CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-02-12 20:32:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
94 Commits 18 Branches 2 Tags
8adc7a2e007ab0b045d92f4f5ec88a9726df93e9
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
AFredefon 8adc7a2e00 refactor: simplify module metadata schema for AI discoverability
2026-02-10 21:35:22 +01:00
assets
feat: FuzzForge AI - complete rewrite for OSS release
2026-01-30 09:57:48 +01:00
fuzzforge-cli
feat: make Docker the default container engine
2026-01-30 13:20:03 +01:00
fuzzforge-common
feat(modules): add harness-tester module for Rust fuzzing pipeline
2026-02-03 18:12:28 +01:00
fuzzforge-mcp
feat(modules): add harness-tester module for Rust fuzzing pipeline
2026-02-03 18:12:28 +01:00
fuzzforge-modules
refactor: simplify module metadata schema for AI discoverability
2026-02-10 21:35:22 +01:00
fuzzforge-runner
refactor: simplify module metadata schema for AI discoverability
2026-02-10 21:35:22 +01:00
fuzzforge-tests
fix: remove enterprise SDK references from OSS tests
2026-01-30 10:36:33 +01:00
fuzzforge-types
feat: FuzzForge AI - complete rewrite for OSS release
2026-01-30 09:57:48 +01:00
.gitignore
feat: make Docker the default container engine
2026-01-30 13:20:03 +01:00
.python-version
feat: FuzzForge AI - complete rewrite for OSS release
2026-01-30 09:57:48 +01:00
CONTRIBUTING.md
fix: block Podman on macOS and remove ghcr.io default (#39)
2026-02-03 10:15:16 +01:00
LICENSE
Initial commit
2025-09-29 21:26:41 +02:00
LICENSE-APACHE
Initial commit
2025-09-29 21:26:41 +02:00
Makefile
feat: make Docker the default container engine
2026-01-30 13:20:03 +01:00
NOTICE
Initial commit
2025-09-29 21:26:41 +02:00
pyproject.toml
feat(modules): add harness-tester module for Rust fuzzing pipeline
2026-02-03 18:12:28 +01:00
README.md
fix: update license badge and footer from Apache 2.0 to BSL 1.1
2026-02-10 18:31:37 +01:00
ROADMAP.md
docs: add ROADMAP.md with planned features
2026-02-09 10:36:33 +01:00
ruff.toml
fix: block Podman on macOS and remove ghcr.io default (#39)
2026-02-03 10:15:16 +01:00
USAGE.md
feat(modules): add harness-tester module for Rust fuzzing pipeline
2026-02-03 18:12:28 +01:00

README.md

FuzzForge OSS

AI-Powered Security Research Orchestration via MCP

Discord License: BSL 1.1 Python 3.12+ MCP Compatible Website

Let AI agents orchestrate your security research workflows locally

OverviewFeaturesInstallationUsage GuideModulesContributing

🚧 FuzzForge OSS is under active development. Expect breaking changes and new features!

🚀 Overview

FuzzForge OSS is an open-source runtime that enables AI agents (GitHub Copilot, Claude, etc.) to orchestrate security research workflows through the Model Context Protocol (MCP).

The Core: Modules

At the heart of FuzzForge are modules - containerized security tools that AI agents can discover, configure, and orchestrate. Each module encapsulates a specific security capability (static analysis, fuzzing, crash analysis, etc.) and runs in an isolated container.

  • 🔌 Plug & Play: Modules are self-contained - just pull and run
  • 🤖 AI-Native: Designed for AI agent orchestration via MCP
  • 🔗 Composable: Chain modules together into automated workflows
  • 📦 Extensible: Build custom modules with the Python SDK

The OSS runtime handles module discovery, execution, and result collection. Security modules (developed separately) provide the actual security tooling - from static analyzers to fuzzers to crash triagers.

Instead of manually running security tools, describe what you want and let your AI assistant handle it.

🎬 Use Case: Rust Fuzzing Pipeline

Scenario: Fuzz a Rust crate to discover vulnerabilities using AI-assisted harness generation and parallel fuzzing.

1 Analyze, Generate & Validate Harnesses 2 Run Parallel Continuous Fuzzing
FuzzForge Demo - Analysis Pipeline FuzzForge Demo - Parallel Fuzzing
AI agent analyzes code, generates harnesses, and validates they compile Multiple fuzzing sessions run in parallel with live metrics

Support the Project

If you find FuzzForge useful, please star the repo to support development! 🚀

GitHub Stars

Features

Feature Description
🤖 AI-Native Built for MCP - works with GitHub Copilot, Claude, and any MCP-compatible agent
📦 Containerized Each module runs in isolation via Docker or Podman
🔄 Continuous Mode Long-running tasks (fuzzing) with real-time metrics streaming
🔗 Workflows Chain multiple modules together in automated pipelines
🛠️ Extensible Create custom modules with the Python SDK
🏠 Local First All execution happens on your machine - no cloud required
🔒 Secure Sandboxed containers with no network access by default

