def run(self):
util.color_print_singleline(util.bcolors.BOLD + util.bcolors.HEADER,
"[+] Stopping fuzzing jobs...")
kill_fuzz_cmd = ["pkill", "-9", "afl-fuzz"]
util.run_cmd(" ".join(kill_fuzz_cmd))
util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done")
if self._args.coverage:
util.color_print_singleline(
util.bcolors.BOLD + util.bcolors.HEADER,
"[+] Stopping afl-cov for jobs...")
for pid in self.get_afl_cov_pid():
kill_aflcov_cmd = ["pkill", "-9", pid]
util.run_cmd(" ".join(kill_aflcov_cmd))
util.color_print(util.bcolors.BOLD + util.bcolors.HEADER, "done")
return True
def bear_make(self):
if not os.path.isfile("Makefile"):
return False
command = ["make clean && bear make -j"]
if not util.run_cmd(command, self.env, self.logfile):
return False
return True
def make_install(self):
if not os.path.isfile("Makefile"):
return False
command = ["make clean && make -j install"]
if not util.run_cmd(command, self.env, self.logfile):
return False
return True
def triage(self, jobId, inst, indir=None, outdir=None):
util.color_print_singleline(
util.bcolors.OKGREEN,
"\t\t[+] Collect and verify '{}' mode crashes... ".format(inst))
env = os.environ.copy()
asan_flag = {}
asan_flag[
'ASAN_OPTIONS'] = "abort_on_error=1:disable_coredump=1:symbolize=1"
env.update(asan_flag)
if inst is 'harden':
prefix = 'HARDEN'
elif inst is 'asan' or inst is 'all':
prefix = 'ASAN'
inst = 'asan'
else:
util.color_print(util.bcolors.FAIL, "failed!")
return False
if not indir:
syncDir = self._config['orthrus'][
'directory'] + "/jobs/" + jobId + "/afl-out/"
else:
syncDir = indir
if not outdir:
dirname = self._config['orthrus']['directory'] + "/jobs/" + jobId + "/exploitable/" + \
"{}/".format(prefix) + "crashes"
if not os.path.exists(dirname):
os.makedirs(dirname)
triage_outDir = dirname
else:
triage_outDir = outdir
logfile = self._config['orthrus'][
'directory'] + "/logs/" + "afl-{}_dbg.log".format(inst)
launch = self._config['orthrus']['directory'] + "/binaries/{}-dbg/bin/".format(inst) + \
self.job_config.get(jobId, "target") + " " + \
self.job_config.get(jobId, "params").replace("&", "\&")
cmd = " ".join([
"afl-collect", "-r", "-j",
util.getnproc(), "-e gdb_script", syncDir, triage_outDir, "--",
launch
])
rv = util.run_cmd("ulimit -c 0; " + cmd, env, logfile)
if not rv:
util.color_print(util.bcolors.FAIL, "failed")
return rv
util.color_print(util.bcolors.OKGREEN, "done")
if not self.tidy(triage_outDir):
return False
return True
def clang_sdict(self):
if not self.bear_make():
return False
command = [
"find . -type f \( -name \"*.c\" -o -name \"*.cpp\" -o -name \"*.cc\" \) -print0 |"
" xargs -0 clang-sdict -p 1>> dict.clang"
]
if not util.run_cmd(command, self.env, self.logfile):
return False
return True
def configure(self):
if not os.path.isfile("configure"):
return False
# AFL-fuzz likes statically linked binaries
# "--disable-shared " +
command = ["./configure " + " ".join(self.configargs)]
if not util.run_cmd(command, self.env, self.logfile):
return False
return True
def make_install(self):
if not os.path.isfile("Makefile"):
util.color_print(util.bcolors.FAIL,
"No Makefile found in work dir")
return False
command = ["make clean; make -j install"]
if not util.run_cmd(command, self.env, self.logfile):
util.color_print(util.bcolors.FAIL,
"Error running make install. Check the log!")
return False
return True
def configure(self):
if not os.path.isfile("configure"):
util.color_print(util.bcolors.FAIL,
"No configure script found in work dir")
return False
# AFL-fuzz likes statically linked binaries
# "--disable-shared " +
command = ["./configure " + " ".join(self.configargs)]
if not util.run_cmd(command, self.env, self.logfile):
util.color_print(
util.bcolors.FAIL,
"\t\t[-] Error running configure. Check the log!")
