PHPackages                             nikic/php-fuzzer - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Testing & Quality](/categories/testing)
4. /
5. nikic/php-fuzzer

ActiveLibrary[Testing & Quality](/categories/testing)

nikic/php-fuzzer
================

v0.0.11(1y ago)43999.1k↑86.5%17[3 issues](https://github.com/nikic/PHP-Fuzzer/issues)19MITPHPPHP >= 7.4CI failing

Since Dec 25Pushed 5mo ago15 watchersCompare

[ Source](https://github.com/nikic/PHP-Fuzzer)[ Packagist](https://packagist.org/packages/nikic/php-fuzzer)[ RSS](/packages/nikic-php-fuzzer/feed)WikiDiscussions master Synced 1w ago

READMEChangelog (10)Dependencies (5)Versions (12)Used By (19)

PHP Fuzzer
==========

[](#php-fuzzer)

This library implements a [fuzzer](https://en.wikipedia.org/wiki/Fuzzing) for PHP, which can be used to find bugs in libraries (particularly parsing libraries) by feeding them "random" inputs. Feedback from edge coverage instrumentation is used to guide the choice of "random" inputs, such that new code paths are visited.

Installation
------------

[](#installation)

**Phar (recommended)**: You can download a phar package of this library from the [releases page](https://github.com/nikic/PHP-Fuzzer/releases). Using the phar is recommended, because it avoids dependency conflicts with libraries using PHP-Parser.

**Composer**: `composer global require nikic/php-fuzzer`

Usage
-----

[](#usage)

First, a definition of the target function is necessary. Here is an example target for finding bugs in [microsoft/tolerant-php-parser](https://github.com/microsoft/tolerant-php-parser):

```