Commit 1912abc9 by 钱炳权

Merge branch 'dev' into 'master'

Dev

See merge request !1
parents 9cfe5d97 970ef118
...@@ -15,6 +15,11 @@ ...@@ -15,6 +15,11 @@
</properties> </properties>
<dependencies> <dependencies>
<dependency> <dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.13</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId> <groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId> <artifactId>spring-boot-starter</artifactId>
</dependency> </dependency>
......
...@@ -9,6 +9,52 @@ public class kittyProperties { ...@@ -9,6 +9,52 @@ public class kittyProperties {
String path; String path;
String venvPath; String venvPath;
String methodPath; String methodPath;
String vulnerabilityTypePath;
String templateInfoHttp;
String statsHttp;
String stagesHttp;
String reportHttp;
String mutationPath;
public String getMutationPath() {
return mutationPath;
}
public void setMutationPath(String mutationPath) {
this.mutationPath = mutationPath;
}
public String getTemplateInfoHttp() {
return templateInfoHttp;
}
public void setTemplateInfoHttp(String templateInfoHttp) {
this.templateInfoHttp = templateInfoHttp;
}
public String getStatsHttp() {
return statsHttp;
}
public void setStatsHttp(String statsHttp) {
this.statsHttp = statsHttp;
}
public String getStagesHttp() {
return stagesHttp;
}
public void setStagesHttp(String stagesHttp) {
this.stagesHttp = stagesHttp;
}
public String getReportHttp() {
return reportHttp;
}
public void setReportHttp(String reportHttp) {
this.reportHttp = reportHttp;
}
public String getPath() { public String getPath() {
return path; return path;
...@@ -33,4 +79,12 @@ public class kittyProperties { ...@@ -33,4 +79,12 @@ public class kittyProperties {
public void setMethodPath(String methodPath) { public void setMethodPath(String methodPath) {
this.methodPath = methodPath; this.methodPath = methodPath;
} }
public String getVulnerabilityTypePath() {
return vulnerabilityTypePath;
}
public void setVulnerabilityTypePath(String vulnerabilityTypePath) {
this.vulnerabilityTypePath = vulnerabilityTypePath;
}
} }
package com.example.fuzzControll.constents;
public class mutationConstent {
public static final String TEST_GRANULARITY_BIT_BYTE = "test_granularity_bit_byte.py ";
public static final String TEST_MUTATED_LIBS = "test_mutated_libs.py ";
public static final String TEST_MUTATION_STRATEGY = "test_mutation_strategy.py ";
}
package com.example.fuzzControll.constents; package com.example.fuzzControll.constents;
public class protocolConstent { public class protocolConstent {
public static final String RAW = "arp_raw.py "; public static final String ARP = "arp_raw.py ";
public static final String BGP = "bgp_tcp.py "; public static final String BGP = "bgp_tcp.py ";
public static final String DHCP = "dhcp_scapy.py "; public static final String DHCP = "dhcp_scapy.py ";
public static final String DNS = "dns_scapy.py "; public static final String DNS = "dns_scapy.py ";
...@@ -9,5 +9,38 @@ public class protocolConstent { ...@@ -9,5 +9,38 @@ public class protocolConstent {
public static final String FTP = "ftp_raw.py "; public static final String FTP = "ftp_raw.py ";
public static final String HDLC = "hdlc_raw.py "; public static final String HDLC = "hdlc_raw.py ";
public static final String HTTP_DOS_QUMU = "http_dos_qemu.py "; public static final String HTTP_DOS_QUMU = "http_dos_qemu.py ";
//todo 还有一堆协议需要写 public static final String ICMP = "icmp_raw.py ";
public static final String IGMPV1 = "igmpv1_raw.py ";
public static final String IGMPV2 = "igmpv2_raw.py ";
public static final String IMAP = "imap_tcp.py ";
public static final String RADIUS = "radius_udp.py ";
public static final String SIP = "sip_raw.py ";
public static final String RPC = "rpc_udp.py ";
public static final String SSL = "ssl_raw.py ";
public static final String SSH = "ssh_raw.py ";
public static final String NFS = "nfs_tcp.py ";
public static final String NNTP = "nntp_tcp.py ";
public static final String NTP = "ntp_scapy.py ";
public static final String SNMP = "snmp_udp.py ";
public static final String UPNP = "upnp_tcp.py ";
public static final String RARP = "rarp_raw.py ";
