Skip to main content

AI-powered Python fuzzer using LiteLLM and Atheris to automatically generate and execute fuzzing harnesses.

Project description

AtherisLiteLLM:

This project creates a LLM-assisted Python fuzzing harness generator designed to leverage large language models via LiteLLM to automatically build fuzzing harnesses for target Python functions and classes. It uses Google’s Atheris fuzzing engine to dynamically generate and test code, with the aim of uncovering bugs or vulnerabilities in software.

Workflow:

  1. Resolve API keys and model configurations.
  2. Clone repository from URL or verify existing local source directory.
  3. Discover and parse Python files for target functions and classes.
  4. (Optional) Filter targets by maintainability index using Radon.
  5. Concurrently generate harnesses via LiteLLM using extracted code context.
  6. Save and organize all valid harnesses into a structured, timestamped output directory.

Arguments:

  • -u, --url: Git URL to clone. Defaults to ~/Downloads if no --src-dir is given.
  • -s, --src-dir: Path to source directory. If --url is provided, it clones into a subdirectory here.
  • -o, --output-dir: Destination for generated harnesses and logs.
  • -m, --model: LiteLLM model string (e.g. gemini/gemini-1.5-flash, ollama/llama3).
  • -pp, --prompts-path: Path to prompts.yaml configuration.
  • -p, --prompt: ID of the prompt template to use.
  • -k, --api-key: API key string (optional if environment variable exists).
  • -e, --extra-model-prompts: Vendor-specific parameters as key=value pairs.
  • -d, -v, --verbose, --debug: Enable verbose application logging.
  • --litellm_debug_mode: Enable full LiteLLM request/response dumping. Outputs a massive log file (litellm_debug.log) into the specific run directory. Use this ONLY if you need to debug the raw HTTP requests being sent to the LLM.
  • -sm, --smell: Filter out low-maintainability code using Radon.
  • -w, --workers: Number of concurrent generation threads.
  • -tt, --test-threshold: Threshold for filtering out code used for testing to save on tokens (default: 1.1 which disables the filter). Higher values filter less code, lower values filter more.

Examples:

  1. Clone from a URL to default Downloads directory:
    atherislitellm
    --url https://github.com/user/repo
    --output-dir output_logs
    --prompts-path prompts.yaml
    --prompt base
    --model gemini/gemini-1.5-flash
    --api-key YOUR_KEY
    --workers 4 \

  2. Clone from a URL into a specific folder with complexity filtering:
    atherislitellm
    --url https://github.com/user/repo
    --src-dir /home/user/fuzzing_projects
    --output-dir output_logs
    --prompts-path prompts.yaml
    --prompt base
    --model openai/gpt-4
    --extra-model-prompts project=my-project
    --debug
    --smell \

  3. Use a local directory with short-form flags:
    atherislitellm
    -s /home/user/local_source
    -o output_logs
    -pp prompts.yaml
    -p base
    -m gemini/gemini-1.5-flash
    -k YOUR_KEY
    -w 2 \

  4. Run with local Ollama model:
    export OLLAMA_API_BASE=http://localhost:11434 atherislitellm
    -s /home/user/local_source
    -o output_logs
    -pp prompts.yaml
    -p base
    -m ollama/codegemma:7b
    -d
    -sm
    -e project=fuzz-test

Output and Analysis:

All results are saved into a structured, timestamped subfolder in your output directory:

  • Harness Files: The generated self-contained Atheris fuzzing harnesses.
  • analysis.csv: A detailed log capturing comprehensive metadata for all discovered code candidates. This report tracks function names, complexity rankings, maintainability indexes, the generated harness code, and API tokens used tokens_used per prompt.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

atherislitellm-0.2.200.tar.gz (18.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

atherislitellm-0.2.200-py3-none-any.whl (23.2 kB view details)

Uploaded Python 3

File details

Details for the file atherislitellm-0.2.200.tar.gz.

File metadata

  • Download URL: atherislitellm-0.2.200.tar.gz
  • Upload date:
  • Size: 18.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for atherislitellm-0.2.200.tar.gz
Algorithm Hash digest
SHA256 52d194e13f9a620cdc6120e66b5b6c184208ff92a76d91753dfed661bf3d0bce
MD5 08a18144cdf4c5e3a45e1286f11bf112
BLAKE2b-256 bd3cc18ab63ce5c96a649ac3fd72b94c225a2e2bf37091af99597e2ab90a720d

See more details on using hashes here.

Provenance

The following attestation bundles were made for atherislitellm-0.2.200.tar.gz:

Publisher: publish.yml on mariobx/AtherisLiteLLM

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file atherislitellm-0.2.200-py3-none-any.whl.

File metadata

File hashes

Hashes for atherislitellm-0.2.200-py3-none-any.whl
Algorithm Hash digest
SHA256 d94b934967683694e3fc4f3b7c8a80e0172bb5f04286d2c2f0fc4ae4db18f180
MD5 3bb3e5c9d6a19b51508a56417c8b3bf2
BLAKE2b-256 db5751c33f0e903f495faa20e30ac713f684f99745d4208e1be5f380ca6fe1bb

See more details on using hashes here.

Provenance

The following attestation bundles were made for atherislitellm-0.2.200-py3-none-any.whl:

Publisher: publish.yml on mariobx/AtherisLiteLLM

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page