Does Atheris require a specific operating system?

Atheris supports 32-bit and 64-bit Linux and macOS. Linux is highly recommended for easier dependency management and faster execution.

How does Atheris differ from property-based testing like Hypothesis?

Atheris is a fuzzer focused on finding crashes and security flaws through coverage guidance, while Hypothesis is a property-based testing tool focused on functional correctness.

What is Atheris best used for?

Atheris is ideal for finding security vulnerabilities and edge-case bugs in pure Python code and native C extensions using coverage-guided feedback.

Can Atheris detect memory corruption in Python?

While pure Python is generally memory-safe, Atheris detects memory corruption in C extensions by using integrated AddressSanitizer (ASan) support.

Is manual instrumentation required for Atheris?

Yes, you must instrument your code using decorators like @atheris.instrument_func or context managers like atheris.instrument_imports() to provide the fuzzer with coverage data.

Atheris Python Fuzzer

Name: Atheris Python Fuzzer
Author: trailofbits

bytrailofbits

•

938

セキュリティとテスト

Perform coverage-guided fuzz testing for pure Python code and C extensions to detect security vulnerabilities and memory corruption.

概要

Atheris is a high-performance security research tool that brings coverage-guided fuzzing to the Python ecosystem. Built on libFuzzer, it allows developers to systematically explore execution paths in both pure Python scripts and native C extensions. By integrating AddressSanitizer, Atheris excels at uncovering memory corruption bugs and unexpected crashes that traditional unit tests might miss. It is an essential capability for security auditing, vulnerability research, and hardening critical Python-based infrastructure against malicious inputs.

主な機能

938 GitHub stars
Coverage-guided fuzzing based on the libFuzzer engine
Automated code instrumentation via decorators and context managers
Support for both pure Python and native Python C extensions
Efficient corpus management and minimization support
Integrated AddressSanitizer (ASan) for memory corruption detection

ユースケース

Auditing Python C extensions for memory safety vulnerabilities
Automating security research and vulnerability discovery in third-party libraries
Stress testing complex data parsers and protocol implementations

概要

主な機能

938 GitHub stars
Coverage-guided fuzzing based on the libFuzzer engine
Automated code instrumentation via decorators and context managers
Support for both pure Python and native Python C extensions
Efficient corpus management and minimization support
Integrated AddressSanitizer (ASan) for memory corruption detection

ユースケース

Auditing Python C extensions for memory safety vulnerabilities
Automating security research and vulnerability discovery in third-party libraries
Stress testing complex data parsers and protocol implementations