Does Ruzzy support macOS or Windows?

Ruzzy natively supports Linux x86-64 and ARM64. For macOS or Windows environments, it is recommended to use the provided Dockerfile or a Linux-based development environment.

What makes Ruzzy different from other Ruby testing tools?

Ruzzy is a coverage-guided fuzzer based on libFuzzer, meaning it uses code coverage feedback to intelligently mutate inputs and find crashes that standard unit tests or random fuzzers would miss, especially in native C extensions.

Why is a tracer script needed for pure Ruby code?

Due to the Ruby interpreter's implementation, pure Ruby code requires a separate tracer script to properly instrument the code and provide coverage feedback to the underlying fuzzer engine.

Can Ruzzy detect memory leaks in Ruby applications?

While Ruzzy supports AddressSanitizer, leak detection is typically disabled via ASAN_OPTIONS because the Ruby interpreter itself has many inherent leaks that can create noise during fuzzing campaigns.

Ruzzy Ruby Fuzzer

Name: Ruzzy Ruby Fuzzer
Author: trailofbits

bytrailofbits

•

939

安全与测试

Detects vulnerabilities in Ruby applications and C extensions using coverage-guided fuzzing and advanced sanitizer integration.

关于

Ruzzy is a production-ready, coverage-guided fuzzer for Ruby built on top of libFuzzer, specifically designed for security research and audit workflows. It provides a unique capability to fuzz both pure Ruby code and native Ruby C extensions, allowing developers to identify memory corruption, undefined behavior, and complex logic flaws. By integrating AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan), Ruzzy helps surface deep-seated security issues like heap-use-after-free and integer overflows that traditional testing methods often miss.

主要功能

Built-in integration with AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan)
Leverages libFuzzer engine for high-performance mutation and execution
Coverage-guided fuzzing for pure Ruby and native C extensions
Specialized tracer pattern for instrumenting pure Ruby application logic
939 GitHub stars
Detailed crash reporting and corpus management for vulnerability reproduction

使用场景

Identifying memory safety vulnerabilities in Ruby gems with native extensions
Automating the discovery of edge-case crashes in pure Ruby business logic
Performing deep security audits of Ruby-based parsers and data handlers

关于

主要功能

Built-in integration with AddressSanitizer (ASan) and UndefinedBehaviorSanitizer (UBSan)
Leverages libFuzzer engine for high-performance mutation and execution
Coverage-guided fuzzing for pure Ruby and native C extensions
Specialized tracer pattern for instrumenting pure Ruby application logic
939 GitHub stars
Detailed crash reporting and corpus management for vulnerability reproduction

使用场景

Identifying memory safety vulnerabilities in Ruby gems with native extensions
Automating the discovery of edge-case crashes in pure Ruby business logic
Performing deep security audits of Ruby-based parsers and data handlers