CASR (Crash Analysis and Severity Report) is an open-source toolkit that helps security engineers and fuzzing practitioners collect, triage, and score crash reports. Whether you’re post-processing AFL++ output or running a continuous fuzzing pipeline, CASR turns raw crashes into structured, deduplicated, and severity-rankedDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ispras/casr/llms.txt
Use this file to discover all available pages before exploring further.
.casrep JSON reports.
What is CASR
CASR is two things at once:- A suite of CLI tools — each one targets a specific crash source (sanitizers, GDB, coredumps, language runtimes) and produces a unified
.casrepJSON report. - libcasr — a Rust library that powers all the tools and can be embedded directly in your own analysis code. It provides APIs for parsing stack traces, collecting crash metadata, deduplicating, clustering, and estimating exploitability.
Key Capabilities
Severity Estimation
Classifies crashes as
EXPLOITABLE, PROBABLY_EXPLOITABLE, NOT_EXPLOITABLE, or NOT_CRITICAL for x86, x86_64, ARM32, AArch64, rv32g, and rv64g — inspired by GDB’s exploitable plugin.Multi-Language Support
Generates crash reports for C/C++, Rust, Go, Java, JavaScript, Python, Lua, and C# programs from a single unified interface.
Fuzzer Integration
First-class triage pipelines for AFL++, libFuzzer, LibAFL, Atheris, Jazzer, Jazzer.js, jsfuzz, Sharpfuzz, go-fuzz, and luzer.
Deduplication & Clustering
casr-cluster removes duplicate reports and groups related crashes by stack-trace similarity so you focus on unique root causes.TUI Viewer
casr-cli renders .casrep files in a rich terminal UI, shows cluster statistics, and exports entire result sets to SARIF for CI/CD integration.DefectDojo Integration
casr-dojo uploads new and unique crash reports directly to a DefectDojo instance, enabling seamless vulnerability management workflows.Architecture Overview
CASR is organized around a family of single-purpose binaries that all emit the same.casrep format:
| Tool | Purpose |
|---|---|
casr-san | Analyze AddressSanitizer and MemorySanitizer output |
casr-ubsan | Analyze UndefinedBehaviorSanitizer errors across multiple inputs |
casr-gdb | Collect reports via GDB for uninstrumented binaries |
casr-core | Create reports from Linux coredumps |
casr-python | Analyze Python exceptions; integrates with Atheris |
casr-java | Analyze Java exceptions; integrates with Jazzer |
casr-js | Analyze JavaScript exceptions; integrates with Jazzer.js and jsfuzz |
casr-csharp | Analyze C# exceptions; integrates with Sharpfuzz |
casr-lua | Analyze Lua runtime errors |
casr-cluster | Deduplicate (-d) and cluster (-c) report collections |
casr-cli | Interactive TUI viewer and SARIF exporter |
casr-afl | End-to-end triage pipeline for AFL++ and Sharpfuzz crashes |
casr-libfuzzer | End-to-end triage pipeline for libFuzzer, LibAFL, and compatible fuzzers |
casr-dojo | Upload unique reports to DefectDojo (requires dojo feature) |
Supported Architectures
CASR’s severity estimation works on the following CPU architectures:- x86 (32-bit)
- x86_64 (64-bit)
- ARM32
- AArch64
- rv32g (RISC-V 32-bit)
- rv64g (RISC-V 64-bit)
Supported Languages
libcasr can parse crashes originating from programs written in:- C / C++
- C#
- Go
- Java
- JavaScript
- Lua
- Python
- Rust
casr-python, casr-java, casr-js, casr-csharp, casr-lua) wrap libcasr and understand the respective runtime’s stack trace format, exception model, and fuzzing harness conventions.
Running CASR in Docker
CASR disables address-space randomization for better deduplication accuracy and usesptrace to attach GDB. When running inside a container, you must pass extra capabilities to Docker.
Start your container with
--cap-add=SYS_PTRACE --security-opt seccomp=unconfined, otherwise casr-gdb and ASLR-disabling features will not work correctly.Next Steps
Installation
Install CASR from crates.io, a prebuilt binary, or build from source.
Quickstart
Compile a test program, generate your first crash report, and run the triage pipeline end to end.