Automic VaultAutomic Vault

brew

Install wuppiefuzz with Homebrew

Coverage-guided REST API fuzzer developed on top of LibAFL. Version 1.6.0 via Homebrew; verified 2026-06-25.

install

Additional install commands

macOS

Homebrewverified ยท 100%
brew install wuppiefuzz

local Homebrew formula metadata

overview

Package summary

Coverage-guided REST API fuzzer developed on top of LibAFL

Commands and aliases

  • wuppiefuzz

history

Project history and usage

WuppieFuzz is TNO's open-source, coverage-guided REST API fuzzer built on LibAFL. The project targets black-box, grey-box, and white-box testing and emphasizes ease of use, explainable findings, and modularity.

Project history

The project is developed under the TNO-S3 GitHub organization and is implemented primarily in Rust. Its README presents WuppieFuzz as a practical REST API fuzzing tool, while its academic publication frames it as coverage-guided, stateful REST API fuzzing driven by OpenAPI specifications and REST-specific mutators.

The tool's research context is modern API security. The TNO repository and 2025/2026 publication describe a workflow in which an OpenAPI specification seeds request sequences, LibAFL and REST-specific mutation explore behavior, and coverage measurements guide which request sequences are sent next to reach complex application states.

Adoption history

WuppieFuzz has moved beyond a repository-only release into security tooling visibility: its README lists media coverage, a ONE Conference e-magazine feature, an OpenAPI.tools listing, a Nordic APIs talk, and a Thoughtworks Technology Radar mention. The preferred citation points to the ICISSP 2026 proceedings, giving it both an open-source and research footprint.

How it is used

Users run WuppieFuzz against a target application and provide an OpenAPI specification so the fuzzer can generate and mutate requests. For coverage-guided setups, the README shows passing coverage configuration such as JaCoCo data for a Java target; the paper also describes harness automation and reports that help developers fix bugs.

Why package nerds care

For security package collections, WuppieFuzz is notable because it brings LibAFL-style coverage-guided fuzzing into the REST API space instead of staying at the binary or library fuzzing layer. It sits near OpenAPI tooling, API security testing, Rust fuzzing infrastructure, and developer-friendly security automation.

Timeline

  • 2024: Project media coverage and conference visibility begin appearing in the upstream README.
  • 2025: TNO's publication record lists WuppieFuzz as a conference paper.
  • 2025-12-17: The WuppieFuzz paper is submitted to arXiv.
  • 2026: The README identifies WuppieFuzz v1.6.0 and cites the ICISSP 2026 proceedings.

Related projects

  • WuppieFuzz is built on LibAFL and is comparable to other REST API fuzzers and API testing tools that consume OpenAPI specifications. The paper explicitly discusses black-box, grey-box, and white-box API fuzzing in relation to existing approaches such as EvoMaster.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for wuppiefuzz. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 1 runtime dependencies.
  • Build metadata lists 3 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
config.yaml

executables

Installed executables

CommandKindExposureNote
wuppiefuzzcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version1.6.0
manager updated2026-06-25
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/TNO-S3/WuppieFuzz

install metadata

Package metadata

Package keybrew:wuppiefuzz
Version1.6.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/wuppiefuzz
Homepagehttps://github.com/TNO-S3/WuppieFuzz
Repositoryhttps://github.com/TNO-S3/WuppieFuzz
Upstream docshttps://github.com/TNO-S3/WuppieFuzz#readme
LicenseApache-2.0
Source archivehttps://github.com/TNO-S3/WuppieFuzz/releases/download/v1.6.0/source.tar.gz
Last updated2026-06-25T20:42:36Z
Pulseupdated
Dependenciesz3
Build dependenciescmake, pkgconf, rust
Uses from macOSsqlite
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namewuppiefuzz
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment