Automic VaultAutomic Vault

brew

Install zzuf with Homebrew, apt, dnf, MacPorts, Nix, pacman

Transparent application input fuzzer. Version 0.15 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install zzuf

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install zzuf

MacPorts ports tree · security/zzuf/Portfile · source: api.github.com

Linux

Debian aptverified · 92%
sudo apt install zzuf

Debian stable package indexes · zzuf · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install zzuf

Fedora Rawhide package metadata · zzuf · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#zzuf

nixpkgs package indexes · pkgs/by-name/zz/zzuf/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S zzuf

Arch Linux sync databases · zzuf · source: geo.mirror.pkgbuild.com

overview

Package summary

Transparent application input fuzzer

Commands and aliases

  • zzat
  • zzuf

history

Project history and usage

zzuf is Sam Hocevar's transparent application input fuzzer. It runs a target program while intercepting file and network operations, flips bits in input data deterministically, and reports crashes or other interesting behavior.

Project history

zzuf grew out of the mid-2000s security and QA fuzzing culture around media parsers, image viewers, web browsers, and command-line utilities that consumed untrusted files. The Caca Labs page describes the project as a multi-purpose fuzzer whose goal is to make input fuzzing easier and more automated rather than inventing fuzzing itself.

The project had public talks and downloadable material by 2007 and 2008, including FOSDEM 2007 and Hacker Space Festival 2008 slides linked from the project page. The same page records early tarball attachments from 2008 and later snapshots, while the current development home is GitHub.

The manual-page source documents the mature command-line model: zzuf can run one program many times, vary seeds and fuzzing ratios, limit time, memory, bytes, and crashes, fuzz stdin when no command is given, and use preload or copy modes depending on platform support.

Adoption history

zzuf's own site names several adoption signals: Goatse Security used it against third-party applications, Adobe security researchers used it to stress-test applications and libraries, and CERT's Basic Fuzzing Framework was based on zzuf. The Fuzzing Project FAQ also lists zzuf as a simple, basic fuzzing tool for random input modification.

Its broader adoption is the classic small security-tool pattern: package managers keep a reproducible CLI available even after newer coverage-guided fuzzers became dominant, because zzuf is still useful for quick black-box corruption tests and deterministic reproducers.

How it is used

Typical usage is to prefix a command with zzuf, set a seed or seed range, and choose a corruption ratio. If a run crashes, the same seed can reproduce the mutated input; simple tools such as cat or cp can then materialize the exact fuzzed file for debugging or regression tests.

The manual also supports batch testing behavior: multiple jobs, maximum crash counts, wall-clock and CPU limits, output byte limits, memory limits, include/exclude filters, protected byte ranges, and network-fuzzing filters. That made zzuf useful both as a one-off terminal tool and as a scriptable QA/security harness.

Why package nerds care

zzuf matters to package nerds because it is a compact Unix-style security tool with a long tail. It exposes a single memorable command, but underneath it depends on platform loader behavior, libc/file-operation interception, signal handling, and resource limits, which are exactly the details package maintainers have to preserve across operating systems.

It also captures a pre-AFL era of fuzzing in package form: deterministic random mutation, no source instrumentation, easy shell integration, and enough knobs to turn a simple idea into a practical crash-finding workflow.

Timeline

  • 2007: The project page links FOSDEM 2007 zzuf presentation slides.
  • 2008: The project page links Hacker Space Festival 2008 slides and records early zzuf tarball attachments.
  • 2010: The Caca Labs attachment list records later zzuf and Mac OS X snapshot tarballs.
  • 2015-01-06: The bundled manual page source is dated 2015-01-06.
  • 2015-06-09: The Caca Labs zzuf page records its last modification by Sam Hocevar.

Related projects

  • Related projects and tools include CERT Basic Fuzzing Framework, american fuzzy lop, libFuzzer, honggfuzz, radamsa, Valgrind, AddressSanitizer, media players, image viewers, web browsers, objdump, and other parser-heavy targets for black-box fuzzing.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 13 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
zzatcliglobal executable
zzufcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-09
manager version0.15
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/samhocevar/zzuf

  • infoNo package-manager update timestamp was available.low confidence
  • infoNo cached GitHub release or tag data was available.https://github.com/samhocevar/zzufnone confidence

install metadata

Package metadata

Package keybrew:zzuf
Version0.15
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/zzuf
Homepagehttp://caca.zoy.org/wiki/zzuf
Repositoryhttps://github.com/samhocevar/zzuf
Upstream docshttp://caca.zoy.org/wiki/zzuf
LicenseWTFPL
Source archivehttps://github.com/samhocevar/zzuf/releases/download/v0.15/zzuf-0.15.tar.bz2
Bottleavailable (on arm64_big_sur, arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, big_sur, catalina, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namezzuf
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

zzuf 0.15-5+b1

transparent application fuzzer

https://caca.zoy.org/wiki/zzuf

sudo apt install zzuf
  • Section: devel
  • Architecture: amd64
  • Source Package: zzuf
  • 1 dependencies
  • normalized package name match
  • Matched by: Zzuf
Debian stable package indexes · deb.debian.org · Debian stable package indexes: zzuf from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

zzuf

nix profile install nixpkgs#zzuf
  • normalized package name match
  • Matched by: Zzuf
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/zz/zzuf/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

zzuf 0.15-2build3

transparent application fuzzer

https://caca.zoy.org/wiki/zzuf

sudo apt install zzuf
  • Section: universe/devel
  • Architecture: amd64
  • 1 dependencies
  • normalized package name match
  • Matched by: Zzuf
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: zzuf from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
dnf95%

zzuf 0.15-26.fc44

Transparent application input fuzzer

http://sam.zoy.org/zzuf/

sudo dnf install zzuf
  • License: WTFPL
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: zzuf
  • 3 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Zzuf
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: zzuf from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

zzuf 0.15-3

Transparent application input fuzzer

https://github.com/samhocevar/zzuf

sudo pacman -S zzuf
  • License: custom:WTF
  • Architecture: x86_64
  • 1 dependencies
  • normalized package name match
  • Matched by: Zzuf
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: zzuf from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
MacPorts95%

zzuf

sudo port install zzuf
  • normalized package name match
  • Matched by: Zzuf
MacPorts ports tree · api.github.com · MacPorts ports tree: security/zzuf/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment