cisco-sas / kitty Goto Github PK
View Code? Open in Web Editor NEWFuzzing framework written in python
License: GNU General Public License v2.0
Fuzzing framework written in python
License: GNU General Public License v2.0
Maybe we should move most of the logic of the trigger
method that is currently in ClientTarget
to ClientFuzzer
. Doing that will break the current client fuzzing API, so we should consider doing that in a major release, if at all. The current method does work, but I think it will be cleaner with that change.
1. docker run -it ubuntu:latest
2. apt update && apt upgrade -y && apt install -y python3-pip git
3. git clone https://github.com/cisco-sas/katnip.git /tmp/katnip
4. cd /tmp/katnip
5. pip3 install -e .
Obtaining file:///tmp/katnip
Collecting kittyfuzzer (from katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/61/fc/9b7b03d896d986aafb0000a093a0c9b599d26ba3b35d29e2ed0313b6d852/kittyfuzzer-0.7.1.tar.gz (301kB)
100% |################################| 307kB 765kB/s
Running setup.py (path:/tmp/pip-build-g0ao1gtv/kittyfuzzer/setup.py) egg_info for package kittyfuzzer produced metadata for project name kittyfuzzer-remote. Fix your #egg=kittyfuzzer fragments.
Collecting docopt (from kittyfuzzer-remote->katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz
Collecting requests (from kittyfuzzer-remote->katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl (57kB)
100% |################################| 61kB 1.3MB/s
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from kittyfuzzer-remote->katnip==0.2.5)
Collecting chardet<3.1.0,>=3.0.2 (from requests->kittyfuzzer-remote->katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
100% |################################| 143kB 1.2MB/s
Collecting certifi>=2017.4.17 (from requests->kittyfuzzer-remote->katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/9f/e0/accfc1b56b57e9750eba272e24c4dddeac86852c2bebd1236674d7887e8a/certifi-2018.11.29-py2.py3-none-any.whl (154kB)
100% |################################| 163kB 447kB/s
Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python3/dist-packages (from requests->kittyfuzzer-remote->katnip==0.2.5)
Collecting urllib3<1.25,>=1.21.1 (from requests->kittyfuzzer-remote->katnip==0.2.5)
Downloading https://files.pythonhosted.org/packages/62/00/ee1d7de624db8ba7090d1226aebefab96a2c71cd5cfa7629d6ad3f61b79e/urllib3-1.24.1-py2.py3-none-any.whl (118kB)
100% |################################| 122kB 2.6MB/s
Building wheels for collected packages: kittyfuzzer-remote, kittyfuzzer-remote, docopt
Running setup.py bdist_wheel for kittyfuzzer-remote ... done
Stored in directory: /root/.cache/pip/wheels/b0/fc/a8/c7bc608bd3245cd6da33cf9086be799297428057d765f88825
Running setup.py bdist_wheel for kittyfuzzer-remote ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpugm93id4pip-wheel- --python-tag cp36:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.6/tokenize.py", line 452, in open
buffer = _builtin_open(filename, 'rb')
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py'
----------------------------------------
Failed building wheel for kittyfuzzer-remote
Running setup.py clean for kittyfuzzer-remote
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" clean --all:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.6/tokenize.py", line 452, in open
buffer = _builtin_open(filename, 'rb')
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py'
----------------------------------------
Failed cleaning build dir for kittyfuzzer-remote
Running setup.py bdist_wheel for docopt ... done
Stored in directory: /root/.cache/pip/wheels/9b/04/dd/7daf4150b6d9b12949298737de9431a324d4b797ffd63f526e
Successfully built kittyfuzzer-remote docopt
Failed to build kittyfuzzer-remote
Installing collected packages: docopt, chardet, certifi, urllib3, requests, kittyfuzzer-remote, katnip
Running setup.py develop for katnip
Successfully installed certifi-2018.11.29 chardet-3.0.4 docopt-0.6.2 katnip kittyfuzzer-remote-0.7.1 requests-2.21.0 urllib
remove it.
I'm getting this in python2 and python3 what's happening here.
when looking at the select module I see
class poll():
def __init__(self) -> None: ...
def register(self, fd: _FileDescriptor, eventmask: int = ...) -> None: ...
def modify(self, fd: _FileDescriptor, eventmask: int) -> None: ...
def unregister(self, fd: _FileDescriptor) -> None: ...
def poll(self, timeout: Optional[float] = ...) -> List[Tuple[int, int]]: ...
def select(rlist: Sequence[Any], wlist: Sequence[Any], xlist: Sequence[Any],
timeout: Optional[float] = ...) -> Tuple[List[Any],
List[Any],
List[Any]]: ...
if sys.version_info >= (3, 3):
error = OSError
else:
class error(Exception): ...
but when i run my script it gives me
[ERROR ][base.start] Error occurred while fuzzing: AttributeError("module 'select' has no attribute 'poll'")
[ERROR ][base.start] Traceback (most recent call last):
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\base.py", line 385, in start
self._test_environment()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\server.py", line 53, in _test_environment
if self._run_sequence(sequence):
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\server.py", line 75, in _run_sequence
return self._post_test()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\base.py", line 434, in _post_test
self.target.post_test(self.model.current_index())
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\katnip\targets\application.py", line 131, in post_test
self.report.add('stdout', self._read(self._process.stdout))
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\katnip\targets\application.py", line 121, in _read
poll_obj = select.poll()
When rendering Pad field that is inside a container with default value, it does not pad its rendered value.
Container(fields=Pad(fields=Static('a'), pad_length=2*8)).render().tobytes()
yields 'a'
instead of 'a\x00'
Python 3 running a katnip target but this is a kitty
Traceback (most recent call last):
File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\ptvsd_launcher.py", line 43, in <module>
main(ptvsdArgs)
File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\lib\python\old_ptvsd\ptvsd\__main__.py", line 432, in main
run()
File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\lib\python\old_ptvsd\ptvsd\__main__.py", line 316, in run_file
runpy.run_path(target, run_name='__main__')
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 262, in run_path
return _run_module_code(code, init_globals, run_name,
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 95, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "c:\Users\silve\Desktop\fuzzer.py", line 42, in <module>
model.connect(bittorent_base_template)
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\high_level\graph.py", line 155, in connect
dst_id = dst.hash()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 88, in hash
hashed = super(Container, self).hash()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 321, in hash
self._initialize()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize
self._init()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 204, in _init
field._initialize()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize
self._init()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 204, in _initevel\container.py", line 204, in _init
field._initialize() evel\field.py", line 146, in _initialize
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize evel\container.py", line 931, in _init
self._init()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 931, in _init
self._rebuild_fields()
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 947, in _rebuild_fields
current = self.random.sample(self._fields, field_list_len)
File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\random.py", line 364, in sample
result = [None] * k
TypeError: can't multiply sequence by non-int of type 'float'
Sulley: Boo?
Boo: Kitty!
>>> from kitty.model import String
>>> String('hello').num_mutations()
91
>>> from boofuzz import *
>>> s_initialize("user")
>>> s_string('hello')
>>> s_get('user').num_mutations()
1441
This could be done with a session file - where all tests with status of error/failed would be re-tested.
A new session file should be created for the second run.
If data model has changed - we cannot use the session file - consider saving the data-model in the session file to make it self-sufficient (?)
Do we need to be able to pass test numbers list as well ?
I think working with a session file is simpler, but perhaps sometimes there is no session file and you just want to run a list of tests ?
I have the next code
from kitty.model import Container
from kitty.model import String
class HttpHeaderField(Container):
def __init__(self, key, value, end=False, fuzzable=True):
fields = []
super(HttpHeaderField, self).__init__(name=key, fields=fields, fuzzable=fuzzable)
class XmlNode(Container):
def __int__(self, key, value, end=False, fuzzable=True):
fields = []
super(XmlNode, self).__init__(name=key, fields=fields, fuzzable=fuzzable)
XmlNode(key='1', value=String('dasd'))
HttpHeaderField(key='1', value=String('dasd'))
What happens if I run this code to python2 console?
>>> HttpHeaderField(key='1', value=String('dasd'))
<__main__.HttpHeaderField object at 0x7f8407217050>
Well, it`s worked! Next
>>> XmlNode(key='1', value=String('dasd'))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: __init__() got an unexpected keyword argument 'key'
WTF???
Example code and error produced:
http://pastebin.com/5crHecLn
mutate() and _mutate() both need to be called on Stage object and StagedSequenceModel objects respectively, this needs to be documented
After calling those, get_stages() can retrieve _sequence, but then tries to access it as a dictionary. Unfortunately I'm short on time and can't investigate this further for the current moment
Kind regards
Currently environment test may be disabled only from command line args this is aweful. Add an appropriate API to BaseFuzzer.
Hi,
Bitfields seem to affect the rendering of fields that follow.
