Directed grey-box fuzzing (DGF) is an advanced technique in security testing, specifically designed to guide fuzzing tools toward predefined target sites within a software program. To improve its scalability on multiple targets, recent DGFs prioritize seeds that close to targets based on a more precise distance metric, and dynamically discard well-explored targets, thus steering toward all targets simultaneously. However, not all targets hold equal importance, particularly when facing large-scale target sets. Therefore, current works that blindly tracking all targets diverts computing resources from critical targets, thereby reducing the overall efficiency of triggering targets.

In this paper, we present Prospector, a novel DGF approach that can handle large-scale target sets scenarios. Prospector employs an iterative process to focus on a select group of \textit{focused targets}. To dynamically maintain these targets, Prospector present a more fine-grained strategy that considers the vulnerable patterns and test adequacy of targets. Subsequently, Prospector further sharpens its fuzzing approach toward \textit{focused targets} by refining strategies in explore-exploit scheduling, seed selection, and byte scheduling. We evaluate Prospector on 24 programs by setting all sanitizer labels as targets. The experimental results show that Prospector outperforms AFL++, WindRanger, ParmeSan and FishFuzz by finding bugs 176.3x, 1882.3x, 2846x and 1.5x faster, respectively. Among 64 unique bugs in the program group with largest target sets, Prospector reproduces 33 (51.56%) existing bugs faster than other fuzzers. Prospector also discovered 6 new bugs in 4 real-world programs with 2 CVE IDs assigned.