Fuzzing is an effective vulnerability discovery technology.In order to solve the inefficiency problem caused by blind mutation in fuzzing,safety engineers need to customize fuzzer from all aspects,such as input characteristics,mutation method,seed samples screening,abnormal samples found and analysis,which will result in huge expenditure.To meet the need of low cost customization and high scalability of the universal fuzzer (i.e.fuzzer that supports multi-type input formats and softwares),this paper first proposes a programmable fuzzing framework.Based on the framework,the only thing safety engineers need to do is writing directive programs when they want to customize fuzzing.It can sharply improve the efficiency of developing fuzzer without reducing effectiveness of fuzzing.The framework contains a set of fuzzing primitives,fuzzing directive specification (FDS) and FDS parser.Fuzzing primitives which involve mutation,monitoring and guiding are basic statements of directive program.FDS and FDS parser can support writing and parsing directive programs,as well as generating fuzzers.Based on the implementation of a prototype framework called Puzzer,safety engineers can accomplish core functions and cover 87.8% of total basic operations of five mainstream fuzzers with only about 54 lines of code.A fuzzer which has equivalent function of AFL can be accomplished using Puzzer to achieve the same effectiveness with only 51 lines of code.