Reproduce
from kitty import model
_fields = [
model.UInt16(1),
model.BitField(0, 1),
model.UInt16(1m)
]
temp = model.Template(fields=_fields)
print(temp.render())
Expected Result
0x000100001
Result
0x0001000080
Each category would contain its own library of mutations - related to this attack vector- ie: xss, sqli, command execution, directory traversal, memory corruption etc...
A configuration file would allow to specify which 'categories' the fuzzer will include and which it would not - to make sure the fuzzing is relevant to the specific target
The configuration file could also contain global vars such as: COMMAND_EXEC_TEST
which would be set differently per target (Linux, windows, mac, etc..)
Specific monitors could be written to use these same global variables in order to check that the action occurred (ie: a file with specific name created)
More mutations could be taken from FuzzDB (https://github.com/fuzzdb-project/fuzzdb)
Would be cool if we had little 'tag' stamps on the report list UI for each report
Python Version 2.7.16
String encoder error will break fuzzing progress.
Running this script will raise UnicodeDecodeError: 'ascii' codec can't decode byte 0xfe in position 11: ordinal not in range(128)
from kitty.model import *
from kitty.interfaces import WebInterface
from kitty.fuzzers import ServerFuzzer
from kitty.model import GraphModel
from katnip.targets.file import FileTarget
t1 = Template(name='str_encoder_test', fields=[
String(name='bString', value='hello_kitty', encoder=StrEncodeEncoder('utf_16_le'), max_size=254 / 2)
]
)
target = FileTarget('FileTarget', './tmp', 'fuzzed', 'bin')
model = GraphModel()
model.connect(t1)
fuzzer = ServerFuzzer()
fuzzer.set_interface(WebInterface(port=26001))
fuzzer.set_model(model)
fuzzer.set_target(target)
fuzzer.set_range(1, 10)
fuzzer.start()
This problem can be reproduced with the code show below .
from kitty.model import *
test = String(name='bString', value='hello_kitty', encoder=StrEncodeEncoder('utf_16_le'), max_size=254 / 2)
test.mutate()
test.mutate()
test.mutate()
print(test.render())
Change the failed report from a binary state (failed/passed) to a tri-state status - failed/passed/error.
The error should be in case there was an exception thrown.
In case of error, there should still be a report, with as much detail as possible to help debug the problem, probably good to add stack traces to the report.
Error status indicates a bug in the fuzzing session somewhere and should be fixed or a true bug in the program.
Failure should be only for true bugs found.
It would be nice to have the error reports colored orange, and failures red.
Add "is_victim_alive" API that will check if the victim is alive during pre_test.
when i use kitty to fuzzing something i can't got report from controller or monitor.then i use this code blow to check why and may got the probom.
>>> from kitty.data.report import Report
>>> subreport = Report('subreport')
>>> subreport.add('failed','got some error')
>>> report=Report('all')
>>> report.add('subreport1',subreport)
>>> subreport.is_failed()
'got some error'
>>> report.is_failed()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Python/2.7/site-packages/kitty-0.6.1-py2.7.egg/kitty/data/report.py", line 166, in is_failed
failed |= subreport.is_failed()
TypeError: unsupported operand type(s) for |=: 'bool' and 'str'
When I use Kitty, I use Kitty to conduct fuzzy testing of the protocol. One problem is how to call the mutation strategy to carry out data mutation after the data template is defined. I read the source code and did not solve this problem.I would appreciate an answer.
If I try run fuzzing in loop, then after 1 loop iteration, WebInterface cant stopped, and continue bind the port. Why it's not stopped?
