Skills

ruzzy

Installation
Summary

Coverage-guided fuzzer for Ruby code and C extensions with memory sanitizer support.

  • Fuzzes both pure Ruby code (via tracer script pattern) and Ruby C extensions with AddressSanitizer and UndefinedBehaviorSanitizer integration
  • Requires Linux x86-64 or AArch64 with clang 14.0.0+; installation uses custom compiler flags for sanitizer instrumentation
  • Harnesses are single-file lambdas for C extensions, two-file setup (tracer + harness) for pure Ruby; all libFuzzer options and corpus directories supported
  • Detects memory corruption, use-after-free, buffer overflows, and undefined behavior; crash inputs saved automatically for reproduction
SKILL.md

Ruzzy

Ruzzy is a coverage-guided fuzzer for Ruby built on libFuzzer. It enables fuzzing both pure Ruby code and Ruby C extensions with sanitizer support for detecting memory corruption and undefined behavior.

When to Use

Ruzzy is currently the only production-ready coverage-guided fuzzer for Ruby.

Choose Ruzzy when:

  • Fuzzing Ruby applications or libraries
  • Testing Ruby C extensions for memory safety issues
  • You need coverage-guided fuzzing for Ruby code
  • Working with Ruby gems that have native extensions

Quick Start

Set up environment:

export ASAN_OPTIONS="allocator_may_return_null=1:detect_leaks=0:use_sigaltstack=0"
Related skills

More from trailofbits/skills

Installs
2.2K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass