzzing?

google/fuzzing — explained in plain English

Analysis updated 2026-06-26

3,760C++Audience · developerComplexity · 1/5Setup · easy

TL;DR

A community-maintained collection of guides and tutorials about fuzzing, a software testing technique that feeds programs random inputs to find crashes and security vulnerabilities, hosted by Google.

Mindmap

mindmap
  root((Google Fuzzing))
    What it is
      Guides and tutorials
      Community resource
      Fuzzing education
    Tools covered
      OSS-Fuzz
      ClusterFuzz
      FuzzBench
    Topics
      Why fuzzing matters
      Good test targets
      Input handling
    Audience
      Developers
      Security researchers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Why would anyone build with this?

REASON 1

Learn how to start fuzzing your own software by following the getting-started guides

REASON 2

Understand what makes a good fuzz test target to improve your security testing coverage

REASON 3

Compare fuzzing tools like OSS-Fuzz and FuzzBench to pick the right one for your project

What's in the stack?

C++

How it stacks up

google/fuzzingiree-org/ireekiwibrowser/src.next
Stars3,7603,7593,762
LanguageC++C++C++
Setup difficultyeasyhardhard
Complexity1/55/55/5
Audiencedeveloperresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you spin it up?

Difficulty · easy Time to first run · 30min

Wtf does this do

This is a community resource hosted by Google for people who want to learn about fuzzing, a software testing technique where a program is fed large amounts of random or semi-random input to find crashes and security vulnerabilities. It is not a tool you run, it is a collection of guides, tutorials, and discussion material. The repository contains documentation covering why fuzzing matters, how to get started, what makes a good test target, and how to handle different types of input. There are also guides on specific fuzzing tools used in practice. The project links to several related Google tools: OSS-Fuzz runs automated fuzzing on open source software continuously, ClusterFuzz provides the underlying infrastructure for large-scale fuzzing, and FuzzBench lets teams compare how well different fuzzers perform. External contributions are welcome. The README notes clearly that this is not an official Google product, so it is a community-oriented resource rather than a supported commercial offering.

Yoink these prompts

Prompt 1
Using the guidance from google/fuzzing, help me write a fuzz test for a C++ function that parses user-supplied JSON input
Prompt 2
What kinds of programs are best suited for fuzzing and how do I pick an entry point for my fuzzing target based on google/fuzzing recommendations?
Prompt 3
Explain the difference between OSS-Fuzz, ClusterFuzz, and FuzzBench as described in google/fuzzing and tell me which one I should use to fuzz my open-source project
Prompt 4
Based on google/fuzzing best practices, review my fuzz test harness and suggest improvements to maximize the chance of finding bugs

Frequently asked questions

wtf is fuzzing?

A community-maintained collection of guides and tutorials about fuzzing, a software testing technique that feeds programs random inputs to find crashes and security vulnerabilities, hosted by Google.

What language is fuzzing written in?

Mainly C++. The stack also includes C++.

How hard is fuzzing to set up?

Setup difficulty is rated easy, with roughly 30min to a first successful run.

Who is fuzzing for?

Mainly developer.

View the repo → Decode another repo

This repo across BitVibe Labs

Don't trust strangers blindly. Verify against the repo.