def fuzz_path(self): output().raw("Checking base pathes first.") # get a cup of coffee, fuzzing will take some time output().fuzzed('PATH', '', ('', 'EXISTS', 'DIRLIST')) output().hline() found = {} # pathes found # try base pathes first for path in self.vol_exists() + fuzzer().path: self.verify_path(path, found) # try path traversal strategies if found: output().raw("Now checking traversal strategies.") output().fuzzed('PATH', '', ('', 'EXISTS', 'DIRLIST')) output().hline() # only check found volumes for vol in found: sep = '' if vol[-1:] in ['', '/', '\\'] else '/' sep2 = vol[-1:] if vol[-1:] in ['/', '\\'] else '/' # 1st level traversal for dir in fuzzer().dir: path = vol + sep + dir + sep2 self.verify_path(path) # 2nd level traversal for dir2 in fuzzer().dir: path = vol + sep + dir + sep2 + dir2 + sep2 self.verify_path(path)
def fuzz_blind(self): output().raw("Blindly trying to read files.") # get a bottle of beer, fuzzing will take some time output().fuzzed('PATH', '', ('', 'GET', 'EXISTS')) output().hline() # try blind file access strategies (relative path) for path in fuzzer().rel: self.verify_blind(path, "") output().hline() # try blind file access strategies (absolute path) for vol in self.vol_exists() + fuzzer().blind: sep = '' if vol[-1:] in ['', '/', '\\'] else '/' sep2 = vol[-1:] if vol[-1:] in ['/', '\\'] else '/' # filenames to look for for file in fuzzer().abs: # set current delimiter if isinstance(file, list): file = sep2.join(file) path = vol + sep self.verify_blind(path, file) # vol name out of range error if self.error == '30054': output().raw("Volume nonexistent, skipping.") break # no directory traversal for dir in fuzzer().dir: # n'th level traversal for n in range(1, 3): path = vol + sep + n * (dir + sep2) self.verify_blind(path, file)
def main(): img = Image.new('RGBA', (consts.WIDTH, consts.HEIGHT), consts.WHITE) draw = ImageDraw.Draw(img) depth = 0 corn_chips(draw) fuzzer(draw) # img = img.rotate(180) img.save('test.png', 'PNG')
def setup_payload(self, payload): data = lsusbDescriptionParser(config.DEV_DESC_FOLDER + payload.get_option("descriptor")).parse() self.payload = data[0] self.if_info_packet = data[3] self.ep_info_packet = data[4] self.connect_packet = data[2] fuzzer_obj = fuzzer(payload) fuzzer_obj.set_descriptor(self.payload) emulator = payload.get_option("emulator") if emulator == "enumeration": self.enum_emulator = enumeration(fuzzer_obj) elif emulator == "enumeration_abortion": self.enum_emulator = abortion_enumeration(fuzzer_obj) elif emulator == "hid": self.enum_emulator = hid(fuzzer_obj) else: raise Exception("Unknown emulator")
def setup_payload(self, payload): data = usbdescFileParser(config.DEV_DESC_FOLDER + payload.get_option("descriptor")).parse() self.payload = data[0] self.if_info_packet = data[3] self.ep_info_packet = data[4] self.connect_packet = data[2] fuzzer_obj = fuzzer(payload) fuzzer_obj.set_descriptor(self.payload) emulator = payload.get_option("emulator") if emulator == "enumeration": self.enum_emulator = enumeration(fuzzer_obj) elif emulator == "enumeration_abortion": self.enum_emulator = abortion_enumeration(fuzzer_obj) elif emulator == "hid": self.enum_emulator = hid(fuzzer_obj) else: raise Exception("Unknown emulator")
def fuzz_write(self): self.logger.raw("Writing temporary files.") # get a cup of tea, fuzzing will take some time self.logger.fuzzed('PATH', 'COMMAND', ('GET', 'EXISTS', 'DIRLIST')) self.logger.hline() # test data to put/append data = "test"; data2 = "test2" # try write to disk strategies for vol in self.vol_exists() + fuzzer().write: sep = '' if vol[-1:] in ['', '/', '\\' ] else '/' name = "dat" + str(random.randrange(10000)) # FSDOWNLOAD self.put(vol + sep + name, data) fsd_worked = self.verify_write(vol+sep, name, data, 'PUT') # FSAPPEND self.append(vol + sep + name, data2) data = (data + data2) if fsd_worked else data2 self.verify_write(vol + sep, name, data, 'APPEND') # FSDELETE self.do_delete(vol + sep + name) self.logger.hline()
