AFL Runner (Documentation Index
Fetch the complete documentation index at: https://mintlify.com/0xricksanchez/AFL_Runner/llms.txt
Use this file to discover all available pages before exploring further.
aflr) is a modern Rust CLI tool that takes the friction out of running multi-core AFLPlusPlus fuzzing campaigns. Its default configuration is derived directly from the official AFL++ documentation’s Using multiple cores section, so you get best-practice campaign orchestration without having to manually wire up every instance yourself.
The Multi-Core Fuzzing Problem
Running a serious AFL++ campaign across many CPU cores is not as simple as spawning multipleafl-fuzz processes. You need to designate exactly one main fuzzer (-M) while every other instance runs as a secondary (-S), assign distinct power schedules across those secondaries, route CMPLOG instrumented binaries to the right runners, optionally attach CMPCOV and sanitizer binaries, name every session pane, and manage the resulting tmux or screen layout — all before a single test case is executed. Getting any of this wrong silently degrades coverage. AFL Runner handles all of it deterministically from a single command invocation.
Subcommands
AFL Runner exposes six focused subcommands that cover the full campaign lifecycle — from command generation through monitoring and teardown.run
Generate AFL++ commands and execute them in a tmux or screen session in one step. Supports an integrated TUI, dry-run mode, RAMDisk, and detached operation.
gen
Generate the full set of
afl-fuzz invocations and print them without executing anything — useful for inspection, scripting, or CI pipelines.cov
Collect and visualize LLVM-based code coverage from a completed or running campaign, producing either an HTML or plain-text report.
tui
Attach a real-time terminal user interface to any running campaign by pointing it at the AFL++ output directory — a full replacement for
afl-whatsup.kill
Terminate a named tmux or screen session and all
afl-fuzz processes spawned inside it cleanly.add-seed
Inject new seed files into the input queue of a live campaign without restarting any fuzzer instances.
Fuzzing Modes
AFL Runner supports three campaign modes, selectable via the-m / --mode flag or the mode key in a config file:
multiple-cores(default) — Follows the AFL++ multi-core best-practice guide: one main fuzzer, distributed power schedules across secondaries, and automatic CMPLOG/CMPCOV/SAN binary routing.default— Vanilla AFL++ invocations with no opinionated scheduling or binary routing.ci-fuzzing— A lightweight mode designed for short-lived CI runs based on the AFL++ CI fuzzing guidance.
Configuration Files
Every flag available on the command line can also be expressed in a TOML configuration file and passed via--config <path>. If no --config flag is provided, AFL Runner automatically looks for a file named aflr_cfg.toml in the current working directory.
CLI flags always take precedence over values read from a configuration file. This makes it easy to store a project-level config and override individual settings per run without editing the file.
What AFL Runner Is NOT
AFL Runner is designed as a plug-and-play solution for the stage of a fuzzing campaign where all that remains is spinning up a correctly configured multi-core run. It is deliberately not a helper for:- Compiling a target binary in multiple instrumentation flavors (plain AFL++, ASan, CMPLOG, CMPCOV, coverage)
- Preparing or minimizing a seed corpus
- Selecting or generating a token dictionary to improve code coverage
- Debugging a crashing or stalling fuzzing campaign
aflr.
Availability
AFL Runner version 0.6.1 is published on crates.io under the package nameafl_runner and is licensed under the Apache 2.0 License.