Fbuzzer is a toy coverage-guided fuzzer based on Frida. It supports custom mutation, coverage collection, and crash detection. Suitable for prototyping and learning fuzzing principles.
- Dynamic instrumentation and coverage collection via Frida
- Toy mutator (bit flip, byte set, etc.)
- Automatic corpus management: new paths are added automatically
- Pure TypeScript/JavaScript implementation, easy to extend
- Build the Agent
npm run build
# or
frida-compile -S -c src/sample/example.ts -o _agent.js- Attach the Fuzzer Agent
frida -l example _agent.js- list iOS urlschemes
frida -U SpringBoard -l urlschemes/urlschemes.js