public static final String LLDP = "lldp_raw.py ";
public static final String MSTP = "mstp_raw.py ";
public static final String PPP = "ppp_raw.py ";
public static final String PPPOE = "pppoe_raw.py ";
public static final String STP = "stp_raw.py ";
public static final String VLAN = "vlan_raw.py ";
public static final String OSPF = "ospf_raw.py ";
public static final String ISIS = "isis_raw.py ";
public static final String IP = "ip_raw.py ";
public static final String TELNET = "telnet_tcp.py ";
public static final String POP3 = "pop_tcp.py ";
public static final String IPSEC = "ipsec_raw.py ";
public static final String HTTPS = "https_raw.py ";
public static final String RIP = "rip_raw.py ";
public static final String NETBIOS = "netbios_nbns_udp.py ";
public static final String SHARP = "sharp_udp.py ";
public static final String TFTP = "tftp_scapy_field.py ";
public static final String UDP = "udp_raw.py ";
public static final String TCP = "tcp_raw.py ";
} }
package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.pojo.vo.generateMethodEntity;
import com.example.fuzzControll.pojo.vo.protocolGenerationEntity;
import com.example.fuzzControll.service.generateMethodService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/generateMethod")
public class generateMethodController {
@Autowired
generateMethodService service;
@RequestMapping(value = "/generate", method = RequestMethod.POST)
public AjaxResult upload(@RequestBody generateMethodEntity generateMethodEntity) {
try {
service.generation(generateMethodEntity);
} catch (Exception e) {
return AjaxResult.error("变异方法使用失败!");
}
return AjaxResult.success("变异方法生成成功!");
}
}
package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.service.getServerMessageService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
/**
* kitty服务器信息
*/
@RestController
@RequestMapping("/kittyServer")
public class kittyServerMessageController {
@Autowired
getServerMessageService getServerMessageService;
/**
* 获取服务器stats信息
*/
@RequestMapping(value = "/stats", method = RequestMethod.GET)
public AjaxResult getStats( ) {
try {
return AjaxResult.success(getServerMessageService.getStats());
} catch (Exception e) {
return AjaxResult.error("stats信息获取失败!");
}
}
/**
* 获取服务器templateInfo信息
*/
@RequestMapping(value = "/templateInfo", method = RequestMethod.GET)
public AjaxResult getTemplateInfo( ) {
try {
return AjaxResult.success(getServerMessageService.getTemplateInfo());
} catch (Exception e) {
return AjaxResult.error("templateInfo信息获取失败!");
}
}
/**
* 获取服务器stages信息
*/
@RequestMapping(value = "/stages", method = RequestMethod.GET)
public AjaxResult getStages( ) {
try {
return AjaxResult.success(getServerMessageService.getStages());
} catch (Exception e) {
return AjaxResult.error("stats信息获取失败!");
}
}
/**
* 获取服务器report信息
*/
@RequestMapping(value = "/report", method = RequestMethod.GET)
public AjaxResult getReport( ) {
try {
return AjaxResult.success(getServerMessageService.getReport());
} catch (Exception e) {
return AjaxResult.error("stats信息获取失败!");
}
}
}
package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.pojo.vo.protocolGenerationEntity;
import com.example.fuzzControll.service.protocolTemplateService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.multipart.MultipartFile;
@RestController
@RequestMapping("/protocolTemplate")
public class protocolTemplatController {
@Autowired
protocolTemplateService protocolTemplateService;
/**
* seeFileUpload
*/
@RequestMapping(value = "/generation", method = RequestMethod.POST)
public AjaxResult upload(@RequestBody protocolGenerationEntity protocolGeneration) {
try {
protocolTemplateService.generation(protocolGeneration);
} catch (Exception e) {
return AjaxResult.error("模板文件生成失败!");
}
return AjaxResult.success("模板文件生成成功!");
}
}
...@@ -11,6 +11,9 @@ import org.springframework.web.multipart.MultipartFile; ...@@ -11,6 +11,9 @@ import org.springframework.web.multipart.MultipartFile;
import java.util.List; import java.util.List;
/**
* aflnet种子文件
*/
@RestController @RestController
@RequestMapping("/seedFile") @RequestMapping("/seedFile")
public class seedFileController { public class seedFileController {
......
