FuzzForge Banner

🚧 FuzzForge is under active development

AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security

Discord License: BSL + Apache Python 3.11+ Website Version GitHub Stars

Overview β€’ Features β€’ Installation β€’ Quickstart β€’ AI Demo β€’ Contributing β€’ Roadmap

--- ## πŸš€ Overview **FuzzForge** helps security researchers and engineers automate **application security** and **offensive security** workflows with the power of AI and fuzzing frameworks. - Orchestrate static & dynamic analysis - Automate vulnerability research - Scale AppSec testing with AI agents - Build, share & reuse workflows across teams FuzzForge is **open source**, built to empower security teams, researchers, and the community. > 🚧 FuzzForge is under active development. Expect breaking changes. --- ## ⭐ Support the Project GitHub Stars If you find FuzzForge useful, please star the repo to support development πŸš€ --- ## ✨ Key Features - πŸ€– **AI Agents for Security** – Specialized agents for AppSec, reversing, and fuzzing - πŸ›  **Workflow Automation** – Define & execute AppSec workflows as code - πŸ“ˆ **Vulnerability Research at Scale** – Rediscover 1-days & find 0-days with automation - πŸ”— **Fuzzer Integration** – AFL, Honggfuzz, AFLnet, StateAFL & more - 🌐 **Community Marketplace** – Share workflows, corpora, PoCs, and modules - πŸ”’ **Enterprise Ready** – Team/Corp cloud tiers for scaling offensive security --- ## πŸ“¦ Installation ### Requirements **Python 3.11+** Python 3.11 or higher is required. **uv Package Manager** ```bash curl -LsSf https://astral.sh/uv/install.sh | sh ``` **Docker** For containerized workflows, see the [Docker Installation Guide](https://docs.docker.com/get-docker/). #### Configure Docker Daemon Before running `docker compose up`, configure Docker to allow insecure registries (required for the local registry). Add the following to your Docker daemon configuration: ```json { "insecure-registries": [ "localhost:5000", "host.docker.internal:5001", "registry:5000" ] } ``` **macOS (Docker Desktop):** 1. Open Docker Desktop 2. Go to Settings β†’ Docker Engine 3. Add the `insecure-registries` configuration to the JSON 4. Click "Apply & Restart" **Linux:** 1. Edit `/etc/docker/daemon.json` (create if it doesn't exist): ```bash sudo nano /etc/docker/daemon.json ``` 2. Add the configuration above 3. Restart Docker: ```bash sudo systemctl restart docker ``` ### CLI Installation After installing the requirements, install the FuzzForge CLI: ```bash # Clone the repository git clone https://github.com/fuzzinglabs/fuzzforge_ai.git cd fuzzforge_ai # Install CLI with uv (from the root directory) uv tool install --python python3.12 . ``` --- ## ⚑ Quickstart Run your first workflow with **Temporal orchestration** and **automatic file upload**: ```bash # 1. Clone the repo git clone https://github.com/fuzzinglabs/fuzzforge_ai.git cd fuzzforge_ai # 2. Start FuzzForge with Temporal docker-compose -f docker-compose.temporal.yaml up -d ``` > The first launch can take 2-3 minutes for services to initialize β˜• ```bash # 3. Run your first workflow (files are automatically uploaded) cd test_projects/vulnerable_app/ fuzzforge init # Initialize FuzzForge project ff workflow run security_assessment . # Start workflow - CLI uploads files automatically! # The CLI will: # - Detect the local directory # - Create a compressed tarball # - Upload to backend (via MinIO) # - Start the workflow on vertical worker ``` **What's running:** - **Temporal**: Workflow orchestration (UI at http://localhost:8233) - **MinIO**: File storage for targets (Console at http://localhost:9001) - **Vertical Workers**: Pre-built workers with security toolchains - **Backend API**: FuzzForge REST API (http://localhost:8000) ### Manual Workflow Setup ![Manual Workflow Demo](docs/static/videos/manual_workflow.gif) _Setting up and running security workflows through the interface_ πŸ‘‰ More installation options in the [Documentation](https://docs.fuzzforge.ai). --- ## AI-Powered Workflow Execution ![LLM Workflow Demo](docs/static/videos/llm_workflow.gif) _AI agents automatically analyzing code and providing security insights_ ## πŸ“š Resources - 🌐 [Website](https://fuzzforge.ai) - πŸ“– [Documentation](https://docs.fuzzforge.ai) - πŸ’¬ [Community Discord](https://discord.com/invite/acqv9FVG) - πŸŽ“ [FuzzingLabs Academy](https://academy.fuzzinglabs.com/?coupon=GITHUB_FUZZFORGE) --- ## 🀝 Contributing We welcome contributions from the community! There are many ways to help: - Report bugs by opening an [issue](../../issues) - Suggest new features or improvements - Submit pull requests with fixes or enhancements - Share workflows, corpora, or modules with the community See our [Contributing Guide](CONTRIBUTING.md) for details. --- ## πŸ—ΊοΈ Roadmap Planned features and improvements: - πŸ“¦ Public workflow & module marketplace - πŸ€– New specialized AI agents (Rust, Go, Android, Automotive) - πŸ”— Expanded fuzzer integrations (LibFuzzer, Jazzer, more network fuzzers) - ☁️ Multi-tenant SaaS platform with team collaboration - πŸ“Š Advanced reporting & analytics πŸ‘‰ Follow updates in the [GitHub issues](../../issues) and [Discord](https://discord.com/invite/acqv9FVG). --- ## πŸ“œ License FuzzForge is released under the **Business Source License (BSL) 1.1**, with an automatic fallback to **Apache 2.0** after 4 years. See [LICENSE](LICENSE) and [LICENSE-APACHE](LICENSE-APACHE) for details.