Ejemplo n.º 1
0
 def run(self):
     util.color_print_singleline(util.bcolors.BOLD + util.bcolors.HEADER,
                                 "[+] Stopping fuzzing jobs...")
     kill_fuzz_cmd = ["pkill", "-9", "afl-fuzz"]
     util.run_cmd(" ".join(kill_fuzz_cmd))
     util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done")
     if self._args.coverage:
         util.color_print_singleline(
             util.bcolors.BOLD + util.bcolors.HEADER,
             "[+] Stopping afl-cov for jobs...")
         for pid in self.get_afl_cov_pid():
             kill_aflcov_cmd = ["pkill", "-9", pid]
             util.run_cmd(" ".join(kill_aflcov_cmd))
         util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done")
     return True
Ejemplo n.º 2
0
    def bear_make(self):
        if not os.path.isfile("Makefile"):
            return False

        command = ["make clean && bear make -j"]
        if not util.run_cmd(command, self.env, self.logfile):
            return False
        return True
Ejemplo n.º 3
0
    def make_install(self):
        if not os.path.isfile("Makefile"):
            return False

        command = ["make clean && make -j install"]
        if not util.run_cmd(command, self.env, self.logfile):
            return False
        return True
Ejemplo n.º 4
0
    def triage(self, jobId, inst, indir=None, outdir=None):
        util.color_print_singleline(
            util.bcolors.OKGREEN,
            "\t\t[+] Collect and verify '{}' mode crashes... ".format(inst))

        env = os.environ.copy()
        asan_flag = {}
        asan_flag[
            'ASAN_OPTIONS'] = "abort_on_error=1:disable_coredump=1:symbolize=1"
        env.update(asan_flag)

        if inst is 'harden':
            prefix = 'HARDEN'
        elif inst is 'asan' or inst is 'all':
            prefix = 'ASAN'
            inst = 'asan'
        else:
            util.color_print(util.bcolors.FAIL, "failed!")
            return False

        if not indir:
            syncDir = self._config['orthrus'][
                'directory'] + "/jobs/" + jobId + "/afl-out/"
        else:
            syncDir = indir

        if not outdir:
            dirname = self._config['orthrus']['directory'] + "/jobs/" + jobId + "/exploitable/" + \
                      "{}/".format(prefix) + "crashes"
            if not os.path.exists(dirname):
                os.makedirs(dirname)
            triage_outDir = dirname
        else:
            triage_outDir = outdir

        logfile = self._config['orthrus'][
            'directory'] + "/logs/" + "afl-{}_dbg.log".format(inst)
        launch = self._config['orthrus']['directory'] + "/binaries/{}-dbg/bin/".format(inst) + \
                 self.job_config.get(jobId, "target") + " " + \
                 self.job_config.get(jobId, "params").replace("&", "\&")
        cmd = " ".join([
            "afl-collect", "-r", "-j",
            util.getnproc(), "-e gdb_script", syncDir, triage_outDir, "--",
            launch
        ])
        rv = util.run_cmd("ulimit -c 0; " + cmd, env, logfile)
        if not rv:
            util.color_print(util.bcolors.FAIL, "failed")
            return rv

        util.color_print(util.bcolors.OKGREEN, "done")

        if not self.tidy(triage_outDir):
            return False

        return True
Ejemplo n.º 5
0
 def clang_sdict(self):
     if not self.bear_make():
         return False
     command = [
         "find . -type f \( -name \"*.c\" -o -name \"*.cpp\" -o -name \"*.cc\" \) -print0 |"
         " xargs -0 clang-sdict -p 1>> dict.clang"
     ]
     if not util.run_cmd(command, self.env, self.logfile):
         return False
     return True
Ejemplo n.º 6
0
    def configure(self):

        if not os.path.isfile("configure"):
            return False

        # AFL-fuzz likes statically linked binaries
        # "--disable-shared " +
        command = ["./configure " + " ".join(self.configargs)]

        if not util.run_cmd(command, self.env, self.logfile):
            return False
        return True
Ejemplo n.º 7
0
    def make_install(self):
        if not os.path.isfile("Makefile"):
            util.color_print(util.bcolors.FAIL,
                             "No Makefile found in work dir")
            return False

        command = ["make clean; make -j install"]
        if not util.run_cmd(command, self.env, self.logfile):
            util.color_print(util.bcolors.FAIL,
                             "Error running make install. Check the log!")
            return False
        return True
Ejemplo n.º 8
0
    def configure(self):

        if not os.path.isfile("configure"):
            util.color_print(util.bcolors.FAIL,
                             "No configure script found in work dir")
            return False