package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.service.protocolTemplateService;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.Map;
/**
* 不同类型的测试方法
*/
@RestController
@RequestMapping("/testClass")
public class testClassController {
@Autowired
generateMethodService generateMethodService;
@Autowired
mutationService mutationService;
@Autowired
protocolTemplateService protocolTemplateService;
@Autowired
vulnerabilityTypeService vulnerabilityTypeService;
/**
* 模板
*/
@RequestMapping(value = "/protocolTemplate", method = RequestMethod.POST)
public AjaxResult protocolTemplate(@RequestBody testEntity testEntity) {
try {
Map<String, List<String>> result = protocolTemplateService.generation(testEntity);
return AjaxResult.success(result==null?"模板文件生成未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("模板文件生成失败!");
}
}
/**
*生成方法
*/
@RequestMapping(value = "/generate", method = RequestMethod.POST)
public AjaxResult generate(@RequestBody testEntity testEntity) {
try {
Map<String, List<String>> result = generateMethodService.generation(testEntity);
return AjaxResult.success(result==null?"生成方法未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("生成方法使用失败!");
}
}
/**
*变异方法
*/
@RequestMapping(value = "/mutation", method = RequestMethod.POST)
public AjaxResult mutation(@RequestBody testEntity testEntity) {
try {
Map<String, List<String>> result = mutationService.generation(testEntity);
return AjaxResult.success(result==null?"mutationTest未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("mutationTest失败!");
}
}
/**
*漏洞类型
*/
@RequestMapping(value = "/vulnerabilityType", method = RequestMethod.POST)
public AjaxResult upload(@RequestBody testEntity testEntity) {
try {
Map<String, List<String>> result = vulnerabilityTypeService.generation(testEntity);
return AjaxResult.success(result==null?"漏洞类型未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("漏洞类型测试失败!");
}
}
}
...@@ -9,6 +9,9 @@ import org.springframework.web.bind.annotation.RequestMapping; ...@@ -9,6 +9,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
/**
* aflnet测试控制
*/
@RestController @RestController
@RequestMapping("/test") @RequestMapping("/test")
public class testControler { public class testControler {
......
package com.example.fuzzControll.controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/vulnerabilityType")
public class vulnerabilityTypeController {
}
package com.example.fuzzControll.pojo.vo;
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.annotation.JsonIgnore;
import lombok.Data;
import lombok.Getter;
import lombok.Setter;
@Data
@Getter
@Setter
public class protocolGenerationEntity {
String protocolName;
String[] paramJson;
}
...@@ -5,9 +5,9 @@ import lombok.Getter; ...@@ -5,9 +5,9 @@ import lombok.Getter;
import lombok.Setter; import lombok.Setter;
@Data @Data
@Setter
@Getter @Getter
public class generateMethodEntity { @Setter
String methodName; public class testEntity {
String testClassName;
String[] paramJson; String[] paramJson;
} }
package com.example.fuzzControll.service; package com.example.fuzzControll.service;
import com.example.fuzzControll.pojo.vo.generateMethodEntity; import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.pojo.vo.protocolGenerationEntity;
import java.util.List;
import java.util.Map;
public interface generateMethodService { public interface generateMethodService {
void generation(generateMethodEntity generateMethodEntity); Map<String,List<String>> generation(testEntity testEntity);
} }
package com.example.fuzzControll.service;
import java.util.List;
import java.util.Map;
public interface getServerMessageService {
String getStats();
String getTemplateInfo();
String getStages();
String getReport();
}
package com.example.fuzzControll.service.impl; package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties; import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.pojo.vo.generateMethodEntity; import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.pojo.vo.protocolGenerationEntity;
