# AFL++

> fuzzing software

**Wikidata**: [Q105970848](https://www.wikidata.org/wiki/Q105970848)  
**Wikipedia**: [English](https://en.wikipedia.org/wiki/AFL++)  
**Source**: https://4ort.xyz/entity/afl

## Summary
AFL++ is a free, open-source fuzzing software designed to automatically discover vulnerabilities and bugs in programs by feeding them malformed or unexpected inputs. It is a fork of the original American Fuzzy Lop (AFL) fuzzer, enhanced with additional features and optimizations, and is widely used in security research and software testing.

## Key Facts
- AFL++ is classified as **free software**, meaning users can freely run, study, modify, and distribute it under the **Apache Software License 2.0**.
- It is written in **assembly language**, a low-level programming language closely tied to machine code instructions.
- AFL++ runs exclusively on **Unix-like operating systems**, which include Linux, macOS, and BSD variants.
- The project is based on the original **American Fuzzy Lop (AFL)** fuzzer but includes significant improvements and extensions.
- The latest stable version as of the source material is **4.35c**, released on **December 26, 2025**.
- AFL++ is actively maintained, with frequent updates—over **30 versions** have been released since **2019**, including major milestones like **4.00c (2022)** and **3.10c (2021)**.
- The source code is hosted on **GitHub** at [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus).
- It is available as a package in **OpenSUSE** (`afl`) and **SlackBuilds** (`development/aflplusplus`).
- The official website is [https://aflplus.plus/](https://aflplus.plus/).
- AFL++ is copyrighted but distributed under permissive licensing terms.

## FAQs

### What is AFL++ used for?
AFL++ is a **fuzzing tool** used to automatically test software for security vulnerabilities, crashes, and memory corruption issues by generating and feeding malformed inputs to target programs.

### Is AFL++ free to use?
Yes, AFL++ is **free software** licensed under the **Apache Software License 2.0**, allowing users to run, modify, and distribute it freely.

### What operating systems does AFL++ support?
AFL++ is designed to run on **Unix-like operating systems**, including Linux, macOS, and BSD-based systems.

### How does AFL++ differ from the original AFL?
AFL++ is a **fork of American Fuzzy Lop (AFL)** with additional features, performance improvements, and ongoing maintenance, making it more effective for modern fuzzing tasks.

### Where can I download AFL++?
The source code is available on **GitHub** ([AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)), and pre-built packages exist for **OpenSUSE** and **SlackBuilds**.

### What programming language is AFL++ written in?
AFL++ is primarily written in **assembly language**, a low-level language that allows fine-grained control over hardware and performance optimizations.

### How often is AFL++ updated?
AFL++ has a **rapid release cycle**, with multiple versions per year. For example, between **2019 and 2025**, over **30 versions** were released, including major updates like **4.00c (2022)** and **4.35c (2025)**.

## Why It Matters
AFL++ plays a critical role in **software security** by automating the detection of vulnerabilities that could be exploited by attackers. Fuzzing is a proactive security measure used by developers, security researchers, and organizations to identify and fix bugs before they are discovered by malicious actors. By building on the widely adopted **American Fuzzy Lop**, AFL++ extends its capabilities with modern optimizations, making it a go-to tool for **penetration testers, bug bounty hunters, and software engineers**. Its open-source nature ensures transparency, community-driven improvements, and accessibility, reducing the barrier to entry for security testing. The frequent updates and support for **Unix-like systems** make it a reliable choice in both academic research and industry applications.

## Notable For
- Being a **highly optimized fork** of the original **American Fuzzy Lop (AFL)**, with enhanced performance and features.
- **Rapid and frequent updates**, with over **30 versions** released since **2019**, ensuring continuous improvement.
- **Open-source licensing** under the **Apache 2.0 License**, promoting widespread adoption and modification.
- **Assembly language implementation**, allowing for low-level optimizations critical in fuzzing performance.
- **Cross-platform support** across **Unix-like systems**, including Linux, macOS, and BSD.
- **Active community and maintenance**, with a dedicated GitHub repository and package availability in **OpenSUSE** and **SlackBuilds**.
- **Widespread use in security research**, making it a standard tool for vulnerability discovery.

## Body

### Overview and Purpose
AFL++ is a **fuzzing software** designed to automatically test programs by feeding them large volumes of malformed or unexpected inputs to trigger crashes, memory leaks, or other undesirable behaviors. This process, known as **fuzz testing**, is a critical technique in **software security** and **quality assurance**, helping developers identify and patch vulnerabilities before they can be exploited. AFL++ is an evolution of the original **American Fuzzy Lop (AFL)**, incorporating additional features, optimizations, and ongoing maintenance to improve its effectiveness.

### Licensing and Distribution
AFL++ is classified as **free software**, meaning it adheres to the principles of allowing users to **run, study, modify, and distribute** the software freely. It is licensed under the **Apache Software License 2.0**, a permissive open-source license that enables both personal and commercial use with minimal restrictions. The project’s source code is publicly available on **GitHub** ([AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)), and it is distributed as a package in **OpenSUSE** (`afl`) and **SlackBuilds** (`development/aflplusplus`). Despite being copyrighted, its open licensing ensures broad accessibility.

### Technical Foundation
AFL++ is written in **assembly language**, a low-level programming language that provides a strong correspondence between code and machine instructions. This choice allows for **fine-grained control over performance** and **hardware-specific optimizations**, which are crucial for efficient fuzzing. The tool is designed to run on **Unix-like operating systems**, a broad category that includes **Linux, macOS, and BSD variants**, making it compatible with the majority of servers and development environments used in security research.

### Development and Version History
AFL++ has undergone **rapid and continuous development**, with a history of frequent updates. The earliest recorded version in the source material is **2.52c (June 4, 2019)**, and since then, the project has seen over **30 releases**, including major milestones:
- **2.52c to 2.68c (2019–2020)**: Early iterations focusing on stability and feature expansion.
- **3.10c to 3.14c (2021)**: Introduction of significant performance improvements.
- **4.00c (January 26, 2022)**: A major release marking a new versioning scheme.
- **4.08c to 4.35c (2023–2025)**: Recent stable versions, with **4.35c (December 26, 2025)** being the latest as of the source material.

Each release includes bug fixes, new fuzzing strategies, and optimizations, reflecting the project’s commitment to staying current with evolving security challenges.

### Relationship to American Fuzzy Lop (AFL)
AFL++ is a **direct fork of American Fuzzy Lop (AFL)**, one of the most influential fuzzing tools in software security. While AFL laid the groundwork for effective fuzz testing, AFL++ builds upon it by adding **new mutation strategies, improved instrumentation, and better performance**. The project maintains compatibility with AFL’s core functionality while expanding its capabilities, making it a preferred choice for users seeking a more advanced and actively maintained alternative.

### Community and Ecosystem
The AFL++ project benefits from an **active community** of contributors and users, primarily centered around its **GitHub repository**. The open-source model encourages collaboration, with developers worldwide submitting patches, reporting issues, and proposing new features. Additionally, AFL++ is integrated into **package managers** like **OpenSUSE** and **SlackBuilds**, simplifying installation and deployment for users. The official website, [https://aflplus.plus/](https://aflplus.plus/), serves as a hub for documentation, tutorials, and updates.

### Use Cases and Impact
AFL++ is widely used in **security research, penetration testing, and software development** to identify vulnerabilities such as **buffer overflows, memory corruption, and input validation flaws**. Its adoption spans:
- **Bug bounty hunters** who use it to find and report vulnerabilities in software.
- **Software developers** integrating fuzzing into their **CI/CD pipelines** to catch bugs early.
- **Academic researchers** studying fuzzing techniques and automated vulnerability discovery.
- **Security teams** in organizations proactively testing their applications for weaknesses.

By automating the detection of hard-to-find bugs, AFL++ reduces the manual effort required in security audits and improves the overall robustness of software.

### Notable Features and Innovations
AFL++ introduces several **key enhancements** over the original AFL, including:
- **Advanced mutation strategies** that improve the likelihood of discovering deep vulnerabilities.
- **Better instrumentation** for more accurate tracking of code coverage during fuzzing.
- **Performance optimizations** that reduce the time required to identify bugs.
- **Support for modern architectures** and compilers, ensuring compatibility with contemporary software.

These features make AFL++ a **more powerful and efficient** tool compared to its predecessor and other fuzzing solutions.

### Future Directions
Given its **active development cycle** and **community-driven improvements**, AFL++ is likely to continue evolving with new techniques in fuzzing, such as **machine learning-assisted input generation** and **enhanced support for complex software environments**. The project’s openness to contributions ensures that it will remain at the forefront of **automated vulnerability discovery** for years to come.

## References

1. [Source](http://lcamtuf.coredump.cx/afl/README.txt)
2. [Release 2.52c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.52c)
3. [Release 2.53c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.53c)
4. [Release 2.54c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.54c)
5. [Release 2.57c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.57c)
6. [Release 2.58c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.58c)
7. [Release 2.59c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.59c)
8. [Release 2.60c. 2019](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.60c)
9. [Release 2.61c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.61c)
10. [Release 2.62c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.62c)
11. [Release 2.63c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.63c)
12. [Release 2.64c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.64c)
13. [Release 2.65c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.65c)
14. [Release 2.66c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.66c)
15. [Release 2.67c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.67c)
16. [Release 2.68c. 2020](https://github.com/AFLplusplus/AFLplusplus/releases/tag/2.68c)
17. [Release 3.10c. 2021](https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.10c)
18. [Release 3.11c. 2021](https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.11c)
19. [Release 3.12c. 2021](https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.12c)
20. [Release 3.13c. 2021](https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.13c)
21. [Release 3.14c. 2021](https://github.com/AFLplusplus/AFLplusplus/releases/tag/3.14c)
22. [Release 4.00c. 2022](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.00c)
23. [Release 4.01c. 2022](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.01c)
24. [Release 4.02c. 2022](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.02c)
25. [Release 4.03c. 2022](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.03c)
26. [Release 4.04c. 2022](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.04c)
27. [Release 4.05c. 2023](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.05c)
28. [Release 4.06c. 2023](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.06c)
29. [Release 4.07c. 2023](https://github.com/AFLplusplus/AFLplusplus/releases/tag/4.07c)
30. [Release 4.08c. 2023](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.08c)
31. [Release 4.09c. 2023](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.09c)
32. [Release 4.10c. 2024](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.10c)
33. [Release 4.20c. 2024](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.20c)
34. [Release 4.21c. 2024](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.21c)
35. [Release 4.30c. 2024](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.30c)
36. [Release 4.31c. 2025](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.31c)
37. [Release 4.32c. 2025](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.32c)
38. [Release 4.33c. 2025](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.33c)
39. [Release 4.34c. 2025](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.34c)
40. [Release 4.35c. 2025](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.35c)
41. [Release 4.40c. 2026](https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.40c)