5.8 KiB
🚧 FuzzForge is under active development
AI-powered workflow automation and AI Agents for AppSec, Fuzzing & Offensive Security
Overview • Features • Installation • Quickstart • Demo • Contributing
🚀 Overview
FuzzForge helps security researchers and engineers automate application security and offensive security workflows with the power of AI and fuzzing frameworks.
- Orchestrate static & dynamic analysis
- Automate vulnerability research
- Scale AppSec testing with AI agents
- Build, share & reuse workflows across teams
FuzzForge is open source, built to empower security teams, researchers, and the community.
🚧 FuzzForge is under active development. Expect breaking changes.
⭐ Support the Project
If you find FuzzForge useful, please star the repo to support development 🚀
✨ Key Features
- 🤖 AI Agents for Security – Specialized agents for AppSec, reversing, and fuzzing
- 🛠 Workflow Automation – Define & execute AppSec workflows as code
- 📈 Vulnerability Research at Scale – Rediscover 1-days & find 0-days with automation
- 🔗 Fuzzer Integration – AFL, Honggfuzz, AFLnet, StateAFL & more
- 🌐 Community Marketplace – Share workflows, corpora, PoCs, and modules
- 🔒 Enterprise Ready – Team/Corp cloud tiers for scaling offensive security
📦 Installation
Requirements
Python 3.11+ Python 3.11 or higher is required.
uv Package Manager
curl -LsSf https://astral.sh/uv/install.sh | sh
Docker For containerized workflows, see the Docker Installation Guide.
CLI Installation
After installing the requirements, install the FuzzForge CLI:
# Clone the repository
git clone https://github.com/fuzzinglabs/fuzzforge_ai.git
cd fuzzforge_ai
# Install CLI with uv (from the root directory)
uv tool install --python python3.12 .
⚡ Quickstart
Run your first workflow in 3 steps:
# 1. Clone the repo
git clone https://github.com/fuzzinglabs/fuzzforge.git
cd fuzzforge
# 2. Build & run with Docker
# Set registry host for your OS (local registry is mandatory)
# macOS/Windows (Docker Desktop):
export REGISTRY_HOST=host.docker.internal
# Linux (default):
# export REGISTRY_HOST=localhost
docker compose up -d
The first launch can take 5-10 minutes due to Docker image building - a good time for a coffee break ☕
# 3. Run your first workflow
cd test_projects/vulnerable_app/ # Go into the test directory
fuzzforge init # Init a fuzzforge project
ff workflow security_assessment . # Start a workflow (you can also use ff command)
Manual Workflow Setup
Setting up and running security workflows through the interface
👉 More installation options in the Documentation.
AI-Powered Workflow Execution
AI agents automatically analyzing code and providing security insights
📚 Resources
🤝 Contributing
We welcome contributions from the community!
There are many ways to help:
- Report bugs by opening an issue
- Suggest new features or improvements
- Submit pull requests with fixes or enhancements
- Share workflows, corpora, or modules with the community
See our Contributing Guide for details.
🗺️ Roadmap
Planned features and improvements:
- 📦 Public workflow & module marketplace
- 🤖 New specialized AI agents (Rust, Go, Android, Automotive)
- 🔗 Expanded fuzzer integrations (LibFuzzer, Jazzer, more network fuzzers)
- ☁️ Multi-tenant SaaS platform with team collaboration
- 📊 Advanced reporting & analytics
👉 Follow updates in the GitHub issues and Discord.
📜 License
FuzzForge is released under the Business Source License (BSL) 1.1, with an automatic fallback to Apache 2.0 after 4 years.
See LICENSE and LICENSE-APACHE for details.