import com.example.fuzzControll.service.generateMethodService; import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.tools.cmdTools; import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Map;
@Service @Service
@Slf4j @Slf4j
public class generateMethodServiceImpl implements generateMethodService { public class generateMethodServiceImpl implements generateMethodService {
...@@ -17,37 +20,59 @@ public class generateMethodServiceImpl implements generateMethodService { ...@@ -17,37 +20,59 @@ public class generateMethodServiceImpl implements generateMethodService {
kittyProperties kitty; kittyProperties kitty;
@Override @Override
public void generation(generateMethodEntity generateMethodEntity) { public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(generateMethodEntity); String cmd = parseParameters(testEntity);
cmdTools.runProgramCmdAndResultTofile(cmd); if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
} }
public String parseParameters(generateMethodEntity generateMethodEntity) { public String parseParameters(testEntity testEntity) {
switch (generateMethodEntity.getMethodName().toLowerCase()) { switch (testEntity.getTestClassName().toLowerCase()) {
case "foreach": case "foreach":
return foreachCmd(generateMethodEntity); return cmd(testEntity, "-f");
case "repeat":
return cmd(testEntity, "-r");
case "oneof":
return cmd(testEntity, "-o");
case "switch":
return cmd(testEntity, "-s");
case "pad":
return cmd(testEntity, "-p");
case "template":
return cmd(testEntity, "-t");
case "meta":
return cmd(testEntity, "-m");
case "if":
return cmd(testEntity, "-c");
case "ifnot":
return cmd(testEntity, "-e");
case "trunc"://have error
return cmd(testEntity, "-u");
default: default:
log.error("未知变异方法![{}]", generateMethodEntity.getMethodName()); log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null; return null;
} }
} }
private String foreachCmd(generateMethodEntity generateMethodEntity) { private String cmd(testEntity testEntity, String cmd) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 5, "generationMethod"))
return "";
String target_host = null; String target_host = null;
String target_port = null; String target_port = null;
String s1 = null; String s1 = null;
String s2 = null; String s2 = null;
String s3 = null; String s3 = null;
try { try {
target_host = generateMethodEntity.getParamJson()[0]; target_host = testEntity.getParamJson()[0];
target_port = generateMethodEntity.getParamJson()[1]; target_port = testEntity.getParamJson()[1];
s1 = generateMethodEntity.getParamJson()[2]; s1 = testEntity.getParamJson()[2];
s2 = generateMethodEntity.getParamJson()[3]; s2 = testEntity.getParamJson()[3];
s3 = generateMethodEntity.getParamJson()[4]; s3 = testEntity.getParamJson()[4];
} catch (Exception e) { } catch (Exception e) {
log.error("http_dos_qemu参数解析失败!"); log.error("生成方法参数解析失败!");
} }
return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py -f " + s1 + " " + s2 + " " + s3+" --host="+target_host+" --port="+target_port; return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py " + cmd + " " + s1 + " " + s2 + " " + s3 + " --host=" + target_host + " --port=" + target_port;
} }
//todo 还有很多生成方法
} }
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.service.getServerMessageService;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpStatus;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Slf4j
@Service("getServerMessageService")
public class getServerMessageImpl implements getServerMessageService {
@Autowired
kittyProperties kitty;
public String getServerMsg(String messageName) {
switch (messageName) {
case "templateInfo": {
HttpGet httpGetTemplateInfo = new HttpGet(kitty.getTemplateInfoHttp());
try (CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse templateInfoResponse = httpClient.execute(httpGetTemplateInfo);) {
return EntityUtils.toString(templateInfoResponse.getEntity(), "utf-8");
} catch (Exception e) {
log.error("templateInfo http error!");
}
}
case "stats": {
HttpGet httpGetStats = new HttpGet(kitty.getStatsHttp());
try (CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse statsResponse = httpClient.execute(httpGetStats);) {
