Skip to content

F
fuzzBackEnd
Commit 970ef118 by 钱炳权
Options

24/4/7 生成方法、协议模板、漏洞类型、变异方法,接口功能开发完成

parent 13284f0d
master dev qbq-dev zhongshan
1 merge request!1Dev
Showing with 231 additions and 47 deletions
fuzzbackend/src/main/java/com/example/fuzzControll/constents/mutationConstent.java
package com.example.fuzzControll.constents;
public class mutationConstent {
public static final String GET_FILE_NAME = "ls -h ";
public static final String TEST_GRANULARITY_BIT_BYTE = "test_granularity_bit_byte.py ";
public static final String TEST_MUTATED_LIBS = "test_mutated_libs.py ";
public static final String TEST_MUTATION_STRATEGY = "test_mutation_strategy.py ";
}
fuzzbackend/src/main/java/com/example/fuzzControll/constents/protocolConstent.java
package com.example.fuzzControll.constents;
public class protocolConstent {
public static final String RAW = "arp_raw.py ";
public static final String ARP = "arp_raw.py ";
public static final String BGP = "bgp_tcp.py ";
public static final String DHCP = "dhcp_scapy.py ";
public static final String DNS = "dns_scapy.py ";
......@@ -9,5 +9,38 @@ public class protocolConstent {
public static final String FTP = "ftp_raw.py ";
public static final String HDLC = "hdlc_raw.py ";
public static final String HTTP_DOS_QUMU = "http_dos_qemu.py ";
//todo 还有一堆协议需要写
public static final String ICMP = "icmp_raw.py ";
public static final String IGMPV1 = "igmpv1_raw.py ";
public static final String IGMPV2 = "igmpv2_raw.py ";
public static final String IMAP = "imap_tcp.py ";
public static final String RADIUS = "radius_udp.py ";
public static final String SIP = "sip_raw.py ";
public static final String RPC = "rpc_udp.py ";
public static final String SSL = "ssl_raw.py ";
public static final String SSH = "ssh_raw.py ";
public static final String NFS = "nfs_tcp.py ";
public static final String NNTP = "nntp_tcp.py ";
public static final String NTP = "ntp_scapy.py ";
public static final String SNMP = "snmp_udp.py ";
public static final String UPNP = "upnp_tcp.py ";
public static final String RARP = "rarp_raw.py ";
public static final String LLDP = "lldp_raw.py ";
public static final String MSTP = "mstp_raw.py ";
public static final String PPP = "ppp_raw.py ";
public static final String PPPOE = "pppoe_raw.py ";
public static final String STP = "stp_raw.py ";
public static final String VLAN = "vlan_raw.py ";
public static final String OSPF = "ospf_raw.py ";
public static final String ISIS = "isis_raw.py ";
public static final String IP = "ip_raw.py ";
public static final String TELNET = "telnet_tcp.py ";
public static final String POP3 = "pop_tcp.py ";
public static final String IPSEC = "ipsec_raw.py ";
public static final String HTTPS = "https_raw.py ";
public static final String RIP = "rip_raw.py ";
public static final String NETBIOS = "netbios_nbns_udp.py ";
public static final String SHARP = "sharp_udp.py ";
public static final String TFTP = "tftp_scapy_field.py ";
public static final String UDP = "udp_raw.py ";
public static final String TCP = "tcp_raw.py ";
}
fuzzbackend/src/main/java/com/example/fuzzControll/constents/vulnerabilityTypeConstent.java deleted 100644 → 0
package com.example.fuzzControll.constents;
public class vulnerabilityTypeConstent {
public static final String ARRAY_INDEX_OUT_OF_BOUNDS_VULNERABILIT = "0";
}
fuzzbackend/src/main/java/com/example/fuzzControll/controller/testClassController.java
......@@ -3,7 +3,7 @@ package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.service.getServerMessageService;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.service.protocolTemplateService;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -12,6 +12,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.Map;
/**
* 不同类型的测试方法
*/
......@@ -21,7 +24,7 @@ public class testClassController {
@Autowired
generateMethodService generateMethodService;
@Autowired
getServerMessageService getServerMessageService;
mutationService mutationService;
@Autowired
protocolTemplateService protocolTemplateService;
@Autowired
......@@ -32,7 +35,8 @@ public class testClassController {
@RequestMapping(value = "/protocolTemplate", method = RequestMethod.POST)
public AjaxResult protocolTemplate(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(protocolTemplateService.generation(testEntity));
Map<String, List<String>> result = protocolTemplateService.generation(testEntity);
return AjaxResult.success(result==null?"模板文件生成未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("模板文件生成失败!");
}
......@@ -44,9 +48,10 @@ public class testClassController {
@RequestMapping(value = "/generate", method = RequestMethod.POST)
public AjaxResult generate(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(generateMethodService.generation(testEntity));
Map<String, List<String>> result = generateMethodService.generation(testEntity);
return AjaxResult.success(result==null?"生成方法未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("变异方法使用失败!");
return AjaxResult.error("生成方法使用失败!");
}
}
......@@ -54,9 +59,10 @@ public class testClassController {
*变异方法
*/
@RequestMapping(value = "/mutation", method = RequestMethod.POST)
public AjaxResult mutation() {
public AjaxResult mutation(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(getServerMessageService.getStats());
Map<String, List<String>> result = mutationService.generation(testEntity);
return AjaxResult.success(result==null?"mutationTest未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("mutationTest失败!");
}
......@@ -68,7 +74,8 @@ public class testClassController {
@RequestMapping(value = "/vulnerabilityType", method = RequestMethod.POST)
public AjaxResult upload(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(vulnerabilityTypeService.generation(testEntity));
Map<String, List<String>> result = vulnerabilityTypeService.generation(testEntity);
return AjaxResult.success(result==null?"漏洞类型未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("漏洞类型测试失败!");
}
......
