[GH-ISSUE #6] Fuzzing seed folder #3

New issue

Open

opened 2026-03-02 04:07:45 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 04:07:45 +03:00

Owner

Originally created by @danielcuthbert on GitHub (Nov 26, 2025).
Original GitHub issue: https://github.com/gadievron/raptor/issues/6

Originally assigned to: @danielcuthbert on GitHub.

Currently when specifying /fuzz, the following flow happens:

--binary     Required path to target                                   
    --corpus     Optional seed directory                                   
    --autonomous Enable intelligent mode                                   
    --goal       High-level objective (e.g., "find heap overflow")

which in turn is a big IF/ELSE statement like so:

IF --corpus provided:                                                  
        └── Use user's seed directory directly                             
                                                                           
    ELSE IF --autonomous mode:                                             
        └── CorpusGenerator.generate_autonomous_corpus()                   
            ├── analyze_binary() - Extract strings, detect formats         
            ├── _generate_basic_seeds() - Generic fuzz inputs              
            ├── _generate_format_seeds() - XML/JSON/HTTP/etc               
            ├── _generate_goal_directed_seeds() - Based on --goal          
            └── _wrap_with_commands() - Add STACK:/HEAP:/etc prefixes      
                                                                           
    ELSE (no corpus, no autonomous):                                       
        └── AFLRunner._create_default_corpus()                             
            Creates minimal generic seeds:                                 
            - b"A" * 10                                                    
            - b"test\n"                                                    
            - b"\x00\x01\x02\x03"                                          
            - b"GET / HTTP/1.0\r\n\r\n"

now part of me wonders if we shouldn't offer a seed dir full of decent seeds that both RAPTOR can use and the community can add to, too. I can see benefits, so leaving it here for me and others to comment on

Originally created by @danielcuthbert on GitHub (Nov 26, 2025). Original GitHub issue: https://github.com/gadievron/raptor/issues/6 Originally assigned to: @danielcuthbert on GitHub. Currently when specifying /fuzz, the following flow happens: ``` --binary Required path to target --corpus Optional seed directory --autonomous Enable intelligent mode --goal High-level objective (e.g., "find heap overflow") ``` which in turn is a big IF/ELSE statement like so: ``` IF --corpus provided: └── Use user's seed directory directly ELSE IF --autonomous mode: └── CorpusGenerator.generate_autonomous_corpus() ├── analyze_binary() - Extract strings, detect formats ├── _generate_basic_seeds() - Generic fuzz inputs ├── _generate_format_seeds() - XML/JSON/HTTP/etc ├── _generate_goal_directed_seeds() - Based on --goal └── _wrap_with_commands() - Add STACK:/HEAP:/etc prefixes ELSE (no corpus, no autonomous): └── AFLRunner._create_default_corpus() Creates minimal generic seeds: - b"A" * 10 - b"test\n" - b"\x00\x01\x02\x03" - b"GET / HTTP/1.0\r\n\r\n" ``` now part of me wonders if we shouldn't offer a seed dir full of decent seeds that both RAPTOR can use and the community can add to, too. I can see benefits, so leaving it here for me and others to comment on