import sys sys.path.append("..") import fuzzer from utils import asserter server_address = "http://openstack-ace.cloudapp.net" count = 10000 if sys.argv.__len__() > 0: if isinstance(sys.argv[0], int): count = sys.argv[0] # Step 0: Keystone generating token # Step 1: Glance - Create Image http_address_glance_create_image = server_address + ":9292/v2/images" runner_1 = fuzzer.fuzzer(http_address_glance_create_image, 'POST', 1) # Token user_id = "28fb0982afab42a19e44f6d0a124c73d" password = "******" token = runner_1.get_token(user_id, password) # Create Image runner_1.headers["Content-Type"]= "application/json" runner_1.headers["X-Auth-Token"]= token runner_1.body_json_string=''' { "name": "Ubuntu 12.10", "container_format": "ami", "disk_format": "ami", "visibility": "public" } '''
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter from utils import randomer file_address='../keystone_v3_cases/test.img' # randomer.generate_random_file(file_address, 0, 655360) image_id = "e7db3b45-8db7-47ad-8109-3fb55c2c24f2" http_address='http://openstack-ace.cloudapp.net:9292/v2/images/%s/file' % image_id # http_address='http://openstack-ace.cloudapp.net:9292/v2/images/{id}/file' runner = fuzzer.fuzzer(http_address, 'PUT', 1, file_address) # runner.url_fuzz_params["{id}"]=[1,32,True,True,True,True] # runner.url_fuzz_params["9292"]=[1,4,False,False,True,False] # print runner.get_token("28fb0982afab42a19e44f6d0a124c73d","secrete") runner.headers["X-Auth-Token"]=runner.get_token("28fb0982afab42a19e44f6d0a124c73d","secrete") runner.set_random_parameters(is_random=True, upper_limit=6550, lower_limit=0) runner.run_file(asserter.assert_equal, 204, "/v2/images/{image_id}/file ")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter # {account} in uri will be fuzzed, so {account} can be any http_address='http://openstack-bit.cloudapp.net:8080/v1/{account}' runner = fuzzer.fuzzer(http_address, 'GET', 5) runner.url_fuzz_params["{account}"]=[1,64,True,True,True,False] # make sure token is correct runner.headers["X-Auth-Token"]="3a917a00c425494981f7059fe9ab9989" runner.run(asserter.assert_equal, 403, "/v1/{account}")
from fuzzer import fuzzer # Options for running the fuzzer parser = OptionParser() parser.add_option("-s", "--secs", dest="seconds", help="seconds to fuzz for", default=10) parser.add_option("-m", "--mins", dest="minutes", help="minutes to fuzz for", default=0) parser.add_option("-o", "--hours", dest="hours", help="hours to fuzz for", default=0) parser.add_option("-i", "--interface", dest="interface", help="interface class to use while fuzzing") parser.add_option("-f", "--fuzzfile", dest="fuzzFile", help="file containing the fuzz vectors", metavar="FILE", default="fuzzvectors") parser.add_option("-a", "--mode", dest="mode", help="fuzzing mode", default=0) parser.add_option("-e", "--seed", dest="seed", help="seed to use for random mutating") (options, args) = parser.parse_args() # Make sure we get the sender class if options.interface is None: print("No interface class supplied") exit(1) # Fuzz for the given amount of time runTime = int(options.seconds) + (60 * int(options.minutes)) + (3600 * int(options.hours)) fuzzer = fuzzer(options.interface, options.fuzzFile, options.seed, options.mode) fuzzer.fuzz(runTime)
