Tags give the ability to mark specific points in history as being important
  • v1.35a protected Release: v1.35a
    Version 1.35a
      - Changed `afl-multicore` to prefix filenames with their respective job
        number handed over to `afl-fuzz`'s `-f` switch. Previously the job
        number was simply appended causing trouble for some fuzzing targets.
        (Contributed by Krishna Ram Prakash R and @YourButterfly.)
      - Changed `afl-multicore` to also set environment variables specified in the
        `afl-multicore` configuration file in case non-interactive mode is used.
        (Contributed by Philipp Bartsch.)
      - Updated `afl-sync` to not use the `-c` flag when invoking `rsync` to
        avoid hashing of large corpora. (Proposed by Denis Kasak.)
      - Fixed an `UnboundLocalError` in `afl_stats.py` when attempting to parse
        an empty stats file. (Contributed by Vincent Ulitzsch.)
  • v1.34a protected Release: v1.34a
    Version 1.34a
      - Added `--chmod`, `--chown` rsync flags to afl-sync (contributed by
        Denis Kasak).
      - Improved bug fix for #34 in afl-multicore (suggested by Bhargava
      - Bug in afl_collect.py fixed that prevented other tools from starting
        if gdb executable is not present (reported by Henri Salo).
      - Added support for `-m none` to `afl-minimize`. Thus an infinite memory
        limit can be passed to `afl-cmin` and `afl-tmin`. (Contributed by
        Vincent Ulitzsch.)
      - Fixed `afl-multicore` output to display master PID when using
        non-interactive mode.
      - Timestamp field added to `afl-collect` crash sample database.
        WARNING: This breaks compatibility with existing old database files
        in a way that appending to old databases is no longer possible w/o
        updating the database schema to include the timestamp field.
  • v1.33a protected Release: v1.33a
    Version 1.33a
      - Added `--cmin-qemu`, `--tmin-qemu` options for QEMU mode support
        to afl-minimize (suggested by Isaac).
      - Made processing timeout for sample verification phase configurable
        in afl-collect.
      - Usage of python 3 virtualenv explicitly documented in README
        (Henri Salo).
      - Added quotes around sample filenames used in generated gdb script
        to keep gdb happy with fancy sample filenames.
      - Updated afl-collect to automatically detect exploitable.py location
        (contributed by Jurriaan Bremer).
  • v1.32a protected Release: v1.32a
    Version 1.32a
      - SQLite db connector improved. Gives a huge afl-collect speed-up
        when using a database.
      - Changed afl-collect to print database related outputs only if
        a database is used.
      - Updated afl-stats to be compatible with afl-fuzz >= 2.32b (older
        afl versions will not work anymore).
      - afl-stats now optionally dumps fuzzer stats into a database.
      - Tweeting stats to twitter is now optional in afl-stats.
      - Fixed minor bug #34 in afl-multicore (reported by Bhargava Shastry).
      - Implemented option in afl-multicore to run arbitrary fuzzer instead
        of default afl-fuzz (#35, suggested by Bhargava Shastry).
      - Implemented multi-master mode support in afl-multicore (#36).
      - Bug affecting job counts in afl-multicore fixed (reported by Henri
  • v1.31a protected
    b48323d1 · Some README cleanup. ·
    Release: v1.31a
    Version 1.31a
      - Selective resumes added to afl-multicore.
      - Automatic calculation of delay values for afl-multicore startup
        implemented (use `-s auto`).
      - afl-multicore updated to not use a hard-coded path to the
        afl-fuzz binary.
  • ST_final
    Latest single-threading release.
  • v1.30a protected Release: v1.30a
    Version 1.30a
      - Parsing of slightly different modified 'fuzzer_stats' file fixed
        in afl-stats.
      - Delayed startup added to afl-multicore.
      - Fixed a bug in afl-sync that caused some directories to not be pulled
        from the remote location when a session name was specified.
      - Added afl's .cur_input to the rsync exclude list in afl-sync.
  • v1.29a protected Release: v1.29a
    Version 1.29a
      - afl-collect updated to not use a hard-coded path to the gdb binary
        (suggested by Martin Lindhe).
      - Fixed #30: CPU affinity settings removed from afl-multicore. (The
        option for explicitly setting CPU affinity in afl was dropped in
  • v1.28a protected
    c80ea374 · Minor changes. 💄 ·
    Release: v1.28a
    Version 1.28a
      - afl-cron for periodic task execution added.
      - Main execution loop removed from afl-stats. afl-cron may be used for
        repeated executions of afl-stats!
      - Changed afl-utils to use JSON config files.
  • v1.27a protected
    Version 1.27a
      - Basic version of afl-sync added.
  • v1.26a protected
    6be5036b · Changelog updated. ·
    Version 1.26a
      - afl-minimize now supports reseeding original afl queues with an optimized
      - Typo in test case setup method declaration fixed.
      - More test cases added.
  • v1.25a protected
    Version 1.25a
      - Added CPU affinity option to afl-multicore.
  • v1.24a protected
    Version 1.24a
      - afl-minimize now takes timeout and memory limit arguments that are passed
        to afl-cmin and afl-tmin.
      - Updated afl-collect to automatically detect whether operating on a single
        instance output directory or a multi instance synchronisation dir.
      - Fixed a minor bug in afl-collect that occurred when generating output sample
      - Scrots updated.
  • v1.23a protected
    9cabd1a7 · Happy new year commit ·
    Version 1.23a
      - Minor bug-fixes for SampleIndex.
      - Updated afl-multicore to assure that newly created screen windows operate
        on the same directory afl-multicore was started from.
      - Bug fixed, that prevented use of afl -f file argument when running multiple
        afl instances. For this purpose '%%' was introduced to be used when
        referencing the desired file in the target's command line option (check
        README for details).
      - Refactored code to increase testability.
      - Remaining test cases completed and new tests were added.
  • v1.22a protected
    19fa8065 · Note about branches added ·
    Version 1.22a
      - Typo in afl-vcrash code fixed (by Emanuele Cozzi).
      - Added flag for configurable sample processing timeouts for afl-vcrash (by
        Emanuele Cozzi).
      - More tests added.
  • v1.21a protected
    34295697 · README updated ·
    Version 1.21a
      - Ineffective subprocess timeout during crash verification fixed for afl-collect
        and afl-vcrash.
      - Added timeout handling to afl-collect, afl-minimize and afl-vcrash to avoid
        infinite/excessive blocking during sample processing.
      - Unreliable check_screen() fixed in afl-multicore.
      - Added a few test cases for afl-multicore.
  • v1.20a protected
    Version 1.20a
      - afl-multicore docs updated to reflect latest changes (by Mark Janssen).
      - Fixed afl-multicore session check bug, that prevented adding additional
        afl instances in normal mode (spotted by Mark Janssen).
      - afl-multicore now properly updates its session file when adding additional
        instances. afl-multikill was adapted accordingly.
      - Simple interactive test mode added to afl-multicore.
  • v1.19a protected
    Version 1.19a
      - afl-multicore revamped. Create config file for your target and desired afl
        options. Easily start and resume configured fuzzer instances. New feature:
        Subsequently add new instances using the 'add' command.
      - afl-multikill updated to terminate fuzzing sessions by process group id
        instead of individual PIDs and using SIGTERM instead of SIGKILL (by Mark
      - Auto-installation of my hacked version of exploitable added (make sure to
        source exploitable.py as indicated during setup!).
  • v1.18a protected
    Version 1.18a
      - Bug fixed that caused afl-stats to crash when monitoring more than one fuzzer
        output directory.
      - Added option to afl-collect that simplifies crash sample file names keeping only
        the originating fuzzer name and sample ID (by Martin Gallo).
  • v1.17a protected
    Version 1.17a
      - afl-minimize will skip file collection if collection dir exists and is not empty.
        This way you can run the automated afl-cmin and afl-tmin invocations directly on
        any directory containing fuzzing samples.
      - All tools' outputs have been colorized.
      - https://github.com/rc0r/exploitable has been updated to avoid crashing when
        multiple inferiors have been detected. Instead an UNKNOWN classification with
        an according message is generated. Be sure to update exploitable to increase
        afl-collect stability!