def fuzzing(host, port, template): # Define target target = TcpTarget('HTTP', host, int(port), timeout=1) target.set_expect_response(True) # target.add_monitor(monitor) # Define model model = GraphModel() model.connect(template) # Define fuzzer fuzzer = ServerFuzzer() fuzzer.set_interface(WebInterface(port=4445)) fuzzer.set_delay_between_tests(0.2) # Run fuzzer session_name = '%s.sqlite' % time.ctime().replace(' ', '_') sessions_dbs = os.path.join('/tmp', 'sessions', session_name) fuzzer.set_session_file(sessions_dbs) fuzzer.set_store_all_reports('reports') fuzzer.set_target(target) fuzzer.set_model(model) fuzzer.start() fuzzer.stop()
def fuzzing(host, port, template): # Define target monitor = GdbServerMonitor( name='GdbServerMonitor', gdb_path='gdb-multiarch', host=host, port=2222, signals=[signal.SIGSEGV, signal.SIGILL, signal.SIGKILL, signal.SIGTERM] ) target = TcpTarget('upnp', host, int(port), timeout=1) target.set_expect_response(True) target.add_monitor(monitor) # Define model model = GraphModel() model.connect(template) # Define fuzzer fuzzer = ServerFuzzer() fuzzer.set_interface(WebInterface(port=4445)) fuzzer.set_delay_between_tests(0.2) # Run fuzzer fuzzer.set_session_file('sessions/%s.sqlite' % time.ctime().replace(' ', '_')) fuzzer.set_store_all_reports('reports') fuzzer.set_target(target) fuzzer.set_model(model) fuzzer.start() fuzzer.stop()
http_get_v1 = Template(name='HTTP_GET_V1', fields=[ String('GET', name='method', fuzzable=False), Delimiter(' ', name='space1', fuzzable=False), Delimiter('/', name='backslash'), String('somewhere', name='path', max_size=5), Delimiter(' ', name='space2'), String('HTTP', name='protocol name'), Delimiter('/', name='fws1'), Dword(1, name='major version', encoder=ENC_INT_DEC), Delimiter('.', name='dot1'), Dword(1, name='minor version', encoder=ENC_INT_DEC), Static('\r\n'), Static('Host: 127.0.0.1:5000'), Static('\r\n'), Static('Connection: close'), Static('\r\n\r\n', name='eom') ]) model.connect(http_get_v1) fuzzer = ServerFuzzer() fuzzer.set_model(model) fuzzer.set_target(target) fuzzer.set_store_all_reports(True) os.remove("fuzz_session.sqlite") fuzzer.set_session_file("fuzz_session.sqlite") fuzzer.set_interface(WebInterface()) fuzzer.start() print 'finished!'