for item in range(10):
target = TcpTarget('fuzzer', host, int(port), timeout=1)
target.set_expect_response(True)
target.add_monitor(monitor)
# Define model
model = GraphModel()
model.connect(template)
# Define fuzzer
fuzzer = ServerFuzzer()
fuzzer.set_session_file('%s.sqlite' % time.ctime().replace(' ', '_'))
fuzzer.set_interface(WebInterface(port=4445))
fuzzer.set_model(model)
fuzzer.set_target(target)
fuzzer.set_delay_between_tests(0.2)
fuzzer.start()
_load_session No session loaded
[INFO ][base._start_message]
--------------------------------------------------
Starting fuzzing session
Target: TcpTarget
UI: WebInterface listening on 127.0.0.1:4445
Log: ./kittylogs/kitty_20190213-175952.log
Total possible mutation count: 1316
--------------------------------------------------
Happy hacking
--------------------------------------------------
_start_message
--------------------------------------------------
Starting fuzzing session
Target: TcpTarget
UI: WebInterface listening on 127.0.0.1:4445
Log: ./kittylogs/kitty_20190213-175952.log
Total possible mutation count: 1316
--------------------------------------------------
Happy hacking
--------------------------------------------------
Exception in thread Thread-10:
Traceback (most recent call last):
File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
self.run()
File "/media/DATA/Fuzzer/kitty3/kitty/core/threading_utils.py", line 42, in run
self._func(*self._args)
File "/media/DATA/Fuzzer/kitty3/kitty/interfaces/web.py", line 301, in _server_func
server = _WebInterfaceServer((self._host, self._port), _WebInterfaceHandler, self)
File "/media/DATA/Fuzzer/kitty3/kitty/interfaces/web.py", line 46, in __init__
HTTPServer.__init__(self, server_address, handler)
File "/usr/lib/python3.7/socketserver.py", line 452, in __init__
self.server_bind()
File "/usr/lib/python3.7/http/server.py", line 137, in server_bind
socketserver.TCPServer.server_bind(self)
File "/usr/lib/python3.7/socketserver.py", line 466, in server_bind
self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use
Getting following error stack with pre_test param as "test_num"
[ERROR ][base.start] Traceback (most recent call last):
File "C:\Python27\lib\site-packages\kitty\fuzzers\base.py", line 292, in start
self._test_environment()
File "C:\Python27\lib\site-packages\kitty\fuzzers\server.py", line 53, in _test_environment
if self._run_sequence(sequence):
File "C:\Python27\lib\site-packages\kitty\fuzzers\server.py", line 64, in _run_sequence
self._pre_test()
File "C:\Python27\lib\site-packages\kitty\fuzzers\base.py", line 332, in _pre_test
self.target.pre_test(self.model.current_index())
File "F:\play\pyplay\fuzz1\fuzz1.py", line 42, in pre_test
super(TcpTarget, self).pre_test(test_num)
File "C:\Python27\lib\site-packages\kitty\targets\server.py", line 62, in pre_test
super(ServerTarget, self).pre_test(test_num)
File "C:\Python27\lib\site-packages\kitty\targets\base.py", line 81, in pre_test
self.controller.pre_test(test_number=self.test_number)
TypeError: pre_test() got an unexpected keyword argument 'test_number'
doc link : http://kitty.readthedocs.io/en/latest/tutorials/server_fuzzing.html
It would be very useful to be able to reference other fields (for e.g. the base_field of and Offset field) using either an absolute or relative 'field path', delimited by either slashes or dots.
ByteAlignedBitsEncoder have wrong padding (fixed already, but will be shipped with v0.6.2)
We need a (calculated) field that holds the offset of a specific field within a container/template. This will probably require a new API in BaseField/Container.
Access denied by device during fuzz test when establishing connection with Siemens PLC
I noticed that I get duplicated logger messages on the terminal.
I've added following code to my main to fix the issue.
from kitty.core.kitty_object import KittyObject
# Remove duplicated log messages
logger = KittyObject.get_logger()
logger.propagate = False
KittyObject._logger = logger
But this issue can be fixed if we add logger.propagate = False
to KittyObject
method get_logger
.
Not sure if that is intended behavior or not. But posting this here in case someone else runs into the same problem.
Thank you for creating Kitty!
Since some fuzzing sessions have long test lists, the test manager holds long lists of sequential test numbers, which cause high memory usage, we should optimize it to hold them as some type of "range" objects.
Hi, I am using kitty to create a REST API fuzzer.
I am sending a lot of HTTPS requests and need to check each response.
Thus I use a callback function for the purpose of checking the response on each request:
def callbacker(fuzzer, edge, resp):
print("RESPONSE:", resp)
model = GraphModel()
model.connect(http_template, None, callbacker)
In the current kitty version from pip, version 0.7.4, this functionality seems to be broken.
The problem is that the resp
parameter for the callback function is always None
.
Inside the _run_sequence
method in kitty/fuzzers/server.py
, I think I found the issue:
edge.callback(self, edge, resp)
is called before resp = self._transmit(node)
. Therefore, the callback is always called with resp=None
.
(link to this line in the code: https://github.com/cisco-sas/kitty/blob/master/kitty/fuzzers/server.py#L69)
By moving these lines
if edge.callback:
edge.callback(self, edge, resp)
to right after the resp = self._transmit(node)
line, the issue is now resolved and I can see the response in the callback function.
So: Is this a bug in the framework or am I using it incorrectly?
Thanks
It would be awesome to be able to specify a 'field path' when asking kitty-tool to generate mutations, and have kitty-tool generate mutations for that field path only.
It should be possible to specify field paths wherever you would use --skip, so also on fuzzer scripts.
