CASR is a toolkit for security engineers and fuzzing practitioners who need to turn a flood of raw crashes into actionable findings. It generates structuredDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ispras/casr/llms.txt
Use this file to discover all available pages before exploring further.
.casrep reports (JSON) containing severity ratings, stack traces, register values, disassembly, and source context — then deduplicates and clusters those reports so you focus on unique bugs, not duplicates.
Installation
Install CASR from crates.io or build from source on Linux and macOS.
Quickstart
Generate your first crash report in under five minutes.
CLI Tools
Reference for casr-san, casr-gdb, casr-core, casr-ubsan, casr-cluster, and casr-cli.
Fuzzer Integration
Automate triage for AFL++, libFuzzer, LibAFL, Jazzer, Atheris, and more.
Language Support
Analyze crashes in Python, Java, JavaScript, C#, Lua, and C/C++.
Severity Classes
Understand EXPLOITABLE, PROBABLY_EXPLOITABLE, and NOT_EXPLOITABLE ratings.
Report Format
Explore the .casrep JSON schema and SARIF export format.
LibCASR API
Integrate crash analysis directly into your Rust tooling with libcasr.
How CASR Works
Collect crash reports
Run one of the
casr-* tools against your crashing binary, sanitizer output, or coredump. CASR captures the full execution context and writes a .casrep file.Deduplicate
Use
casr-cluster -d to remove duplicate reports based on filtered stack trace hashing, leaving only unique crashes.Cluster
Run
casr-cluster -c to group related crashes together. Each cluster represents a distinct root cause.What CASR Covers
Sanitizers
AddressSanitizer, MemorySanitizer, and UndefinedBehaviorSanitizer via
casr-san and casr-ubsan.Coredumps
Offline and online (kernel core_pattern) coredump analysis via
casr-core.GDB
Raw GDB-based crash capture for uninstrumented binaries via
casr-gdb.8 Languages
C/C++, Rust, Python, Java, JavaScript, C#, Go, and Lua crash parsing.
Fuzzer Pipelines
End-to-end triage automation for AFL++, libFuzzer, LibAFL, Jazzer, Atheris, Jazzer.js, jsfuzz, and luzer.
SARIF & DefectDojo
Export to SARIF for IDE integration or upload to DefectDojo for vulnerability management.
CASR requires
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined when running inside Docker, because it disables address randomization and uses ptrace to run GDB.