return EntityUtils.toString(statsResponse.getEntity(), "utf-8");
} catch (Exception e) {
log.error("stats http error!");
}
}
case "report": {
HttpGet httpGetStats = new HttpGet(kitty.getReportHttp());
try (CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse reportResponse = httpClient.execute(httpGetStats);) {
return EntityUtils.toString(reportResponse.getEntity(), "utf-8");
} catch (Exception e) {
log.error("report http error!");
}
}
case "stages": {
HttpGet httpGetStats = new HttpGet(kitty.getStagesHttp());
try (CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse stagesResponse = httpClient.execute(httpGetStats);) {
return EntityUtils.toString(stagesResponse.getEntity(), "utf-8");
} catch (Exception e) {
log.error("stages http error!");
}
}
default:
return "";
}
}
@Override
public String getStats() {
return getServerMsg("stats");
}
@Override
public String getTemplateInfo() {
return getServerMsg("templateInfo");
}
@Override
public String getStages() {
return getServerMsg("report");
}
@Override
public String getReport() {
return getServerMsg("stages");
}
}
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.constents.mutationConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Map;
@Service("mutationService")
@Slf4j
class mutationServiceImpl implements mutationService {
cmdTools cmdTools = new cmdTools();
@Autowired
kittyProperties kitty;
@Override
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "bit":
return variationGranularityCmd(testEntity, 1);
case "byte":
return variationGranularityCmd(testEntity, 2);
case "sqlinjection":
return distortionLibCmd(testEntity, 2);
case "commandinjection":
return distortionLibCmd(testEntity, 1);
case "outofbuffer":
return distortionLibCmd(testEntity, 3);
case "directorytraversal":
return distortionLibCmd(testEntity, 4);
case "8-bitinteger":
return distortionLibCmd(testEntity, 5);
case "16-bitinteger":
return distortionLibCmd(testEntity, 6);
case "32-bitinteger":
return distortionLibCmd(testEntity, 7);
case "bitflip"://noresponse
return distortionLibCmd(testEntity, 8);
case "twobitflip"://noresponse
return distortionLibCmd(testEntity, 9);
case "fourbitflip"://noresponse
return distortionLibCmd(testEntity, 10);
case "byteflip"://noresponse
return distortionLibCmd(testEntity, 11);
case "wordflip"://noresponse
return distortionLibCmd(testEntity, 12);
case "dwordflip"://noresponse
return distortionLibCmd(testEntity, 13);
case "blockremove"://noresponse
return distortionLibCmd(testEntity, 14);
case "blockduplicate"://noresponse
return distortionLibCmd(testEntity, 15);
case "blockset"://noresponse
return distortionLibCmd(testEntity, 16);
case "bitflips"://noresponse
return distortionLibCmd(testEntity, 17);
case "byteflips":
return mutationStrategyCmd(testEntity, 1);
case "interestint8muta":
return mutationStrategyCmd(testEntity, 2);
case "interestint16muta":
return mutationStrategyCmd(testEntity, 3);
case "interestint32muta":
return mutationStrategyCmd(testEntity, 4);
case "onebyterndom":
return mutationStrategyCmd(testEntity, 5);
case "mutibytesrandom":
return mutationStrategyCmd(testEntity, 6);
case "deleteonebyterandom":
return mutationStrategyCmd(testEntity, 7);
case "deletemutibytesrandom":
return mutationStrategyCmd(testEntity, 8);
case "shufflebytesrandom":
return mutationStrategyCmd(testEntity, 9);
case "swapadjointwobytes":
return mutationStrategyCmd(testEntity, 10);
default:
log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null;
}
}
private String distortionLibCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "distortionLib" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("distortionLib [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATED_LIBS + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String variationGranularityCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "variationGranularity" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("variationGranularity [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_GRANULARITY_BIT_BYTE + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String mutationStrategyCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "mutationStrategy" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("mutationStrategy [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATION_STRATEGY + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
}
\ No newline at end of file
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import com.example.fuzzControll.tools.cmdTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.List;
import java.util.Map;
@Slf4j
@Service("vulnerabilityTypeService")
public class vulnerabilityTypeServiceImpl implements vulnerabilityTypeService {
cmdTools cmdTools = new cmdTools();
@Autowired
kittyProperties kitty;
@Override
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "array_index_out_of_bounds_vulnerabilit"://have error
return cmd(testEntity, 0);
case "boundary_condition_vulnerability"://have error
return cmd(testEntity, 1);
case "buffer_overflow_vulnerability"://have error
return cmd(testEntity, 2);
case "command_injection_vulnerability"://have error
return cmd(testEntity, 3);
case "memory_duplicate_release_vulnerability"://have error
return cmd(testEntity, 4);
case "format_string_vulnerability"://have error
return cmd(testEntity, 5);
case "integer_overflow_vulnerability"://have error
return cmd(testEntity, 6);
case "numeric_error_vulnerabilit"://have error
return cmd(testEntity, 7);
case "symbol_extension_vulnerability"://have error
return cmd(testEntity, 8);
case "uaf_vulnerabilit"://have error
return cmd(testEntity, 9);
case "cross_script_vulnerability"://have error
return cmd(testEntity, 10);
case "sql_injection_vulnerabilit"://have error
return cmd(testEntity, 11);
default:
log.error("未知漏洞![{}]", testEntity.getTestClassName());
return null;
}
}
private String cmd(testEntity testEntity, int kindNum) {
return kitty.getVenvPath() + " " + kitty.getVulnerabilityTypePath() + "vul_types_test.py " + kindNum;
}
//todo 还有很多类型要写
}
package com.example.fuzzControll.service;
import com.example.fuzzControll.pojo.vo.testEntity;
import java.util.List;
import java.util.Map;
public interface mutationService {
Map<String, List<String>> generation(testEntity testEntity);
}
package com.example.fuzzControll.service; package com.example.fuzzControll.service;
import com.alibaba.fastjson.JSONObject; import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.pojo.vo.protocolGenerationEntity;
import org.springframework.web.multipart.MultipartFile; import java.util.List;
import java.util.Map;
public interface protocolTemplateService { public interface protocolTemplateService {
void generation(protocolGenerationEntity protocolGeneration); Map<String,List<String>> generation(testEntity testEntity);
} }
package com.example.fuzzControll.service;
import com.example.fuzzControll.pojo.vo.testEntity;
import java.util.List;
import java.util.Map;
public interface vulnerabilityTypeService {
Map<String, List<String>> generation(testEntity testEntity);
}
...@@ -8,8 +8,8 @@ import com.example.fuzzControll.pojo.vo.testReturnEntity; ...@@ -8,8 +8,8 @@ import com.example.fuzzControll.pojo.vo.testReturnEntity;
import java.io.*; import java.io.*;
import java.util.ArrayList; import java.util.*;
import java.util.List;
//todo need modify //todo need modify
public class cmdTools { public class cmdTools {
...@@ -54,18 +54,24 @@ public class cmdTools { ...@@ -54,18 +54,24 @@ public class cmdTools {
* 运行需要后台运行cmd * 运行需要后台运行cmd
* 将数据存入文件中 * 将数据存入文件中
*/ */
public void runProgramCmdAndResultTofile(String cmd) { public Map<String, List<String>> runProgramCmdAndResult(String cmd) {
Map<String, List<String>> result = new HashMap();
List<String> out = Collections.synchronizedList(new ArrayList<>());
List<String> error = Collections.synchronizedList(new ArrayList<>());
try { try {
Process process = Runtime.getRuntime().exec(cmd); Process process = Runtime.getRuntime().exec(cmd);
printMessageToFile(process.getInputStream()); printMessageByProgramCmd(process.getInputStream(), out);
printMessageToFile(process.getErrorStream()); printMessageByProgramCmd(process.getErrorStream(), error);
process.waitFor(); process.waitFor();
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); e.printStackTrace();
} }
result.put("out", out);
result.put("error", error);
return result;
} }
private void printMessageToFile(InputStream input) { private List<String> printMessageByProgramCmd(InputStream input, List<String> result) throws InterruptedException {
new Thread(new Runnable() { new Thread(new Runnable() {
@Override @Override
public void run() { public void run() {
...@@ -74,7 +80,7 @@ public class cmdTools { ...@@ -74,7 +80,7 @@ public class cmdTools {
String line = null; String line = null;
try { try {
while ((line = bf.readLine()) != null) { while ((line = bf.readLine()) != null) {
System.out.println(line); result.add(line);
} }
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
...@@ -82,6 +88,7 @@ public class cmdTools { ...@@ -82,6 +88,7 @@ public class cmdTools {
} }
}).start(); }).start();
return result;
} }
private List<String> printMessage(final InputStream input, List<String> result) { private List<String> printMessage(final InputStream input, List<String> result) {
...@@ -105,21 +112,6 @@ public class cmdTools { ...@@ -105,21 +112,6 @@ public class cmdTools {
} }
private void printMessageToWeb(final InputStream input, Process process) throws IOException { private void printMessageToWeb(final InputStream input, Process process) throws IOException {
// try (FileOutputStream outputStream = new FileOutputStream("/home/qbq/1.text");
// BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(outputStream);) {
//
// byte[] buffer = new byte[1024];
// int bytesRead;
// while ((bytesRead = input.read(buffer)) != -1) {
// bufferedOutputStream.write(buffer, 0, bytesRead);
// }
// if (testControlTools.getIsRunning()) {
// process.destroy();
// }
// } catch (Exception e) {
// e.printStackTrace();
// }
Reader reader = new InputStreamReader(input); Reader reader = new InputStreamReader(input);
BufferedReader bf = new BufferedReader(reader); BufferedReader bf = new BufferedReader(reader);
String line = null; String line = null;
...@@ -262,4 +254,5 @@ public class cmdTools { ...@@ -262,4 +254,5 @@ public class cmdTools {
} }
return cmd.toString(); return cmd.toString();
} }
} }
\ No newline at end of file
package com.example.fuzzControll.tools;
//todo 对ip等增加正则判断
public class regularTools {
}
package com.example.fuzzControll.tools;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class testTools {
public static boolean paramsLenghtTest(int paramsLen,int needParamsLen,String name){
Boolean isOk = paramsLen==needParamsLen;
if(!isOk){
log.error("[{}]所需参数与获取参数不符!",name);
}
return isOk==true?true:false;
}
}
...@@ -19,4 +19,10 @@ filepath: ...@@ -19,4 +19,10 @@ filepath:
kitty: kitty:
path: "/home/qbq/fuzz50/kitty/renix/" #kitty项目下的各协议生成模板python文件路径 path: "/home/qbq/fuzz50/kitty/renix/" #kitty项目下的各协议生成模板python文件路径
venvPath: "/home/qbq/fuzz50/kitty/venv/bin/python" venvPath: "/home/qbq/fuzz50/kitty/venv/bin/python"
methodPath: "/home/qbq/fuzz50/kitty/2020test/"#kitty下变异方法路径 methodPath: "/home/qbq/fuzz50/kitty/2020test/"#kitty下变异方法路径
\ No newline at end of file vulnerabilityTypePath: "/home/qbq/fuzz50/kitty/2020test/"#kitty下漏洞类型python路径
mutationPath: "/home/qbq/fuzz50/kitty/2020test/"
templateInfoHttp: "http://127.0.0.1:26001/api/template_info.json"#模板信息请求链接
statsHttp: "http://127.0.0.1:26001/api/stats.json"#运行时数据
stagesHttp: "http://127.0.0.1:26001/api/stages.json"#
reportHttp: "http://127.0.0.1:26001/api/report"#
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
var ws1 = null; var ws1 = null;
var ws2 = null; var ws2 = null;
function myFunction() { function myFunction() {
ws1 = new WebSocket("ws://127.0.0.1:8080/websocket/testResult/" + "web"+100); ws1 = new WebSocket("ws://192.168.37.149:8100/websocket/testResult/" + "web");
ws1.onmessage = function (evt) { ws1.onmessage = function (evt) {
console.log(evt); console.log(evt);
var received_msg =JSON.parse(evt.data) ; var received_msg =JSON.parse(evt.data) ;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment