def seedjob(self): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Adding initial samples for job [" + self.jobTarget + "]... ") samplevalid = False if os.path.isdir(self._args.sample): samplevalid = True for dirpath, dirnames, filenames in os.walk(self._args.sample): for fn in filenames: fpath = os.path.join(dirpath, fn) if os.path.isfile(fpath): shutil.copy( fpath, self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/afl-in/") elif os.path.isfile(self._args.sample): samplevalid = True shutil.copy( self._args.sample, self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/afl-in/") if not samplevalid: util.color_print(util.bcolors.WARNING, 'seed dir or file invalid. No seeds copied!') else: util.color_print(util.bcolors.OKGREEN, "done") return True
def run(self): util.color_print_singleline(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Checking test coverage for job [" \ + self._args.job_id + "]... ") orthrus_root = self._config['orthrus']['directory'] if not util.validate_job(orthrus_root, self._args.job_id): util.color_print( util.bcolors.FAIL, "failed. Are you sure you have done orthrus add --job or passed the " "right job ID. orthrus show -j might help") return False jobId = self._args.job_id self.job_config = ConfigParser.ConfigParser() self.job_config.read(self._config['orthrus']['directory'] + "/jobs/jobs.conf") util.run_afl_cov(orthrus_root, jobId, self.job_config.get(jobId, "target"), self.job_config.get(jobId, "params")) util.color_print(util.bcolors.OKGREEN, "done") util.color_print( util.bcolors.OKGREEN, "\t\t[+] Please check {} for coverage info".format(orthrus_root + "/jobs/" + jobId + "/afl-out/" "cov")) return True
def triage(self, jobId, inst, indir=None, outdir=None): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Collect and verify '{}' mode crashes... ".format(inst)) env = os.environ.copy() asan_flag = {} asan_flag[ 'ASAN_OPTIONS'] = "abort_on_error=1:disable_coredump=1:symbolize=1" env.update(asan_flag) if inst is 'harden': prefix = 'HARDEN' elif inst is 'asan' or inst is 'all': prefix = 'ASAN' inst = 'asan' else: util.color_print(util.bcolors.FAIL, "failed!") return False if not indir: syncDir = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/afl-out/" else: syncDir = indir if not outdir: dirname = self._config['orthrus']['directory'] + "/jobs/" + jobId + "/exploitable/" + \ "{}/".format(prefix) + "crashes" if not os.path.exists(dirname): os.makedirs(dirname) triage_outDir = dirname else: triage_outDir = outdir logfile = self._config['orthrus'][ 'directory'] + "/logs/" + "afl-{}_dbg.log".format(inst) launch = self._config['orthrus']['directory'] + "/binaries/{}-dbg/bin/".format(inst) + \ self.job_config.get(jobId, "target") + " " + \ self.job_config.get(jobId, "params").replace("&", "\&") cmd = " ".join([ "afl-collect", "-r", "-j", util.getnproc(), "-e gdb_script", syncDir, triage_outDir, "--", launch ]) rv = util.run_cmd("ulimit -c 0; " + cmd, env, logfile) if not rv: util.color_print(util.bcolors.FAIL, "failed") return rv util.color_print(util.bcolors.OKGREEN, "done") if not self.tidy(triage_outDir): return False return True
def importjob(self): jobId = self.jobId next_session = 0 util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Import afl sync dir for job [" + jobId + "]... ") if not tarfile.is_tarfile(self._args._import): util.color_print(util.bcolors.FAIL, "failed!") return False if not os.path.exists(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/"): util.color_print(util.bcolors.FAIL, "failed!") return False syncDir = os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/") for directory in syncDir: if "SESSION" in directory: next_session += 1 is_single = True with tarfile.open(self._args._import, "r") as tar: try: info = tar.getmember("fuzzer_stats") except KeyError: is_single = False if is_single: outDir = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/afl-out/SESSION" + "{:03d}".format( next_session) os.mkdir(outDir) tar.extractall(outDir) else: tmpDir = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/tmp/" os.mkdir(tmpDir) tar.extractall(tmpDir) for directory in os.listdir( self._config['orthrus']['directory'] + "/jobs/" + jobId + "/tmp/"): outDir = self._config['orthrus'][ 'directory'] + '/jobs/' + jobId + '/afl-out/' shutil.move(tmpDir + directory, outDir) shutil.rmtree(tmpDir) util.color_print(util.bcolors.OKGREEN, "done") util.minimize_sync_dir(self._config, jobId) return True
