Fuzztruction comprises a family of fault injection-based fuzzers, or more specifically, the academic prototypes thereof that have been published at academic conferences. The first fuzzer is Fuzztruction (paper), which allows to fuzz targets that consume input via file or stdin. The second fuzzer, called Fuzztruction-Net (paper or publicly accessible preprint), is based on Fuzztruction but targets network applications, such as nginx or apache2.

In both cases, the fuzzer does not generate (or mutate) inputs passed to the fuzz target, but it instead mutates a second application (called generator, source, or producer) that produces data for our fuzz target. For example, say we want to fuzz unzip, then we could use zip as the generator. The key insight is that zip knows how to produce a valid zip archive that fulfills unzip's expectations, so we get beyond the superficial parsing and execute deeper program logic. By then introducing subtle faults into zip (using coverage guidance to identify valuable ones), we can turn zip against unzip: It now produces slightly invalid zip archives that mostly still pass unzip's checks but (hopefully) can identify bugs in deeper parts of the code. Conceptually, a similar argument applies to network applications, where we can use a client to produce input for a server (or vice versa).