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/generateMethodServiceImpl.java
......@@ -4,6 +4,7 @@ import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -19,22 +20,45 @@ public class generateMethodServiceImpl implements generateMethodService {
kittyProperties kitty;
@Override
public Map<String,List<String>> generation(testEntity testEntity) {
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "foreach":
return foreachCmd(testEntity);
return cmd(testEntity, "-f");
case "repeat":
return cmd(testEntity, "-r");
case "oneof":
return cmd(testEntity, "-o");
case "switch":
return cmd(testEntity, "-s");
case "pad":
return cmd(testEntity, "-p");
case "template":
return cmd(testEntity, "-t");
case "meta":
return cmd(testEntity, "-m");
case "if":
return cmd(testEntity, "-c");
case "ifnot":
return cmd(testEntity, "-e");
case "trunc"://have error
return cmd(testEntity, "-u");
default:
log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null;
}
}
private String foreachCmd(testEntity testEntity) {
private String cmd(testEntity testEntity, String cmd) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 5, "generationMethod"))
return "";
String target_host = null;
String target_port = null;
String s1 = null;
......@@ -47,9 +71,8 @@ public class generateMethodServiceImpl implements generateMethodService {
s2 = testEntity.getParamJson()[3];
s3 = testEntity.getParamJson()[4];
} catch (Exception e) {
log.error("http_dos_qemu参数解析失败!");
log.error("生成方法参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py -f " + s1 + " " + s2 + " " + s3+" --host="+target_host+" --port="+target_port;
return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py " + cmd + " " + s1 + " " + s2 + " " + s3 + " --host=" + target_host + " --port=" + target_port;
}
//todo 还有很多生成方法
}
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/mutationServiceImpl.java
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.constents.mutationConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -13,44 +15,127 @@ import java.util.Map;
@Service("mutationService")
@Slf4j
public class mutationServiceImpl implements mutationService {
class mutationServiceImpl implements mutationService {
cmdTools cmdTools = new cmdTools();
@Autowired
kittyProperties kitty;
@Override
public Map<String,List<String>> generation(testEntity testEntity) {
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "foreach":
return foreachCmd(testEntity);
case "bit":
return variationGranularityCmd(testEntity, 1);
case "byte":
return variationGranularityCmd(testEntity, 2);
case "sqlinjection":
return distortionLibCmd(testEntity, 2);
case "commandinjection":
return distortionLibCmd(testEntity, 1);
case "outofbuffer":
return distortionLibCmd(testEntity, 3);
case "directorytraversal":
return distortionLibCmd(testEntity, 4);
case "8-bitinteger":
return distortionLibCmd(testEntity, 5);
case "16-bitinteger":
return distortionLibCmd(testEntity, 6);
case "32-bitinteger":
return distortionLibCmd(testEntity, 7);
case "bitflip"://noresponse
return distortionLibCmd(testEntity, 8);
case "twobitflip"://noresponse
return distortionLibCmd(testEntity, 9);
case "fourbitflip"://noresponse
return distortionLibCmd(testEntity, 10);
case "byteflip"://noresponse
return distortionLibCmd(testEntity, 11);
case "wordflip"://noresponse
return distortionLibCmd(testEntity, 12);
case "dwordflip"://noresponse
return distortionLibCmd(testEntity, 13);
case "blockremove"://noresponse
return distortionLibCmd(testEntity, 14);
case "blockduplicate"://noresponse
return distortionLibCmd(testEntity, 15);
case "blockset"://noresponse
return distortionLibCmd(testEntity, 16);
case "bitflips"://noresponse
return distortionLibCmd(testEntity, 17);
case "byteflips":
return mutationStrategyCmd(testEntity, 1);
case "interestint8muta":
return mutationStrategyCmd(testEntity, 2);
case "interestint16muta":
return mutationStrategyCmd(testEntity, 3);
case "interestint32muta":
return mutationStrategyCmd(testEntity, 4);
case "onebyterndom":
return mutationStrategyCmd(testEntity, 5);
case "mutibytesrandom":
return mutationStrategyCmd(testEntity, 6);
case "deleteonebyterandom":
return mutationStrategyCmd(testEntity, 7);
case "deletemutibytesrandom":
return mutationStrategyCmd(testEntity, 8);
case "shufflebytesrandom":