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter file_address = 'test.json' http_address = 'http://openstackubuntu.chinacloudapp.cn:5000/v3/auth/tokens' runner = fuzzer.fuzzer(http_address, 'POST', 1) runner.headers["Content-Type"] = "application/json" runner.body_json_string = ''' { "auth": { "identity": { "methods": [ "token" ], "token": { "id": "e80b74" } } } } ''' runner.body_fuzz_params["id"] = [1, 32, True, True, True, True] runner.run(asserter.assert_equal, 401, "/v3/auth/tokens ")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter file_address='test.json' http_address='http://openstack-ace.cloudapp.net:5000/v3/auth/tokens' runner = fuzzer.fuzzer(http_address, 'POST', 500) runner.headers["Content-Type"]="application/json" runner.body_json_string=''' { "auth": { "identity": { "methods": [ "password" ], "password": { "user": { "id": "28fb0982afab42a19e44f6d0a124c73d", "password": "******" } } } } } ''' runner.body_fuzz_params["password"]=[1,32,True,True,True,True] runner.body_fuzz_params["id"]=[1,32,True,True,True,True] runner.run(asserter.assert_equal, 401, "/v3/auth/tokens ")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter # make sure http_address is correct http_address = 'http://openstack-bit.cloudapp.net:8080/v1/AUTH_8fccf2cb64da46499a68c0cccc364ccc' runner = fuzzer.fuzzer(http_address, 'HEAD', 500) # token will be fuzzed, so X-Auth-Token can be any runner.headers["X-Auth-Token"] = "ba6bbdc90e14446fae8636daa00807cc" runner.headers_fuzz_params["X-Auth-Token"] = [0, 64, True, True, True, True] runner.run(asserter.assert_equal, 401, "/v1/{account}")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter file_address = 'test.json' http_address = 'http://openstackubuntu.chinacloudapp.cn:5000/v3/auth/tokens' runner = fuzzer.fuzzer(http_address, 'POST', 5, file_address) runner.headers["Content-Type"]="application/json" runner.body_fuzz_params["password"]=[1,32,True,True,True,True] runner.body_fuzz_params["id"]=[1,32,True,True,True,True] runner.run(asserter.assert_equal, 401, "/v3/auth/tokens ")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter # {account} in uri will be fuzzed, so {account} can be any http_address='http://openstack-bit.cloudapp.net:8080/v1/{account}' runner = fuzzer.fuzzer(http_address, 'HEAD', 5) runner.url_fuzz_params["{account}"]=[1,64,True,True,True,False] # make sure token is correct runner.headers["X-Auth-Token"]="ba6bbdc90e14446fae8636daa00807cc" runner.run(asserter.assert_equal, 403, "/v1/{account}")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter file_address = 'test.json' http_address = 'http://openstackubuntu.chinacloudapp.cn:5000/v3/auth/tokens' runner = fuzzer.fuzzer(http_address, 'POST', 5, file_address) runner.headers["Content-Type"] = "application/json" runner.body_fuzz_params["password"] = [1, 32, True, True, True, True] runner.body_fuzz_params["id"] = [1, 32, True, True, True, True] runner.run(asserter.assert_equal, 401, "/v3/auth/tokens ")
__author__ = 'bunny_gg' import sys sys.path.append("..") import fuzzer from utils import asserter from utils import randomer file_address = '../keystone_v3_cases/test.img' # randomer.generate_random_file(file_address, 0, 655360) image_id = "e7db3b45-8db7-47ad-8109-3fb55c2c24f2" http_address = 'http://openstack-ace.cloudapp.net:9292/v2/images/%s/file' % image_id # http_address='http://openstack-ace.cloudapp.net:9292/v2/images/{id}/file' runner = fuzzer.fuzzer(http_address, 'PUT', 1, file_address) # runner.url_fuzz_params["{id}"]=[1,32,True,True,True,True] # runner.url_fuzz_params["9292"]=[1,4,False,False,True,False] # print runner.get_token("28fb0982afab42a19e44f6d0a124c73d","secrete") runner.headers["X-Auth-Token"] = runner.get_token( "28fb0982afab42a19e44f6d0a124c73d", "secrete") runner.set_random_parameters(is_random=True, upper_limit=6550, lower_limit=0) runner.run_file(asserter.assert_equal, 204, "/v2/images/{image_id}/file ")