Overview
Most vulnerability research involves the same scaffolding, rebuilt from scratch each engagement: environment setup, corpus management, crash deduplication, reproducer generation. This toolkit wraps those repetitive steps into a consistent interface so the actual analysis gets more time.
The Problem
A typical fuzzing workflow before this looked like:
# manually set up every time
mkdir crashes corpus logs
cp target ./sandbox/
AFL_SKIP_CPUFREQ=1 afl-fuzz -i corpus -o crashes ./sandbox/target @@
# then manually triage...Every project had slightly different scaffolding. Crashes were sorted manually. Reproducers were written by hand. Reports were formatted from scratch.
Approach
The toolkit introduces a project-scoped session model. Each target gets a workspace with versioned state:
vrt init vuln-target --binary ./target --corpus ./seeds/
vrt fuzz --jobs 8 --timeout 24h
vrt triage ./crashes/
vrt report --slug vuln-target --format cve-draftCrash deduplication uses stack trace hashing across multiple crash inputs. The triage command scores severity automatically based on crash type (stack overflow, heap corruption, null deref) and controlled input size.
What Shipped
- Unified CLI over AFL++ and libFuzzer backends
- SQLite-backed session tracking with crash provenance
- Reproducer minimization via creduce integration
- CVE draft output in MITRE structured format
- Coverage delta reporting between fuzzing runs