🏗️ Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     AI Agent (Copilot/Claude)                   │
└───────────────────────────┬─────────────────────────────────────┘
                            │ MCP Protocol (stdio)
                            ▼
┌─────────────────────────────────────────────────────────────────┐
│                     FuzzForge MCP Server                        │
│  ┌─────────────┐  ┌──────────────┐  ┌────────────────────────┐  │
│  │list_modules │  │execute_module│  │start_continuous_module │  │
│  └─────────────┘  └──────────────┘  └────────────────────────┘  │
└───────────────────────────┬─────────────────────────────────────┘
                            │
                            ▼
┌─────────────────────────────────────────────────────────────────┐
│                     FuzzForge Runner                            │
│                  Container Engine (Docker/Podman)               │
└───────────────────────────┬─────────────────────────────────────┘
                            │
        ┌───────────────────┼───────────────────┐
        ▼                   ▼                   ▼
┌───────────────┐   ┌───────────────┐   ┌───────────────┐
│  Module A     │   │  Module B     │   │  Module C     │
│  (Container)  │   │  (Container)  │   │  (Container)  │
└───────────────┘   └───────────────┘   └───────────────┘

📦 Installation

Prerequisites

Quick Install

# Clone the repository
git clone https://github.com/FuzzingLabs/fuzzforge_ai.git
cd fuzzforge_ai

# Install dependencies
uv sync

# Build module images
make build-modules

Configure MCP for Your AI Agent

# For GitHub Copilot
uv run fuzzforge mcp install copilot

# For Claude Code (CLI)
uv run fuzzforge mcp install claude-code

# For Claude Desktop (standalone app)
uv run fuzzforge mcp install claude-desktop

# Verify installation
uv run fuzzforge mcp status

Restart your editor and your AI agent will have access to FuzzForge tools!

📦 Modules

FuzzForge modules are containerized security tools that AI agents can orchestrate. The module ecosystem is designed around a simple principle: the OSS runtime orchestrates, enterprise modules execute.

Module Ecosystem

FuzzForge OSS FuzzForge Enterprise Modules
What Runtime & MCP server Security research modules
License Apache 2.0 BSL 1.1 (Business Source License)
Compatibility Runs any compatible module Works with OSS runtime

Enterprise modules are developed separately and provide production-ready security tooling:

Category Modules Description
🔍 Static Analysis Rust Analyzer, Solidity Analyzer, Cairo Analyzer Code analysis and fuzzable function detection
🎯 Fuzzing Cargo Fuzzer, Honggfuzz, AFL++ Coverage-guided fuzz testing
💥 Crash Analysis Crash Triager, Root Cause Analyzer Automated crash deduplication and analysis
🔐 Vulnerability Detection Pattern Matcher, Taint Analyzer Security vulnerability scanning
📝 Reporting Report Generator, SARIF Exporter Automated security report generation

💡 Build your own modules! The FuzzForge SDK allows you to create custom modules that integrate seamlessly with the OSS runtime. See Creating Custom Modules.

Execution Modes

Modules run in two execution modes:

One-shot Execution

Run a module once and get results:

result = execute_module("my-analyzer", assets_path="/path/to/project")

Continuous Execution

For long-running tasks like fuzzing, with real-time metrics:

# Start continuous execution
session = start_continuous_module("my-fuzzer", 
    assets_path="/path/to/project",
    configuration={"target": "my_target"})

# Check status with live metrics
status = get_continuous_status(session["session_id"])

# Stop and collect results
stop_continuous_module(session["session_id"])

🛠️ Creating Custom Modules

Build your own security modules with the FuzzForge SDK:

from fuzzforge_modules_sdk import FuzzForgeModule, FuzzForgeModuleResults

class MySecurityModule(FuzzForgeModule):
    def _run(self, resources):
        self.emit_event("started", target=resources[0].path)
        
        # Your analysis logic here
        results = self.analyze(resources)
        
        self.emit_progress(100, status="completed", 
            message=f"Analysis complete")
        return FuzzForgeModuleResults.SUCCESS

📖 See the Module SDK Guide for details.

📁 Project Structure

fuzzforge_ai/
├── fuzzforge-cli/           # Command-line interface
├── fuzzforge-common/        # Shared abstractions (containers, storage)
├── fuzzforge-mcp/           # MCP server for AI agents
├── fuzzforge-modules/       # Security modules
│   └── fuzzforge-modules-sdk/   # Module development SDK
├── fuzzforge-runner/        # Local execution engine
├── fuzzforge-types/         # Type definitions & schemas
└── demo/                    # Demo projects for testing

🤝 Contributing

We welcome contributions from the community!

  • 🐛 Report bugs via GitHub Issues
  • 💡 Suggest features or improvements
  • 🔧 Submit pull requests
  • 📦 Share your custom modules

See CONTRIBUTING.md for guidelines.

📄 License

BSL 1.1 - See LICENSE for details.

Built with ❤️ by FuzzingLabs

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
agentaiappsecautomationdastdevsecopsfuzzingoffensive-securitysastsecuritysecurity-toolsvulnerabilitiesworkflowworkflow-automation
Readme 119 MiB
Languages
Python 95.7%
Makefile 3.1%
Dockerfile 1.2%