k0retux / fuddly Goto Github PK

View Code? Open in Web Editor NEW

162.0 18.0 49.0 6.8 MB

Fuzzing and Data Manipulation Framework (for GNU/Linux)

License: GNU General Public License v3.0

Python 100.00%

fuzzing framework security python data-manipulation

fuddly's Introduction

fuddly: a fuzzing and data manipulation framework

List of features

Graph-based data model that enables:
- to represent complex data formats and also to mix them
- complex data manipulations
- to dissect/absorb existing data
- generation & mutation fuzzing strategy
Fuzzing automation framework:
- target abstraction
- monitoring means based on independant probes
- replay & logging
- data manipulation based on disruptors (objects that implement specific data transformation)
- scenario infrastructure (for modeling protocol logic)
- virtual operators
and so on...

What's still missing

Refer to TODO file

About documentation

Documentation is available here.
In order to generate the documentation from the source, follow these steps:
1. go to the folder docs/
2. execute make html to generate HTML documentation
3. execute make latexpdf to generate PDF documentation
4. generated documentation is located in docs/build/

Launch fuddly test cases

The package test include all unit & integration test cases of fuddly itself. Usage is as follows:

To launch all the tests, issue the command:
```
>> python -m test -a
```
To launch all the tests but the longer ones, issue the command:
```
>> python -m test
```
To avoid data model specific test cases use the option --ignore-dm-specifics

To launch a specific test category issue the following command:

>> python -m test test.<test_package>.<test_module>.<Test_Class>.<test_method>

Miscellaneous

Don't forget to populate <fuddly data folder>/imported_data/ with sample files for data models that need it
Note that when the fuddly shell is launched, the path of the fuddly data folder is displayed as well as its configuration folder

Dependencies

Compatible with Python3
Mandatory:
- sqlite3: SQLite3 data base
Optional:
- xtermcolor: Terminal color support
- graphviz: For graphic visualization (e.g., scenario display)
- paramiko: Python implementation of the SSHv2 protocol
- serial: For serial port access
- cups: Python bindings for libcups
- rpyc: Remote Python Call (RPyC), a transparent and symmetric RPC library
- pyxdg: XDG Base Directory support
For testing:
- ddt: Used for data-driven tests
- mock: Used for mocking
For documentation generation:
- sphinx: sphinx >= 1.3 (with builtin napoleon extension)
- texlive (optional): Needed to generate PDF documentation
- readthedocs theme (optional): Privileged html theme for sphinx

fuddly's People

Contributors

Stargazers

Watchers

Forkers

chubbymaggie idkwim sucof prasanna-in gordol magicyb ksmaheshkumar wakkychaw jbcayrou defanlt hxp2k6 followmaster julienbaladier lucabongiorni wflk gitcollect wangshu88 olivierh59500 bscain-rc vahlkar 0x524b qianqian121 peterg75 aln7 m00zh33 majinxin2003 deeby jimoyong riusksk ma3k4h3d k1ll3rb1z jg8481 m4rm0k darrynza seabreg komin92 s3ize 5l1v3r1 hartl3y94 poneyuhc bartimusprimed 6e006b timb-machine-mirrors fvittoz

fuddly's Issues

Install error~

Hi ~

When I install this fuzzer, I got the message below.

Exception in thread db_handler:
Traceback (most recent call last):
File "/usr/lib64/python2.7/threading.py", line 811, in __bootstrap_inner
self.run()
File "/usr/lib64/python2.7/threading.py", line 764, in run
self.__target(*self.__args, **self.__kwargs)
File "/home/fuddly/framework/database.py", line 174, in _sql_handler
self._ok = self._is_valid(connection, cursor)
File "/home/fuddly/framework/database.py", line 153, in _is_valid
cur.executescript(fmk_db_sql)
OperationalError: near "AS": syntax error

I think "fmk_db.sql" file is okay, But I don't know why this syntax error occured.
Do you have any idea?

EvolutionaryScenariosFactory example

Hello, I couldn't find a example to use EvolutionaryScenariosFactory.
Can I use the Evolutionary api direct by code instead of using the shell?

Different disruptor usage with different nodes in a scenario

Hello,

I have created a scenario with 3 nodes linked with steps: A -> B -> C

I want to :

use a disruptor tTYPE on path path_b of the node B,
and then I want to use another disruptor tTYPE on path_c of the node C.

However, when I execute the scenario and go to node C, it uses the first disruptor with path set to path_b instead of creating another one with the correct path.

How can use two different disruptor instantiation?

Thank

New conditions support

Hello, I have a piece of a field that is written that way:

 {
                    'name': 'HeaderFlags',
                    'contents': lambda x: Node('General', value_type= \
                        String(min_sz=4, max_sz=uint16le_to_int(x) - 4, determinist=False)),
                    'node_args': 'HeaderLength',
                    'exists_if': (IntMoreOrEqualThanCondition(9), 'HeaderLength')
}

I couldn't find a way to include a field if a length value is greater than a certain number, so I had to write a new class IntMoreOrEqualThanCondition. But I don't think this is good enough, maybe a more general solution could be used, such as using a lambda condition, so users can decide what to compere the value to?

Other difficulties I have:

For packets that don't inform sizes but you can infer the next fields based on the packer size left. This is specially true for wifi tagged fields packet, which don't have a field telling how many tags there are. You can only now if you check if there's more bytes left. Do you have a tip how to read the bytes left from the current node? I found difficult to receive node context inside the condition class.
Is it possible that the use of lambdas doesn't include a new node? I get a new child node which is not at the same level of the parent node, polluting a little the .show()
I can't use the extended bitfield. I'm trying to use 2 bitfields without padding so they can by seen as just one byte, but it seems the framework doesn't have a complete support for that besides the extend function.

Thank you very much