Integrate Honggfuzz with Vulnetix. Fuzz C/C++ targets using software or hardware coverage, then convert crash findings to JSON for upload.
C / C++CLI toolJSON
Install & scan
$ # Build from source (Ubuntu) sudo apt-get install -y build-essential binutils-dev libunwind-dev libblocksruntime-dev git clone https://github.com/google/honggfuzz cd honggfuzz && make && sudo cp honggfuzz /usr/local/bin/ $ # Step 1: Compile target with Honggfuzz instrumentation ./hfuzz_cc/hfuzz-clang -o target_hfuzz fuzz_target.c my_library.c # Step 2: Run Honggfuzz honggfuzz -i corpus/ -o findings/ -- ./target_hfuzz ___FILE___
Run Honggfuzz in CI
Scan on every push and upload the results to Vulnetix:
- name: Build Honggfuzz and target
run: |
git clone --depth=1 https://github.com/google/honggfuzz
cd honggfuzz && make
./hfuzz_cc/hfuzz-clang -o target_hfuzz ../fuzz_target.c
- name: Run Honggfuzz (60 seconds)
run: |
cd honggfuzz
timeout 60 ./honggfuzz -i ../corpus/ -o ../findings/ -- ./target_hfuzz ___FILE___ || true
Centralise Honggfuzz results in Vulnetix
Upload Honggfuzz JSON output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.