return False
return True
def _start_fuzzers(self, jobId, available_cores):
if os.listdir(self._config['orthrus']['directory'] + "/jobs/" + jobId +
"/afl-out/") == []:
start_cmd = "start"
else:
start_cmd = "resume"
core_per_subjob = available_cores / 2
if core_per_subjob == 0:
core_per_subjob = 1
cmd = ["cat /proc/sys/kernel/core_pattern"]
util.color_print_singleline(util.bcolors.OKGREEN,
"Checking core_pattern...")
try:
if "core" not in subprocess.check_output(" ".join(cmd),
shell=True,
stderr=subprocess.STDOUT):
util.color_print(util.bcolors.FAIL, "failed")
util.color_print(
util.bcolors.FAIL, "\t\t\t[-] Please do echo core | "
"sudo tee /proc/sys/kernel/core_pattern")
return False
except subprocess.CalledProcessError as e:
print e.output
return False
util.color_print(util.bcolors.OKGREEN, "okay")
env = os.environ.copy()
env.update({'AFL_SKIP_CPUFREQ': '1'})
if os.path.exists(self._config['orthrus']['directory'] +
"/binaries/afl-harden"):
util.color_print_singleline(
util.bcolors.OKGREEN,
"\t\t[+] Starting AFL harden fuzzer job as master...")
harden_file = self._config['orthrus'][
'directory'] + "/logs/afl-harden.log"
cmd = [
"afl-multicore",
"--config=.orthrus/jobs/" + jobId + "/harden-job.conf",
start_cmd,
str(core_per_subjob), "-v"
]
if not util.run_cmd(" ".join(cmd), env, harden_file):
util.color_print(util.bcolors.FAIL, "failed")
return False
util.color_print(util.bcolors.OKGREEN, "done")
output = open(
self._config['orthrus']['directory'] + "/logs/afl-harden.log",
"r")
for line in output:
if "Starting master" in line or "Starting slave" in line:
util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
if " Master " in line or " Slave " in line:
util.color_print_singleline(util.bcolors.OKGREEN,
"\t\t\t\t" + "[+] " + line)
output.close()
if os.path.exists(self._config['orthrus']['directory'] +
"/binaries/afl-asan"):
util.color_print_singleline(
util.bcolors.OKGREEN,
"\t\t[+] Starting AFL ASAN fuzzer job as slave...")
asan_file = self._config['orthrus'][
'directory'] + "/logs/afl-asan.log"
cmd = ["afl-multicore", "--config=.orthrus/jobs/" + jobId + "/asan-job.conf ", "add", \
str(core_per_subjob), "-v"]
if not util.run_cmd(" ".join(cmd), env, asan_file):
util.color_print(util.bcolors.FAIL, "failed")
return False
util.color_print(util.bcolors.OKGREEN, "done")
output2 = open(
self._config['orthrus']['directory'] +
"/logs/afl-asan.log", "r")
for line in output2:
if "Starting master" in line or "Starting slave" in line:
util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
if " Master " in line or " Slave " in line:
util.color_print_singleline(util.bcolors.OKGREEN,
"\t\t\t\t" + "[+] " + line)
output2.close()
elif os.path.exists(self._config['orthrus']['directory'] +
"/binaries/afl-asan"):
util.color_print_singleline(
util.bcolors.OKGREEN,
"\t\t[+] Starting AFL ASAN fuzzer job as master...")
asan_file = self._config['orthrus'][
'directory'] + "/logs/afl-asan.log"
cmd = ["afl-multicore", "-c", ".orthrus/jobs/" + jobId + "/asan-job.conf", start_cmd, \
str(available_cores), "-v"]
if not util.run_cmd(" ".join(cmd), env, asan_file):
util.color_print(util.bcolors.FAIL, "failed")
return False
util.color_print(util.bcolors.OKGREEN, "done")
output2 = open(
self._config['orthrus']['directory'] + "/logs/afl-asan.log",
"r")
for line in output2:
if "Starting master" in line or "Starting slave" in line:
util.color_print(util.bcolors.OKGREEN, "\t\t\t" + line)
if " Master " in line or " Slave " in line:
util.color_print_singleline(util.bcolors.OKGREEN,
"\t\t\t\t" + "[+] " + line)
output2.close()
return True