Astra is a fuzzer written in Rust, built to explore how modern Unix-compatible fuzzers are designed internally (AFL++-style architecture, scheduling, coverage tracking, crash triage, and parallel workers). This project focuses on clarity and hackability over completeness: it’s meant to be read, modified, and extended.
Astra provide a clean, understandable fuzzing architecture in pure Rust
- Support a multi-worker design (scales with cores)
- Implement the core mechanics:
- corpus management
- mutation loop
- execution + timeouts
- crash / hang detection
- lightweight stats reporting
If you want battle-tested fuzzing in production, use AFL++ / LibAFL. If you want to understand how fuzzers tick and build your own, this repo is for you.
- Rust stable (
rustuprecommended) - A UNIX environment (or WSL2)
An install script will compile and deploy the compiler wrapper on your machine simply run the command:
$ ./utils/install.sh
(sudo privileges are required)
Astra fuzzes an external target binary (or harness) by repeatedly providing mutated inputs. A typical run looks like this:
astra --target ./path/to/target_binary --input ./corpus --output ./out --jobs 8 -- [args] @@ [args]A mutated input is considered interesting when it increases global novelty, e.g.:
- discovers new edges / coverage bytes
- increases raw edge count or hits unseen transitions
- (optionally) triggers a new signal like a new path bucket The exact policy is meant to stay readable and easy to tweak.
Author: Salim LARGO (2ourc3)
Licensed under Apache License, Version 2.0