ForAllSecure Blog

How to Run Mayhem from a Docker Image

Editorial Staff
September 27, 2022

Provided as an easy-to-use web interface and fuzzing platform, users can use the Mayhem UI to create, manage, and analyze their Mayhem fuzzing runs on containerized applications, or targets, residing within Docker images that have been uploaded to the public Docker Hub registry.

How do you do this? It's as easy as:

  1. Logging in to the Mayhem UI hosted on your Mayhem deployment.
  2. Selecting a Docker Image for your new Mayhem run.
  3. Configuring the Mayhemfile for the run.
  4. Executing your new Mayhem run!

Let's see how this works in more detail. To get you quickly started, we've provided a button for you to create a new pre-configured run using a Docker image hosted on Docker Hub. For this exercise we will be executing a Mayhem run on the previously discussed testme

#include <stdio.h> 
#include <string.h> 
int fuzzme(char *buf)
  if(buf[0] == 'b')
    if(buf[1] == 'u')
      if(buf[2] == 'g') {
       abort(); // Defect: Sends a SIGABRT signal
  return 0;
int main(int argc, char *argv[])
  FILE *f;
  char buf[12];
  if(argc != 2){
    fprintf(stderr, "Must supply a text file\n");
    return -1;
  f = fopen(argv[1], "r");
  if(f == NULL){
    fprintf(stderr, "Could not open %s\n", argv[1]);
    return -1;
  if(fgets(buf, sizeof(buf), f) == NULL){
    fprintf(stderr, "Could not read from %s\n", argv[1]);
    return -1;
  return 0;

In Mayhem, you should be presented with the following screen:

This is the create new run flow for creating a new Mayhem run from a Docker image. There are two steps to the create new run process:

  1. Choose Image: Choose the Docker image that will be ingested into Mayhem for fuzz testing and specify a Docker image name from the public Docker Hub registry.
  2. Configure and Run: Configure the specifications for the Mayhem run dictated by the Mayhemfile, then confirm your selections and execute the run!

Click the Show Mayhemfile link at the bottom to get a better look at the exact specifications for the Mayhem run dictated by the underlying Mayhemfile. You should see something similar to:

duration: 90
project: forallsecure-tutorial
target: testme
  - cmd: /root/tutorial/testme/v1/testme @@

Then, simply click Next until you get to the end of the create new run flow and click Start Run to confirm your selections and execute your first Mayhem run!

After executing the Mayhem run, you should see the following run analysis page:

The run analysis page indicates the progress of the Mayhem run and will continue to auto-refresh until the end of its duration. In this time, Mayhem will fuzz the target application and generate as many test cases as it can to detect potential security vulnerabilities in the target application. Test cases that result in crashes or defects will be marked accordingly for future reference.

In particular, if we scroll down to the bottom of the run analysis page, we can see more information about what defects Mayhem found when fuzzing the containerized testme target and even the individual test cases that were used during fuzzing.

For this particulartestme target, there appears to be an underlying improper input validation defect.

Note. The exact hash/ID of your test case for your specific Mayhem run may differ from what is shown in this lesson.

Development Speed or Code Security. Why Not Both?

Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.

Get Mayhem Free Request A Demo

And when we switch the pane's view from Defects to Test Cases, we see the individual breakdown of test cases generated during the Mayhem run; Mayhem generated two particular test cases for this run resulting in the specified defect.

Nice job executing your first Mayhem run and finding a defect for the testme target binary!

To confirm that the defect is indeed valid, we can reproduce the defective behavior of the testme binary by manually fuzzing the testme binary with the test case that Mayhem generated and saved. Users can download their test cases for this very use case.

Stay Connected

Subscribe to Updates

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.