Maybe allow specifying multiple paths too?
nccgroup/umap2 is a USB assessment tool, and they are using the kitty engine to fuzz USB host.
The issue I encounter is the following, I can't access any report, they all have the label "trigger timed out", and when I access the detail for a report I get an alert window with "Failed to load report" while in the console running the kitty engine (and the web server I guess) I get the following message :
Exception occurred during processing of request from ('127.0.0.1', 35804)
Traceback (most recent call last):
File "/usr/lib64/python3.10/socketserver.py", line 316, in _handle_request_noblock
self.process_request(request, client_address)
File "/usr/lib64/python3.10/socketserver.py", line 347, in process_request
self.finish_request(request, client_address)
File "/usr/lib64/python3.10/socketserver.py", line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 72, in __init__
BaseHTTPRequestHandler.__init__(
File "/usr/lib64/python3.10/socketserver.py", line 747, in __init__
self.handle()
File "/usr/lib64/python3.10/http/server.py", line 432, in handle
self.handle_one_request()
File "/usr/lib64/python3.10/http/server.py", line 420, in handle_one_request
method()
File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 116, in do_GET
self._my_handle()
File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 261, in _my_handle
response = endpoints[endpoint]()
File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 199, in _handle_api_request
response = self._get_report()
File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 234, in _get_report
return json.dumps(response)
File "/usr/lib64/python3.10/json/__init__.py", line 231, in dumps
return _default_encoder.encode(obj)
File "/usr/lib64/python3.10/json/encoder.py", line 199, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/lib64/python3.10/json/encoder.py", line 257, in iterencode
return _iterencode(o, 0)
File "/usr/lib64/python3.10/json/encoder.py", line 179, in default
raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type bytes is not JSON serializable
I think the issue is related to kitty rather than umap2, but I might be wrong, in that case let me know and I will close the issue.
If you need additional information let me know, I will do my best to provide them.
kitty/kitty/data/data_manager.py
Line 23 in f19e811
root@bdeebb3c8e86:/tmp# python3
Python 3.6.7 (default, Oct 22 2018, 11:32:17)
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from kitty.fuzzers import ServerFuzzer
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/tmp/kitty/kitty/fuzzers/__init__.py", line 34, in <module>
from kitty.fuzzers.base import BaseFuzzer
File "/tmp/kitty/kitty/fuzzers/base.py", line 32, in <module>
from kitty.data.data_manager import DataManager, SessionInfo
File "/tmp/kitty/kitty/data/data_manager.py", line 23, in <module>
import cPickle
ModuleNotFoundError: No module named 'cPickle'
In some case, i actually written some protocols using scapy. I like to use scapy to communication with target, but i prefer using Kitty to fuzz my target.
Is there any better way to make kitty compatible with python-scapy field?
Having crypto (AES, DES) encoders in kitty depends on pycrypto. It's a heavy dependency for a feature that is not used that often. Maybe it should be part of katnip.
If someone has an input about that - I'll be happy to hear.
When fuzzing I keep the web interface open, but over time my web browser (with only this tab open) uses more and more ram (which ends up with a crash).
The crash occur after 6 to 24 hours after the fuzzing started.
I'm using Firefox 105.0.1 on Fedora 36, I don't know if it is related.
Raise an exception when someone attempts to add a 'failed' key to the report.
This is a use of the deprecated API.
Current API is to use the report.failed('reason') method.
The set_offset and render enter a deep loop when generating data from templates with deep hierarchies. This causes the mutation generation to be very slow.
In our fuzzing project, we wanted to store all reports so we could do some postprocessing and do statistics on every single test (we are fuzzing via HTTPS requests).
So we used fuzzer.set_store_all_reports(True)
on our Kitty fuzzer object.
However, we noticed that the fuzzer becomes extremely slow over time when we enabled this option, to the point where there was no way it could finish our test. When only storing the tests that fail (as default), there are no significant slowdowns over time.
We also noticed the WebInterface becomes very slow and unresponsive when a lot of reports are being stored (possibly because it lists all reports in the UI?)
We thus decided to use our own report system, also using SQLite. We use our own customised solution and only log the data we want, and it turns out to be super fast and lightweight. We don't use threading and we insert and commit on every test.
So we are quite sure that there is some bottleneck in the Kitty report system code that makes it really slow when a lot of reports are being saved. We are not sure exactly what causes it, but maybe it could have something to do with the threading system (since we don't use threading and we get really fast results).
We can't pinpoint the problem exactly and don't have a solution right now, but thought we would make you aware of it :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.