def tidy(self, crash_dir): util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Tidying crash dir...") dest = crash_dir + "/.scripts" if not os.path.exists(dest): os.mkdir(dest) for script in glob.glob(crash_dir + "/gdb_script*"): shutil.move(script, dest) util.color_print(util.bcolors.OKGREEN, "done!") return True
def run(self): util.color_print_singleline(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Stopping fuzzing jobs...") kill_fuzz_cmd = ["pkill", "-9", "afl-fuzz"] util.run_cmd(" ".join(kill_fuzz_cmd)) util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done") if self._args.coverage: util.color_print_singleline( util.bcolors.BOLD + util.bcolors.HEADER, "[+] Stopping afl-cov for jobs...") for pid in self.get_afl_cov_pid(): kill_aflcov_cmd = ["pkill", "-9", pid] util.run_cmd(" ".join(kill_aflcov_cmd)) util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done") return True
def run(self): util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Destroy Orthrus workspace") util.color_print_singleline( util.bcolors.BOLD + util.bcolors.HEADER, "[?] Delete complete workspace? [y/n]...: ") if (self.testinput and 'y' in self.testinput) or 'y' in sys.stdin.readline()[0]: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Deleting all files... ") if not os.path.exists(self._config['orthrus']['directory']): util.color_print(util.bcolors.OKBLUE, "destroyed already") else: shutil.rmtree(self._config['orthrus']['directory']) if not os.path.isdir(self._config['orthrus']['directory']): util.color_print(util.bcolors.OKGREEN, "done") else: util.color_print(util.bcolors.FAIL, "failed") return False return True
def run(self): util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Adding fuzzing job to Orthrus workspace") util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Check Orthrus workspace... ") if not os.path.exists(self._config['orthrus']['directory'] + "/binaries/"): util.color_print( util.bcolors.FAIL, "failed. Are you sure you did orthrus create -asan or -fuzz") return False util.color_print(util.bcolors.OKGREEN, "done") if not self.processjob(): return False if self._args._import: if not self.importjob(): return False if self._args.sample: return self.seedjob() return True
def create(self, dest, BEnv, logfn): install_path = dest os.mkdir(install_path) ### Configure util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Configure... ") config_flags = ['--prefix=' + os.path.abspath(install_path)] + \ self.args.configure_flags.split(" ") builder = b.Builder( b.BuildEnv(BEnv), config_flags, self.config['orthrus']['directory'] + "/logs/" + logfn) if not builder.configure(): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") ### Make install util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Compile and install... ") if not builder.make_install(): util.color_print(util.bcolors.FAIL, "failed") return False util.copy_binaries(install_path + "bin/") util.color_print(util.bcolors.OKGREEN, "done") ## Verify instrumentation # sample_binpath = random.choice(glob.glob(install_path + 'bin/*')) sample_binpath = random.choice( util.return_elf_binaries(install_path + 'bin/')) util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Verifying instrumentation... ") if not self.verify(sample_binpath, BEnv): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") return True
def run(self): util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Starting fuzzing jobs") util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Check Orthrus workspace... ") orthrus_root = self._config['orthrus']['directory'] if not util.validate_job(orthrus_root, self._args.job_id): util.color_print( util.bcolors.FAIL, "failed. Are you sure you have done orthrus add --job or passed the " "right job ID. orthrus show -j might help") return False util.color_print(util.bcolors.OKGREEN, "done") jobId = self._args.job_id total_cores = int(util.getnproc()) if len( os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/")) > 0: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Tidy fuzzer sync dir... ") if not self.compact_sync_dir(jobId): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") if self._args.minimize: if not util.minimize_sync_dir(self._config, jobId): return False util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Start Fuzzers for Job [" + jobId + "]... ") if not self._start_fuzzers(jobId, total_cores): try: subprocess.call("pkill -9 afl-fuzz", shell=True, stderr=subprocess.STDOUT) except OSError, subprocess.CalledProcessError: return False return False
