# Fuzzing
**Environment Setup**
https://community.forallsecure.com/t/how-to-set-up-a-local-mayhem-environment/287
## What is Fuzzing?
Fuzzing, or fuzz testing, is a software testing technique that injects random data as inputs to an application to monitor and detect bugs/defects related to program failures or crashes. The application will re-run continuously, each with differing inputs, to attempt to covers as much of the underlying code as possible and seek out edge cases that may result in a creah.
## Fuzzing a Vulnerable Application
**==Test suites== are collections of various test cases that are used to input and run differing parts of a target application**. Therefore, if a defect is found for a target application, a resulting test case will be saved that can be used ti re-create the defect scenario.
## Why use Mayhem
With Mayhem, users can deliver secure and reliable software with better precision while using less time, effort, and ultimately, costs.
In particular, Mayhem helps reduces the cost of building and auditing applications by:
**Providing Proof of Defects:**
Mayhem automatically finds bugs by creating a test case that proves a defect is present and reachable.
**Generating Test Suites:**
Mayhem automatically generates test cases (via fuzzing), indexes and saves these test cases, and re-tests each version of an application. Test suites lower the time and cost to perform repeatable and thorough security tests of your application.
**Following Best Practices:**
Mayhem automatically checks compiled executable programs to see if they are hardened against exploits.
**<font color="#f00">How Does Mayhem Work?</font>**
**Exploitability Factors:**
Checks to sees if the application is hardened or protected against exploitation.
**Fuzzing and Symbolic Execution:**
Tests the target application with different input permutations and monitors for any abnormal behaviors/defects.
**Triage and Diagnosis:**
Validate discovered defects and provide coverage analysis.
**Automated Regression Testing:**
Validate current results against previous results with saved test suites.
# Mayhem
Mayhem can analyze compiled binaries written in languages like C/C++, Go, Rust, Java, and Python
Before Mayhem can run and detect defects associated with your program, it requires the complete runtime environment for the application. This includes the executable itself, related libraries, environment variables, and configuration settings.
# CVE
# hackathon resource
https://github.com/mayhemheroes/hackathon-resources/blob/main/gh-actions.md
# Mayhem decumention
https://mayhem.forallsecure.com/docs/tutorial/beginner/basic-concepts/
# Mayhem login
https://mayhem.forallsecure.com/
CC and CXX in Tim's mac
```
CC=/opt/homebrew/Cellar/llvm/15.0.3/bin/clang CXX=/opt/homebrew/Cellar/llvm/15.0.3/bin/clang++ cmake ..
```
Sign in with Wallet
Connect another wallet