macOS
brew install cargo-fuzzlocal Homebrew formula metadata
brew
Command-line helpers for fuzzing. Version 0.13.2 via Homebrew; verified 2026-06-09.
install
brew install cargo-fuzzlocal Homebrew formula metadata
nix profile install nixpkgs#cargo-fuzznixpkgs package indexes · pkgs/by-name/ca/cargo-fuzz/package.nix · source: api.github.com
sudo pacman -S cargo-fuzzArch Linux sync databases · cargo-fuzz · source: geo.mirror.pkgbuild.com
overview
Command-line helpers for fuzzing
history
cargo-fuzz is the standard Cargo subcommand for driving libFuzzer against Rust crates. It is part of the rust-fuzz project family and is documented by the Rust Fuzz Book as the recommended tool for fuzz testing Rust code.
The package matters because it made coverage-guided fuzzing feel like an ordinary Rust workflow: initialize a fuzz target, add test harnesses, run them through Cargo, minimize failing inputs, and generate coverage.
The cargo-fuzz repository and crate were created in February 2017, early in Rust's effort to make fuzz testing practical for library authors. The README describes it as a Cargo subcommand for fuzzing with libFuzzer, while the Rust Fuzz Book clarifies that cargo-fuzz invokes a fuzzer rather than being a fuzzer itself.
The tool standardized the `fuzz/` directory layout for Rust crates. `cargo fuzz init` creates a fuzzing project, `cargo fuzz add` creates targets, and `cargo fuzz run` executes them through libFuzzer via the libfuzzer-sys crate.
cargo-fuzz became the mainstream Rust path for libFuzzer-based testing because it followed Cargo conventions and came with an official guide. The Rust Fuzz Book places it alongside afl.rs but explicitly recommends cargo-fuzz for Rust code.
The rust-fuzz ecosystem also keeps a trophy-case repository for bugs found through fuzz testing, reinforcing cargo-fuzz as part of Rust's security and reliability culture rather than a standalone experiment.
Typical usage begins with `cargo fuzz init`, then `cargo fuzz add <target>`, and then `cargo fuzz run <target>`. The README also documents commands for formatting generated inputs, minimizing a crashing testcase, minimizing corpora, and collecting coverage.
The README notes important platform constraints: libFuzzer needs LLVM sanitizer support, Unix-like operating systems for the primary workflow, a nightly compiler for unstable flags, and a C++11 compiler.
cargo-fuzz is one of the clearest examples of Cargo's subcommand model turning advanced compiler/runtime machinery into a discoverable package. It hides LLVM sanitizer and libFuzzer details behind a small command set that Rust maintainers can add to CI and security workflows.
For package-history work, it also marks a moment when fuzzing moved from specialist security tooling into normal Rust package maintenance.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
fuzz/Cargo.tomlexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
cargo-fuzz | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/rust-fuzz/cargo-fuzz
install metadata
| Package key | brew:cargo-fuzz |
|---|---|
| Version | 0.13.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/cargo-fuzz |
| Homepage | https://rust-fuzz.github.io/book/cargo-fuzz.html |
| Repository | https://github.com/rust-fuzz/cargo-fuzz |
| Upstream docs | https://rust-fuzz.github.io/book/cargo-fuzz.html |
| License | Apache-2.0 AND MIT |
| Source archive | https://github.com/rust-fuzz/cargo-fuzz/archive/refs/tags/0.13.2.tar.gz |
| Last updated | 2026-06-09T23:51:17Z |
| Pulse | updated |
| Build dependencies | rust |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | cargo-fuzz |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
cargo-fuzz
nix profile install nixpkgs#cargo-fuzzcargo-fuzz 0.13.1-3
Command line helpers for fuzzing rust
https://github.com/rust-fuzz/cargo-fuzz
sudo pacman -S cargo-fuzzsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.