def run(self): util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Removing fuzzing job from Orthrus workspace") util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Check Orthrus workspace... ") orthrus_root = self._config['orthrus']['directory'] if not util.validate_job(orthrus_root, self._args.job_id): util.color_print( util.bcolors.FAIL, "failed. Are you sure you have done orthrus add --job or passed the " "right job ID. orthrus show -j might help") return False util.color_print(util.bcolors.OKGREEN, "done") util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Archiving data for job [" + self._args.job_id + "]... ") shutil.move( self._config['orthrus']['directory'] + "/jobs/" + self._args.job_id, self._config['orthrus']['directory'] + "/archive/" + time.strftime("%Y-%m-%d-%H:%M:%S") + "-" + self._args.job_id) util.color_print(util.bcolors.OKGREEN, "done") util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Removing job for [" + self._args.job_id + "]... ") job_config = ConfigParser.ConfigParser() job_config.read(self._config['orthrus']['directory'] + "/jobs/jobs.conf") job_config.remove_section(self._args.job_id) with open(self._config['orthrus']['directory'] + "/jobs/jobs.conf", 'wb') as job_file: job_config.write(job_file) util.color_print(util.bcolors.OKGREEN, "done") return True
def run(self): util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Check Orthrus workspace... ") orthrus_root = self._config['orthrus']['directory'] if not util.validate_job(orthrus_root, self._args.job_id): util.color_print( util.bcolors.FAIL, "failed. Are you sure you have done orthrus add --job or passed the " "right job ID. orthrus show -j might help") return False util.color_print(util.bcolors.OKGREEN, "done") self.job_config = ConfigParser.ConfigParser() self.job_config.read(self._config['orthrus']['directory'] + "/jobs/jobs.conf") jobId = self._args.job_id util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Triaging crashes for job [" \ + jobId + "]") if not os.path.exists(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/unique/"): os.mkdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/unique/") else: util.color_print(util.bcolors.OKGREEN, "[?] Rerun triaging? [y/n]...: ") if 'y' not in sys.stdin.readline()[0]: return True shutil.move(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/unique/", self._config['orthrus']['directory'] + "/jobs/" + jobId + "/unique." \ + time.strftime("%Y-%m-%d-%H:%M:%S")) os.mkdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/unique/") if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-harden"): if not self.triage(jobId, 'harden'): return False if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-asan"): if not self.triage(jobId, 'asan'): return False #Second pass over all exploitable crashes exp_path = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/exploitable/" uniq_path = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/unique/" if os.path.exists(exp_path): if not self.triage(jobId, 'all', exp_path, uniq_path): return False triaged_crashes = os.listdir(uniq_path) util.color_print(util.bcolors.OKGREEN, "\t\t[+] Triaged " + str(len(triaged_crashes)) + \ " crashes. See {}".format(uniq_path)) if not triaged_crashes: util.color_print(util.bcolors.OKBLUE, "\t\t[+] Nothing to do") return True return True
def _start_fuzzers(self, jobId, available_cores): if os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/") == []: start_cmd = "start" else: start_cmd = "resume" core_per_subjob = available_cores / 2 if core_per_subjob == 0: core_per_subjob = 1 cmd = ["cat /proc/sys/kernel/core_pattern"] util.color_print_singleline(util.bcolors.OKGREEN, "Checking core_pattern...") try: if "core" not in subprocess.check_output(" ".join(cmd), shell=True, stderr=subprocess.STDOUT): util.color_print(util.bcolors.FAIL, "failed") util.color_print( util.bcolors.FAIL, "\t\t\t[-] Please do echo core | " "sudo tee /proc/sys/kernel/core_pattern") return False except subprocess.CalledProcessError as e: print e.output return False util.color_print(util.bcolors.OKGREEN, "okay") env = os.environ.copy() env.update({'AFL_SKIP_CPUFREQ': '1'}) if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-harden"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL harden fuzzer job as master...") harden_file = self._config['orthrus'][ 'directory'] + "/logs/afl-harden.log" cmd = [ "afl-multicore", "--config=.orthrus/jobs/" + jobId + "/harden-job.conf", start_cmd, str(core_per_subjob), "-v" ] if not util.run_cmd(" ".join(cmd), env, harden_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output = open( self._config['orthrus']['directory'] + "/logs/afl-harden.log", "r") for line in output: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output.close() if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-asan"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL ASAN fuzzer job as slave...") asan_file = self._config['orthrus'][ 'directory'] + "/logs/afl-asan.log" cmd = ["afl-multicore", "--config=.orthrus/jobs/" + jobId + "/asan-job.conf ", "add", \ str(core_per_subjob), "-v"] if not util.run_cmd(" ".join(cmd), env, asan_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output2 = open( self._config['orthrus']['directory'] + "/logs/afl-asan.log", "r") for line in output2: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output2.close() elif os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-asan"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL ASAN fuzzer job as master...") asan_file = self._config['orthrus'][ 'directory'] + "/logs/afl-asan.log" cmd = ["afl-multicore", "-c", ".orthrus/jobs/" + jobId + "/asan-job.conf", start_cmd, \ str(available_cores), "-v"] if not util.run_cmd(" ".join(cmd), env, asan_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output2 = open( self._config['orthrus']['directory'] + "/logs/afl-asan.log", "r") for line in output2: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output2.close() return True
class OrthrusStart(object): def __init__(self, args, config, test=False): self._args = args self._config = config self.test = test def _start_fuzzers(self, jobId, available_cores): if os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/") == []: start_cmd = "start" else: start_cmd = "resume" core_per_subjob = available_cores / 2 if core_per_subjob == 0: core_per_subjob = 1 cmd = ["cat /proc/sys/kernel/core_pattern"] util.color_print_singleline(util.bcolors.OKGREEN, "Checking core_pattern...") try: if "core" not in subprocess.check_output(" ".join(cmd), shell=True, stderr=subprocess.STDOUT): util.color_print(util.bcolors.FAIL, "failed") util.color_print( util.bcolors.FAIL, "\t\t\t[-] Please do echo core | " "sudo tee /proc/sys/kernel/core_pattern") return False except subprocess.CalledProcessError as e: print e.output return False util.color_print(util.bcolors.OKGREEN, "okay") env = os.environ.copy() env.update({'AFL_SKIP_CPUFREQ': '1'}) if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-harden"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL harden fuzzer job as master...") harden_file = self._config['orthrus'][ 'directory'] + "/logs/afl-harden.log" cmd = [ "afl-multicore", "--config=.orthrus/jobs/" + jobId + "/harden-job.conf", start_cmd, str(core_per_subjob), "-v" ] if not util.run_cmd(" ".join(cmd), env, harden_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output = open( self._config['orthrus']['directory'] + "/logs/afl-harden.log", "r") for line in output: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output.close() if os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-asan"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL ASAN fuzzer job as slave...") asan_file = self._config['orthrus'][ 'directory'] + "/logs/afl-asan.log" cmd = ["afl-multicore", "--config=.orthrus/jobs/" + jobId + "/asan-job.conf ", "add", \ str(core_per_subjob), "-v"] if not util.run_cmd(" ".join(cmd), env, asan_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output2 = open( self._config['orthrus']['directory'] + "/logs/afl-asan.log", "r") for line in output2: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output2.close() elif os.path.exists(self._config['orthrus']['directory'] + "/binaries/afl-asan"): util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Starting AFL ASAN fuzzer job as master...") asan_file = self._config['orthrus'][ 'directory'] + "/logs/afl-asan.log" cmd = ["afl-multicore", "-c", ".orthrus/jobs/" + jobId + "/asan-job.conf", start_cmd, \ str(available_cores), "-v"] if not util.run_cmd(" ".join(cmd), env, asan_file): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") output2 = open( self._config['orthrus']['directory'] + "/logs/afl-asan.log", "r") for line in output2: if "Starting master" in line or "Starting slave" in line: util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line) if " Master " in line or " Slave " in line: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t\t\t" + "[+] " + line) output2.close() return True def compact_sync_dir(self, jobId): syncDir = self._config['orthrus'][ 'directory'] + "/jobs/" + jobId + "/afl-out" for session in os.listdir(syncDir): if os.path.isfile(syncDir + "/" + session): os.remove(syncDir + "/" + session) if os.path.isdir(syncDir + "/" + session): for directory in os.listdir(syncDir + "/" + session): if "crashes." in directory: for num, filename in enumerate( os.listdir(syncDir + "/" + session + "/" + directory)): src_path = syncDir + "/" + session + "/" + directory + "/" + filename dst_path = syncDir + "/" + session + "/" + "crashes" + "/" + filename if not os.path.isfile(dst_path): #dst_path += "," + str(num) shutil.move(src_path, dst_path) shutil.rmtree(syncDir + "/" + session + "/" + directory + "/") if "hangs." in directory: for num, filename in enumerate( os.listdir(syncDir + "/" + session + "/" + directory)): src_path = syncDir + "/" + session + "/" + directory + "/" + filename dst_path = syncDir + "/" + session + "/" + "hangs" + "/" + filename if not os.path.isfile(dst_path): #dst_path += "," + str(num) shutil.move(src_path, dst_path) shutil.rmtree(syncDir + "/" + session + "/" + directory + "/") # if "queue." in directory: # for num, filename in enumerate(os.listdir(syncDir + "/" + session + "/" + directory)): # src_path = syncDir + "/" + session + "/" + directory + "/" + filename # dst_path = syncDir + "/" + session + "/" + "queue" + "/" + filename # if os.path.isfile(dst_path): # dst_path += "," + str(num) # shutil.move(src_path, dst_path) # shutil.rmtree(syncDir + "/" + session + "/" + directory + "/") for session in os.listdir(syncDir): if "SESSION000" != session and os.path.isdir(syncDir + "/" + session): for directory in os.listdir(syncDir + "/" + session): if "crashes" == directory: for num, filename in enumerate( os.listdir(syncDir + "/" + session + "/" + directory)): src_path = syncDir + "/" + session + "/" + directory + "/" + filename dst_path = syncDir + "/" + "SESSION000" + "/" + "crashes" + "/" + filename if not os.path.isfile(dst_path): #dst_path += "," + str(num) shutil.move(src_path, dst_path) if "hangs" == directory: for num, filename in enumerate( os.listdir(syncDir + "/" + session + "/" + directory)): src_path = syncDir + "/" + session + "/" + directory + "/" + filename dst_path = syncDir + "/" + "SESSION000" + "/" + "hangs" + "/" + filename if not os.path.isfile(dst_path): #dst_path += "," + str(num) shutil.move(src_path, dst_path) if "queue" == directory: for num, filename in enumerate( os.listdir(syncDir + "/" + session + "/" + directory)): src_path = syncDir + "/" + session + "/" + directory + "/" + filename dst_path = syncDir + "/" + "SESSION000" + "/" + "queue" + "/" + filename if os.path.isdir(src_path): continue if not os.path.isfile(dst_path): #dst_path += "," + str(num) shutil.move(src_path, dst_path) shutil.rmtree(syncDir + "/" + session) return True def _start_afl_coverage(self, jobId): job_config = ConfigParser.ConfigParser() job_config.read(self._config['orthrus']['directory'] + "/jobs/jobs.conf") # Run afl-cov as a nohup process util.run_afl_cov(self._config['orthrus']['directory'], jobId, job_config.get(jobId, "target"), job_config.get(jobId, "params"), True, self.test) # target = self._config['orthrus']['directory'] + "/binaries/coverage/bin/" + \ # job_config.get(jobId, "target") + " " + job_config.get(jobId, "params").replace("@@","AFL_FILE") # cmd = ["nohup", "afl-cov", "-d", ".orthrus/jobs/" + jobId + \ # "/afl-out", "--live", "--lcov-path", "/usr/bin/lcov", "--coverage-cmd", "'" + target + \ # "'", "--code-dir", ".", "-v"] # logfile = self._config['orthrus']['directory'] + "/logs/afl-coverage.log" # p = subprocess.Popen(" ".join(cmd), shell=True, executable="/bin/bash") return True def run(self): util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "[+] Starting fuzzing jobs") util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Check Orthrus workspace... ") orthrus_root = self._config['orthrus']['directory'] if not util.validate_job(orthrus_root, self._args.job_id): util.color_print( util.bcolors.FAIL, "failed. Are you sure you have done orthrus add --job or passed the " "right job ID. orthrus show -j might help") return False util.color_print(util.bcolors.OKGREEN, "done") jobId = self._args.job_id total_cores = int(util.getnproc()) if len( os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId + "/afl-out/")) > 0: util.color_print_singleline(util.bcolors.OKGREEN, "\t\t[+] Tidy fuzzer sync dir... ") if not self.compact_sync_dir(jobId): util.color_print(util.bcolors.FAIL, "failed") return False util.color_print(util.bcolors.OKGREEN, "done") if self._args.minimize: if not util.minimize_sync_dir(self._config, jobId): return False util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Start Fuzzers for Job [" + jobId + "]... ") if not self._start_fuzzers(jobId, total_cores): try: subprocess.call("pkill -9 afl-fuzz", shell=True, stderr=subprocess.STDOUT) except OSError, subprocess.CalledProcessError: return False return False if self._args.coverage: util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Start afl-cov for Job " "[" + jobId + "]... ") if not self._start_afl_coverage(jobId): util.color_print(util.bcolors.FAIL + "failed" + util.bcolors.ENDC + "\n") return False util.color_print(util.bcolors.OKGREEN, "done") return True
def processjob(self): self.jobId = str(binascii.crc32(self._args.job) & 0xffffffff) self.jobTarget = self._args.job.split(" ")[0] self.jobParams = " ".join(self._args.job.split(" ")[1:]) util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Adding job for [" + self.jobTarget + "]... ") if os.path.exists(self._config['orthrus']['directory'] + "/jobs/" + self.jobId): util.color_print(util.bcolors.FAIL, "already exists!") return False os.mkdir(self._config['orthrus']['directory'] + "/jobs/" + self.jobId) os.mkdir(self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/afl-in") os.mkdir(self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/afl-out") job_config = ConfigParser.ConfigParser() job_config.read(self._config['orthrus']['directory'] + "/jobs/jobs.conf") job_config.add_section(self.jobId) job_config.set(self.jobId, "target", self.jobTarget) job_config.set(self.jobId, "params", self.jobParams) with open(self._config['orthrus']['directory'] + "/jobs/jobs.conf", 'wb') as job_file: job_config.write(job_file) util.color_print(util.bcolors.OKGREEN, "done") util.color_print_singleline( util.bcolors.OKGREEN, "\t\t[+] Configuring job for [" + self.jobTarget + "]... ") ## Create an afl-utils style config for AFL-ASAN fuzzing setting it as slave if AFL-HARDEN target exists asanjob_config = ConfigParser.ConfigParser() asanjob_config.add_section("afl.dirs") asanjob_config.set("afl.dirs", "input", ".orthrus/jobs/" + self.jobId + "/afl-in") asanjob_config.set("afl.dirs", "output", ".orthrus/jobs/" + self.jobId + "/afl-out") asanjob_config.add_section("target") asanjob_config.set("target", "target", ".orthrus/binaries/afl-asan/bin/" + self.jobTarget) asanjob_config.set("target", "cmdline", self.jobParams) asanjob_config.add_section("afl.ctrl") asanjob_config.set( "afl.ctrl", "file", ".orthrus/jobs/" + self.jobId + "/afl-out/.cur_input_asan") asanjob_config.set("afl.ctrl", "timeout", "3000+") # See: https://github.com/mirrorer/afl/blob/master/docs/notes_for_asan.txt if util.is64bit(): asanjob_config.set("afl.ctrl", "mem_limit", "30000000") else: asanjob_config.set("afl.ctrl", "mem_limit", "800") asanjob_config.add_section("job") asanjob_config.set("job", "session", "SESSION") if os.path.exists(self._config['orthrus']['directory'] + "binaries/afl-harden"): asanjob_config.set("job", "slave_only", "on") with open( self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/asan-job.conf", 'wb') as job_file: asanjob_config.write(job_file) ## Create an afl-utils style config for AFL-HARDEN hardenjob_config = ConfigParser.ConfigParser() hardenjob_config.add_section("afl.dirs") hardenjob_config.set("afl.dirs", "input", ".orthrus/jobs/" + self.jobId + "/afl-in") hardenjob_config.set("afl.dirs", "output", ".orthrus/jobs/" + self.jobId + "/afl-out") hardenjob_config.add_section("target") hardenjob_config.set( "target", "target", ".orthrus/binaries/afl-harden/bin/" + self.jobTarget) hardenjob_config.set("target", "cmdline", self.jobParams) hardenjob_config.add_section("afl.ctrl") hardenjob_config.set( "afl.ctrl", "file", ".orthrus/jobs/" + self.jobId + "/afl-out/.cur_input_harden") hardenjob_config.set("afl.ctrl", "timeout", "3000+") hardenjob_config.set("afl.ctrl", "mem_limit", "800") hardenjob_config.add_section("job") hardenjob_config.set("job", "session", "SESSION") with open( self._config['orthrus']['directory'] + "/jobs/" + self.jobId + "/harden-job.conf", 'wb') as job_file: hardenjob_config.write(job_file) util.color_print(util.bcolors.OKGREEN, "done") return True