CybersecurityTestingSoftware

Format-Aware Black-Box Fuzzer

Designed and implemented a Dockerized format-aware black-box fuzzer for stdin-driven binaries. The tool mutates structured inputs and preserves reproducible crash, hang, slow-path, and unusual-output cases for later analysis.

GitHub

Mutation testing visual for a format-aware black-box fuzzer. — Project visual summary for Format-Aware Black-Box Fuzzer.

Summary

Project context

A developer-focused security testing tool that explores program behavior through format-aware mutation and repeatable failure capture.

Problem / goal

Many small stdin-driven programs fail in ways that are hard to reproduce when random fuzzing inputs are not saved, categorized, or linked to observable output behavior.

My role

Developer.

What I personally contributed

Built format-aware mutators for CSV, JSON, XML, JPEG, and plaintext inputs.
Implemented timeout handling plus crash, hang, slow-path, and unusual-output capture for reproducible debugging.
Packaged the workflow with Docker and Linux shell execution so targets could be tested repeatably.

Technical approach

Implemented mutation strategies for CSV, JSON, XML, JPEG, and plaintext inputs.
Wrapped target execution with Docker, Linux shell workflows, timeout handling, and repeatable input capture.
Tracked output signatures as a lightweight approximation for preserving inputs that produced new behavior.

Key features

Format-aware mutations for structured and unstructured input.
Timeout handling for hangs and slow paths.
Reproducible crash and hang input saving.
Output-signature tracking for unusual behavior discovery.

Impact / results

Created a repeatable testing workflow for black-box binaries.
Preserved inputs that triggered crashes, hangs, slow paths, or new output signatures.

What I learned

Simple automation becomes much more useful when it keeps the exact input needed to reproduce a failure.
Format-aware mutation can expose edge cases more efficiently than purely random byte-level changes.

CybersecurityTestingSoftware

Format-Aware Black-Box Fuzzer

GitHub

Summary

Project context

A developer-focused security testing tool that explores program behavior through format-aware mutation and repeatable failure capture.

Problem / goal

Many small stdin-driven programs fail in ways that are hard to reproduce when random fuzzing inputs are not saved, categorized, or linked to observable output behavior.

My role

Developer.

What I personally contributed

Built format-aware mutators for CSV, JSON, XML, JPEG, and plaintext inputs.
Implemented timeout handling plus crash, hang, slow-path, and unusual-output capture for reproducible debugging.
Packaged the workflow with Docker and Linux shell execution so targets could be tested repeatably.

Technical approach

Implemented mutation strategies for CSV, JSON, XML, JPEG, and plaintext inputs.
Wrapped target execution with Docker, Linux shell workflows, timeout handling, and repeatable input capture.
Tracked output signatures as a lightweight approximation for preserving inputs that produced new behavior.

Key features

Format-aware mutations for structured and unstructured input.
Timeout handling for hangs and slow paths.
Reproducible crash and hang input saving.
Output-signature tracking for unusual behavior discovery.

Impact / results

Created a repeatable testing workflow for black-box binaries.
Preserved inputs that triggered crashes, hangs, slow paths, or new output signatures.

What I learned

Simple automation becomes much more useful when it keeps the exact input needed to reproduce a failure.
Format-aware mutation can expose edge cases more efficiently than purely random byte-level changes.