        # AFL-fuzz likes statically linked binaries
        # "--disable-shared " +
        command = ["./configure " + " ".join(self.configargs)]

        if not util.run_cmd(command, self.env, self.logfile):
            util.color_print(
                util.bcolors.FAIL,
                "\t\t[-] Error running configure. Check the log!")
            return False
        return True
Ejemplo n.º 9
0
    def _start_fuzzers(self, jobId, available_cores):
        if os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId +
                      "/afl-out/") == []:
            start_cmd = "start"
        else:
            start_cmd = "resume"

        core_per_subjob = available_cores / 2
        if core_per_subjob == 0:
            core_per_subjob = 1

        cmd = ["cat /proc/sys/kernel/core_pattern"]
        util.color_print_singleline(util.bcolors.OKGREEN,
                                    "Checking core_pattern...")
        try:
            if "core" not in subprocess.check_output(" ".join(cmd),
                                                     shell=True,
                                                     stderr=subprocess.STDOUT):
                util.color_print(util.bcolors.FAIL, "failed")
                util.color_print(
                    util.bcolors.FAIL, "\t\t\t[-] Please do echo core | "
                    "sudo tee /proc/sys/kernel/core_pattern")
                return False
        except subprocess.CalledProcessError as e:
            print e.output
            return False
        util.color_print(util.bcolors.OKGREEN, "okay")

        env = os.environ.copy()
        env.update({'AFL_SKIP_CPUFREQ': '1'})

        if os.path.exists(self._config['orthrus']['directory'] +
                          "/binaries/afl-harden"):
            util.color_print_singleline(
                util.bcolors.OKGREEN,
                "\t\t[+] Starting AFL harden fuzzer job as master...")

            harden_file = self._config['orthrus'][
                'directory'] + "/logs/afl-harden.log"
            cmd = [
                "afl-multicore",
                "--config=.orthrus/jobs/" + jobId + "/harden-job.conf",
                start_cmd,
                str(core_per_subjob), "-v"
            ]

            if not util.run_cmd(" ".join(cmd), env, harden_file):
                util.color_print(util.bcolors.FAIL, "failed")
                return False

            util.color_print(util.bcolors.OKGREEN, "done")

            output = open(
                self._config['orthrus']['directory'] + "/logs/afl-harden.log",
                "r")
            for line in output:
                if "Starting master" in line or "Starting slave" in line:
                    util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
                if " Master " in line or " Slave " in line:
                    util.color_print_singleline(util.bcolors.OKGREEN,
                                                "\t\t\t\t" + "[+] " + line)
            output.close()

            if os.path.exists(self._config['orthrus']['directory'] +
                              "/binaries/afl-asan"):
                util.color_print_singleline(
                    util.bcolors.OKGREEN,
                    "\t\t[+] Starting AFL ASAN fuzzer job as slave...")
                asan_file = self._config['orthrus'][
                    'directory'] + "/logs/afl-asan.log"
                cmd = ["afl-multicore", "--config=.orthrus/jobs/" + jobId + "/asan-job.conf ", "add", \
                                str(core_per_subjob), "-v"]

                if not util.run_cmd(" ".join(cmd), env, asan_file):
                    util.color_print(util.bcolors.FAIL, "failed")
                    return False

                util.color_print(util.bcolors.OKGREEN, "done")

                output2 = open(
                    self._config['orthrus']['directory'] +
                    "/logs/afl-asan.log", "r")
                for line in output2:
                    if "Starting master" in line or "Starting slave" in line:
                        util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
                    if " Master " in line or " Slave " in line:
                        util.color_print_singleline(util.bcolors.OKGREEN,
                                                    "\t\t\t\t" + "[+] " + line)
                output2.close()

        elif os.path.exists(self._config['orthrus']['directory'] +
                            "/binaries/afl-asan"):

            util.color_print_singleline(
                util.bcolors.OKGREEN,
                "\t\t[+] Starting AFL ASAN fuzzer job as master...")
            asan_file = self._config['orthrus'][
                'directory'] + "/logs/afl-asan.log"
            cmd = ["afl-multicore", "-c", ".orthrus/jobs/" + jobId + "/asan-job.conf", start_cmd, \
                   str(available_cores), "-v"]

            if not util.run_cmd(" ".join(cmd), env, asan_file):
                util.color_print(util.bcolors.FAIL, "failed")
                return False

            util.color_print(util.bcolors.OKGREEN, "done")

            output2 = open(
                self._config['orthrus']['directory'] + "/logs/afl-asan.log",
                "r")
            for line in output2:
                if "Starting master" in line or "Starting slave" in line:
                    util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
                if " Master " in line or " Slave " in line:
                    util.color_print_singleline(util.bcolors.OKGREEN,
                                                "\t\t\t\t" + "[+] " + line)
            output2.close()

        return True