Skills

cargo-fuzz

Installation
Summary

Cargo-based fuzzing for Rust projects using libFuzzer with integrated sanitizer support.

  • Requires nightly Rust toolchain and works best with library crate structure; automatically enables AddressSanitizer by default for memory error detection
  • Provides cargo fuzz init scaffolding, harness templates, and corpus/artifact management; supports structure-aware fuzzing via the arbitrary crate for type-driven input generation
  • Includes coverage analysis integration, dictionary support for format-aware fuzzing, and libFuzzer option passthrough for timeout, input size, and other runtime controls
  • Disables sanitizers with --sanitizer none for 2x performance boost on safe Rust code; re-executes crashes and corpus entries for regression testing
SKILL.md

cargo-fuzz

cargo-fuzz is the de facto choice for fuzzing Rust projects when using Cargo. It uses libFuzzer as the backend and provides a convenient Cargo subcommand that automatically enables relevant compilation flags for your Rust project, including support for sanitizers like AddressSanitizer.

When to Use

cargo-fuzz is currently the primary and most mature fuzzing solution for Rust projects using Cargo.

Fuzzer Best For Complexity
cargo-fuzz Cargo-based Rust projects, quick setup Low
AFL++ Multi-core fuzzing, non-Cargo projects Medium
LibAFL Custom fuzzers, research, advanced use cases High

Choose cargo-fuzz when:

  • Your project uses Cargo (required)
  • You want simple, quick setup with minimal configuration
  • You need integrated sanitizer support
  • You're fuzzing Rust code with or without unsafe blocks
Related skills

More from trailofbits/skills

Installs
2.2K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubFail
SocketPass
SnykWarn