return mutationStrategyCmd(testEntity, 9);
case "swapadjointwobytes":
return mutationStrategyCmd(testEntity, 10);
default:
log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null;
}
}
private String foreachCmd(testEntity testEntity) {
String target_host = null;
String target_port = null;
String s1 = null;
String s2 = null;
String s3 = null;
private String distortionLibCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "distortionLib" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("distortionLib [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATED_LIBS + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String variationGranularityCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "variationGranularity" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("variationGranularity [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_GRANULARITY_BIT_BYTE + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String mutationStrategyCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "mutationStrategy" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
target_host = testEntity.getParamJson()[0];
target_port = testEntity.getParamJson()[1];
s1 = testEntity.getParamJson()[2];
s2 = testEntity.getParamJson()[3];
s3 = testEntity.getParamJson()[4];
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("http_dos_qemu参数解析失败!");
log.error("mutationStrategy [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + "generate_method_test.py -f " + s1 + " " + s2 + " " + s3+" --host="+target_host+" --port="+target_port;
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATION_STRATEGY + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
//todo 还有很多生成方法
}
}
\ No newline at end of file
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/vulnerabilityTypeServiceImpl.java
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.constents.vulnerabilityTypeConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import com.example.fuzzControll.tools.cmdTools;
......@@ -27,16 +26,38 @@ public class vulnerabilityTypeServiceImpl implements vulnerabilityTypeService {
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "array_index_out_of_bounds_vulnerabilit":
return arrayIndexOutOfBoundsVulnerabilitCmd(testEntity);
case "array_index_out_of_bounds_vulnerabilit"://have error
return cmd(testEntity, 0);
case "boundary_condition_vulnerability"://have error
return cmd(testEntity, 1);
case "buffer_overflow_vulnerability"://have error
return cmd(testEntity, 2);
case "command_injection_vulnerability"://have error
return cmd(testEntity, 3);
case "memory_duplicate_release_vulnerability"://have error
return cmd(testEntity, 4);
case "format_string_vulnerability"://have error
return cmd(testEntity, 5);
case "integer_overflow_vulnerability"://have error
return cmd(testEntity, 6);
case "numeric_error_vulnerabilit"://have error
return cmd(testEntity, 7);
case "symbol_extension_vulnerability"://have error
return cmd(testEntity, 8);
case "uaf_vulnerabilit"://have error
return cmd(testEntity, 9);
case "cross_script_vulnerability"://have error
return cmd(testEntity, 10);
case "sql_injection_vulnerabilit"://have error
return cmd(testEntity, 11);
default:
log.error("未知漏洞![{}]", testEntity.getTestClassName());
return null;
}
}
private String arrayIndexOutOfBoundsVulnerabilitCmd(testEntity testEntity) {
return kitty.getVenvPath() + " " + kitty.getVulnerabilityTypePath() +"vul_types_test.py "+ vulnerabilityTypeConstent.ARRAY_INDEX_OUT_OF_BOUNDS_VULNERABILIT ;
private String cmd(testEntity testEntity, int kindNum) {
return kitty.getVenvPath() + " " + kitty.getVulnerabilityTypePath() + "vul_types_test.py " + kindNum;
}
//todo 还有很多类型要写
}
fuzzbackend/src/main/java/com/example/fuzzControll/tools/regularTools.java 0 → 100644
package com.example.fuzzControll.tools;
//todo 对ip等增加正则判断
public class regularTools {
}
fuzzbackend/src/main/java/com/example/fuzzControll/tools/testTools.java 0 → 100644
package com.example.fuzzControll.tools;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class testTools {
public static boolean paramsLenghtTest(int paramsLen,int needParamsLen,String name){
Boolean isOk = paramsLen==needParamsLen;
if(!isOk){
log.error("[{}]所需参数与获取参数不符!",name);
}
return isOk==true?true:false;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment