Skip to content

F
fuzzBackEnd
Commit 970ef118 by 钱炳权
Options

24/4/7 生成方法、协议模板、漏洞类型、变异方法,接口功能开发完成

parent 13284f0d
Showing with 858 additions and 85 deletions
fuzzbackend/src/main/java/com/example/fuzzControll/constents/mutationConstent.java
package com.example.fuzzControll.constents;
public class mutationConstent {
public static final String GET_FILE_NAME = "ls -h ";
public static final String TEST_GRANULARITY_BIT_BYTE = "test_granularity_bit_byte.py ";
public static final String TEST_MUTATED_LIBS = "test_mutated_libs.py ";
public static final String TEST_MUTATION_STRATEGY = "test_mutation_strategy.py ";
}
fuzzbackend/src/main/java/com/example/fuzzControll/constents/protocolConstent.java
package com.example.fuzzControll.constents;
public class protocolConstent {
public static final String RAW = "arp_raw.py ";
public static final String ARP = "arp_raw.py ";
public static final String BGP = "bgp_tcp.py ";
public static final String DHCP = "dhcp_scapy.py ";
public static final String DNS = "dns_scapy.py ";
......@@ -9,5 +9,38 @@ public class protocolConstent {
public static final String FTP = "ftp_raw.py ";
public static final String HDLC = "hdlc_raw.py ";
public static final String HTTP_DOS_QUMU = "http_dos_qemu.py ";
//todo 还有一堆协议需要写
public static final String ICMP = "icmp_raw.py ";
public static final String IGMPV1 = "igmpv1_raw.py ";
public static final String IGMPV2 = "igmpv2_raw.py ";
public static final String IMAP = "imap_tcp.py ";
public static final String RADIUS = "radius_udp.py ";
public static final String SIP = "sip_raw.py ";
public static final String RPC = "rpc_udp.py ";
public static final String SSL = "ssl_raw.py ";
public static final String SSH = "ssh_raw.py ";
public static final String NFS = "nfs_tcp.py ";
public static final String NNTP = "nntp_tcp.py ";
public static final String NTP = "ntp_scapy.py ";
public static final String SNMP = "snmp_udp.py ";
public static final String UPNP = "upnp_tcp.py ";
public static final String RARP = "rarp_raw.py ";
public static final String LLDP = "lldp_raw.py ";
public static final String MSTP = "mstp_raw.py ";
public static final String PPP = "ppp_raw.py ";
public static final String PPPOE = "pppoe_raw.py ";
public static final String STP = "stp_raw.py ";
public static final String VLAN = "vlan_raw.py ";
public static final String OSPF = "ospf_raw.py ";
public static final String ISIS = "isis_raw.py ";
public static final String IP = "ip_raw.py ";
public static final String TELNET = "telnet_tcp.py ";
public static final String POP3 = "pop_tcp.py ";
public static final String IPSEC = "ipsec_raw.py ";
public static final String HTTPS = "https_raw.py ";
public static final String RIP = "rip_raw.py ";
public static final String NETBIOS = "netbios_nbns_udp.py ";
public static final String SHARP = "sharp_udp.py ";
public static final String TFTP = "tftp_scapy_field.py ";
public static final String UDP = "udp_raw.py ";
public static final String TCP = "tcp_raw.py ";
}
fuzzbackend/src/main/java/com/example/fuzzControll/constents/vulnerabilityTypeConstent.java deleted 100644 → 0
package com.example.fuzzControll.constents;
public class vulnerabilityTypeConstent {
public static final String ARRAY_INDEX_OUT_OF_BOUNDS_VULNERABILIT = "0";
}
fuzzbackend/src/main/java/com/example/fuzzControll/controller/testClassController.java
......@@ -3,7 +3,7 @@ package com.example.fuzzControll.controller;
import com.example.fuzzControll.pojo.vo.AjaxResult;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.service.getServerMessageService;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.service.protocolTemplateService;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import org.springframework.beans.factory.annotation.Autowired;
......@@ -12,6 +12,9 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.Map;
/**
* 不同类型的测试方法
*/
......@@ -21,7 +24,7 @@ public class testClassController {
@Autowired
generateMethodService generateMethodService;
@Autowired
getServerMessageService getServerMessageService;
mutationService mutationService;
@Autowired
protocolTemplateService protocolTemplateService;
@Autowired
......@@ -32,7 +35,8 @@ public class testClassController {
@RequestMapping(value = "/protocolTemplate", method = RequestMethod.POST)
public AjaxResult protocolTemplate(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(protocolTemplateService.generation(testEntity));
Map<String, List<String>> result = protocolTemplateService.generation(testEntity);
return AjaxResult.success(result==null?"模板文件生成未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("模板文件生成失败!");
}
......@@ -44,9 +48,10 @@ public class testClassController {
@RequestMapping(value = "/generate", method = RequestMethod.POST)
public AjaxResult generate(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(generateMethodService.generation(testEntity));
Map<String, List<String>> result = generateMethodService.generation(testEntity);
return AjaxResult.success(result==null?"生成方法未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("变异方法使用失败!");
return AjaxResult.error("生成方法使用失败!");
}
}
......@@ -54,9 +59,10 @@ public class testClassController {
*变异方法
*/
@RequestMapping(value = "/mutation", method = RequestMethod.POST)
public AjaxResult mutation() {
public AjaxResult mutation(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(getServerMessageService.getStats());
Map<String, List<String>> result = mutationService.generation(testEntity);
return AjaxResult.success(result==null?"mutationTest未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("mutationTest失败!");
}
......@@ -68,7 +74,8 @@ public class testClassController {
@RequestMapping(value = "/vulnerabilityType", method = RequestMethod.POST)
public AjaxResult upload(@RequestBody testEntity testEntity) {
try {
return AjaxResult.success(vulnerabilityTypeService.generation(testEntity));
Map<String, List<String>> result = vulnerabilityTypeService.generation(testEntity);
return AjaxResult.success(result==null?"漏洞类型未成功运行":result);
} catch (Exception e) {
return AjaxResult.error("漏洞类型测试失败!");
}
......
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/generateMethodServiceImpl.java
......@@ -4,6 +4,7 @@ import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.generateMethodService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -19,22 +20,45 @@ public class generateMethodServiceImpl implements generateMethodService {
kittyProperties kitty;
@Override
public Map<String,List<String>> generation(testEntity testEntity) {
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "foreach":
return foreachCmd(testEntity);
return cmd(testEntity, "-f");
case "repeat":
return cmd(testEntity, "-r");
case "oneof":
return cmd(testEntity, "-o");
case "switch":
return cmd(testEntity, "-s");
case "pad":
return cmd(testEntity, "-p");
case "template":
return cmd(testEntity, "-t");
case "meta":
return cmd(testEntity, "-m");
case "if":
return cmd(testEntity, "-c");
case "ifnot":
return cmd(testEntity, "-e");
case "trunc"://have error
return cmd(testEntity, "-u");
default:
log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null;
}
}
private String foreachCmd(testEntity testEntity) {
private String cmd(testEntity testEntity, String cmd) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 5, "generationMethod"))
return "";
String target_host = null;
String target_port = null;
String s1 = null;
......@@ -47,9 +71,8 @@ public class generateMethodServiceImpl implements generateMethodService {
s2 = testEntity.getParamJson()[3];
s3 = testEntity.getParamJson()[4];
} catch (Exception e) {
log.error("http_dos_qemu参数解析失败!");
log.error("生成方法参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py -f " + s1 + " " + s2 + " " + s3+" --host="+target_host+" --port="+target_port;
return kitty.getVenvPath() + " " + kitty.getMethodPath() + "generate_method_test.py " + cmd + " " + s1 + " " + s2 + " " + s3 + " --host=" + target_host + " --port=" + target_port;
}
//todo 还有很多生成方法
}
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/mutationServiceImpl.java
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.constents.mutationConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.mutationService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -13,44 +15,127 @@ import java.util.Map;
@Service("mutationService")
@Slf4j
public class mutationServiceImpl implements mutationService {
class mutationServiceImpl implements mutationService {
cmdTools cmdTools = new cmdTools();
@Autowired
kittyProperties kitty;
@Override
public Map<String,List<String>> generation(testEntity testEntity) {
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "foreach":
return foreachCmd(testEntity);
case "bit":
return variationGranularityCmd(testEntity, 1);
case "byte":
return variationGranularityCmd(testEntity, 2);
case "sqlinjection":
return distortionLibCmd(testEntity, 2);
case "commandinjection":
return distortionLibCmd(testEntity, 1);
case "outofbuffer":
return distortionLibCmd(testEntity, 3);
case "directorytraversal":
return distortionLibCmd(testEntity, 4);
case "8-bitinteger":
return distortionLibCmd(testEntity, 5);
case "16-bitinteger":
return distortionLibCmd(testEntity, 6);
case "32-bitinteger":
return distortionLibCmd(testEntity, 7);
case "bitflip"://noresponse
return distortionLibCmd(testEntity, 8);
case "twobitflip"://noresponse
return distortionLibCmd(testEntity, 9);
case "fourbitflip"://noresponse
return distortionLibCmd(testEntity, 10);
case "byteflip"://noresponse
return distortionLibCmd(testEntity, 11);
case "wordflip"://noresponse
return distortionLibCmd(testEntity, 12);
case "dwordflip"://noresponse
return distortionLibCmd(testEntity, 13);
case "blockremove"://noresponse
return distortionLibCmd(testEntity, 14);
case "blockduplicate"://noresponse
return distortionLibCmd(testEntity, 15);
case "blockset"://noresponse
return distortionLibCmd(testEntity, 16);
case "bitflips"://noresponse
return distortionLibCmd(testEntity, 17);
case "byteflips":
return mutationStrategyCmd(testEntity, 1);
case "interestint8muta":
return mutationStrategyCmd(testEntity, 2);
case "interestint16muta":
return mutationStrategyCmd(testEntity, 3);
case "interestint32muta":
return mutationStrategyCmd(testEntity, 4);
case "onebyterndom":
return mutationStrategyCmd(testEntity, 5);
case "mutibytesrandom":
return mutationStrategyCmd(testEntity, 6);
case "deleteonebyterandom":
return mutationStrategyCmd(testEntity, 7);
case "deletemutibytesrandom":
return mutationStrategyCmd(testEntity, 8);
case "shufflebytesrandom":
return mutationStrategyCmd(testEntity, 9);
case "swapadjointwobytes":
return mutationStrategyCmd(testEntity, 10);
default:
log.error("未知变异方法![{}]", testEntity.getTestClassName());
return null;
}
}
private String foreachCmd(testEntity testEntity) {
String target_host = null;
String target_port = null;
String s1 = null;
String s2 = null;
String s3 = null;
private String distortionLibCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "distortionLib" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("distortionLib [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATED_LIBS + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String variationGranularityCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "variationGranularity" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("variationGranularity [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_GRANULARITY_BIT_BYTE + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
private String mutationStrategyCmd(testEntity testEntity, int methodNum) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "mutationStrategy" + methodNum))
return "";
String dst_ip = null;
String dst_port = null;
try {
target_host = testEntity.getParamJson()[0];
target_port = testEntity.getParamJson()[1];
s1 = testEntity.getParamJson()[2];
s2 = testEntity.getParamJson()[3];
s3 = testEntity.getParamJson()[4];
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("http_dos_qemu参数解析失败!");
log.error("mutationStrategy [{}] 参数解析失败!", methodNum);
}
return kitty.getVenvPath() + " " + kitty.getMutationPath() + "generate_method_test.py -f " + s1 + " " + s2 + " " + s3+" --host="+target_host+" --port="+target_port;
return kitty.getVenvPath() + " " + kitty.getMutationPath() + mutationConstent.TEST_MUTATION_STRATEGY + " -g " + methodNum + " -d " + dst_ip + " -p " + dst_port;
}
//todo 还有很多生成方法
}
}
\ No newline at end of file
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/protocolTemplateImpl.java
......@@ -6,6 +6,7 @@ import com.example.fuzzControll.constents.protocolConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.protocolTemplateService;
import com.example.fuzzControll.tools.cmdTools;
import com.example.fuzzControll.tools.testTools;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
......@@ -21,124 +22,712 @@ public class protocolTemplateImpl implements protocolTemplateService {
kittyProperties kitty;
@Override
public Map<String,List<String>> generation(testEntity testEntity) {
public Map<String, List<String>> generation(testEntity testEntity) {
String cmd = parseParameters(testEntity);
if (cmd.isEmpty()) {
return null;
}
return cmdTools.runProgramCmdAndResult(cmd);
}
public String parseParameters(testEntity protocolGeneration) {
switch (protocolGeneration.getTestClassName().toLowerCase()) {
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "arp":
return arpCmd(protocolGeneration);
return arpCmd(testEntity);
case "bgp":
return bgpCmd(protocolGeneration);
return bgpCmd(testEntity);
case "dhcp":
return dhcpCmd(protocolGeneration);
return dhcpCmd(testEntity);
case "dns":
return dnsCmd(protocolGeneration);
return dnsCmd(testEntity);
case "frp":
return frpCmd(protocolGeneration);
return frpCmd(testEntity);
case "ftp":
return ftpCmd(protocolGeneration);
return ftpCmd(testEntity);
case "hdlc":
return hdlcCmd(protocolGeneration);
return hdlcCmd(testEntity);
case "http_dos_qemu":
return http_dos_qemuCmd(protocolGeneration);
return http_dos_qemuCmd(testEntity);
case "icmp"://need long time
return icmpCmd(testEntity);
case "igmpv1":
return igmpv1Cmd(testEntity);
case "igmpv2":
return igmpv2Cmd(testEntity);
case "imap"://cant run with error
return imapCmd(testEntity);
case "radius":
return radiusCmd(testEntity);
case "sip":
return sipCmd(testEntity);
case "rpc":
return rpcCmd(testEntity);
case "smb":
return smbCmd(testEntity);
case "ssl"://cant run with error
return sslCmd(testEntity);
case "ssh"://cant run with error
return sshCmd(testEntity);
case "nfs"://cant run with error
return nfsCmd(testEntity);
case "nntp"://cant run with error
return nntpCmd(testEntity);
case "ntp"://cant run with error
return ntpCmd(testEntity);
case "snmp"://cant run with error
return snmpCmd(testEntity);
case "upnp"://cant run with error
return upnpCmd(testEntity);
case "rarp":
return rarpCmd(testEntity);
case "lldp"://longtime
return lldpCmd(testEntity);
case "mstp"://longtime
return mstpCmd(testEntity);
case "ppp"://cant run with error
return pppCmd(testEntity);
case "pppoe"://longtime
return pppoeCmd(testEntity);
case "stp"://longtime
return stpCmd(testEntity);
case "vlan"://longtime cant get result
return vlanCmd(testEntity);
case "ospf"://longtime
return ospfCmd(testEntity);
case "isis"://have error
return isisCmd(testEntity);
case "ip"://have error
return ipCmd(testEntity);
case "telnet"://have error
return telnetCmd(testEntity);
case "pop3"://have error
return pop3Cmd(testEntity);
case "ipsec"://have error
return ipsecCmd(testEntity);
case "https"://have error
return httpsCmd(testEntity);
case "rip"://longtime
return ripCmd(testEntity);
case "netbios"://have error
return netbiosCmd(testEntity);
case "sharp":
return sharpCmd(testEntity);
case "tftp"://have error
return tftpCmd(testEntity);
case "udp":
return udpCmd(testEntity);
case "tcp"://have error
return tcpCmd(testEntity);
default:
log.error("未知协议![{}]", protocolGeneration.getTestClassName());
log.error("未知协议![{}]", testEntity.getTestClassName());
return null;
//TODO testcase_dos/testcase_rpc/ftp_vuln_reproduce
}
}
private String tcpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "tcp"))
return "";
String dst_ip = null;
String src_ip = null;
try {
dst_ip = testEntity.getParamJson()[0];
src_ip = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("tcp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.TCP + " " + dst_ip + " " +src_ip;
}
private String udpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "udp"))
return "";
String dst_ip = null;
String src_ip = null;
try {
dst_ip = testEntity.getParamJson()[0];
src_ip = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("udp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.UDP + " " + dst_ip + " " +src_ip;
}
private String tftpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "tftp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("tftp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.TFTP + " " + dst_ip + " " + dst_port;
}
private String sharpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "sharp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("sharp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.SHARP + " " + dst_ip + " " + dst_port;
}
private String netbiosCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "netbios"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("netbios参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.NETBIOS + " --host=" + dst_ip + " --port=" + dst_port;
}
private String ripCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "rip"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("rip参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RIP + " --host=" + dst_ip + " --port=" + dst_port;
}
private String httpsCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "https"))
return "";
String src_ip = null;
String src_port = null;
String dst_ip = null;
String dst_port = null;
try {
src_ip = testEntity.getParamJson()[0];
src_port = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
dst_port = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("https参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.HTTPS + " " + src_ip + " " + src_port+" " + dst_ip+" " + dst_port;
}
private String ipsecCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 3, "ipsec"))
return "";
String src_ip = null;
String dst_ip = null;
String bind_ip = null;
try {
src_ip = testEntity.getParamJson()[0];
dst_ip = testEntity.getParamJson()[1];
bind_ip = testEntity.getParamJson()[2];
} catch (Exception e) {
log.error("ipsec参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.IPSEC + " -s " + src_ip + " -d " + dst_ip+" -b " + bind_ip;
}
private String pop3Cmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "pop3"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("pop3参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.POP3 + " --host=" + dst_ip + " --port=" + dst_port;
}
private String telnetCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "telnet"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("telnet参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.TELNET + " --host=" + dst_ip + " --port=" + dst_port;
}
private String ipCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "ip"))
return "";
String dst_mac = null;
String src_mac = null;
String dst_ip = null;
String src_ip = null;
try {
dst_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
src_ip = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("ip参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.IP + " " + dst_mac + " " + src_mac + " " + dst_ip + " " + src_ip;
}
private String isisCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 1, "isis"))
return "";
String dst_mac = null;
try {
dst_mac = testEntity.getParamJson()[0];
} catch (Exception e) {
log.error("isis参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.ISIS + " --dst_mac==" + dst_mac;
}
private String ospfCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "ospf"))
return "";
String dst_mac = null;
String dst_ip = null;
try {
dst_mac = testEntity.getParamJson()[0];
dst_ip = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("ospf参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.OSPF + " --dest_mac=" + dst_mac + " --dest_ip=" + dst_ip;
}
private String vlanCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "vlan"))
return "";
String dts_mac = null;
String src_mac = null;
try {
dts_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("vlan参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.VLAN + " " + dts_mac + " " + src_mac;
}
private String stpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "stp"))
return "";
String src_mac = null;
String dts_mac = null;
try {
src_mac = testEntity.getParamJson()[0];
dts_mac = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("stp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.STP + " -s " + src_mac + " -d " + dts_mac;
}
private String pppoeCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "pppoe"))
return "";
String dst_mac = null;
String src_mac = null;
String dst_ip = null;
String src_ip = null;
try {
dst_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
src_ip = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("pppoe参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.PPPOE + " " + dst_mac + " " + src_mac + " " + dst_ip + " " + src_ip;
}
private String pppCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 0, "ppp"))
return "";
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.PPP;
}
private String mstpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "mstp"))
return "";
String src_mac = null;
String dst_mac = null;
try {
src_mac = testEntity.getParamJson()[0];
dst_mac = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("mstp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.MSTP + " -s " + src_mac + " -d " + dst_mac;
}
private String lldpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 0, "lldp"))
return "";
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.LLDP;
}
private String rarpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "rarp"))
return "";
String dst_mac = null;
String src_mac = null;
try {
dst_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("rarp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RARP + " " + dst_mac + " " + src_mac;
}
private String upnpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "upnp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("upnp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.UPNP + " " + dst_ip + " " + dst_port;
}
private String snmpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "snmp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("snmp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.SNMP + " " + dst_ip + " " + dst_port;
}
private String ntpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "ntp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("ntp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.NTP + " " + dst_ip + " " + dst_port;
}
private String nntpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "nntp"))
return "";
String src_ip = null;
String src_port = null;
String dst_ip = null;
String dst_port = null;
try {
src_ip = testEntity.getParamJson()[0];
src_port = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
dst_port = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("nntp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.NNTP + " " + src_ip + " " + src_port + " " + dst_ip + " " + dst_port;
}
private String nfsCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "nfs"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("nfs参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.NFS + " " + dst_ip + " " + dst_port;
}
private String sshCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "ssh"))
return "";
String dst_ip = null;
try {
dst_ip = testEntity.getParamJson()[0];
} catch (Exception e) {
log.error("ssh参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.SSH + " -d " + dst_ip;
}
private String sslCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "ssl"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("ssl参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.SSL + " -d " + dst_ip + " -p " + dst_port;
}
private String smbCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "smb"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("smb参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RPC + " " + dst_ip + " " + dst_port;
}
private String http_dos_qemuCmd(testEntity protocolGeneration) {
private String rpcCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "rpc"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("rpc参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RPC + " " + dst_ip + " " + dst_port;
}
private String sipCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "sip"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("sip参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.SIP + " -d " + dst_ip + " -p " + dst_port;
}
private String radiusCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 3, "radius"))
return "";
String dst_ip = null;
String dst_port = null;
String src_ip = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
src_ip = testEntity.getParamJson()[2];
} catch (Exception e) {
log.error("radius参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RADIUS + " --host=" + dst_ip + " --port=" + dst_port + " --src_host=" + src_ip;
}
private String imapCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "imap"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("imap参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.IMAP + " --host=" + dst_ip + " --port=" + dst_port;
}
private String igmpv2Cmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 3, "igmpv2"))
return "";
String src_ip = null;
String dst_ip = null;
String bind_ip = null;
try {
src_ip = testEntity.getParamJson()[0];
dst_ip = testEntity.getParamJson()[1];
bind_ip = testEntity.getParamJson()[2];
} catch (Exception e) {
log.error("igmpv2参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.IGMPV2 + " -s " + src_ip + " -d " + dst_ip + " -b " + bind_ip;
}
private String igmpv1Cmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 3, "igmpv1"))
return "";
String src_ip = null;
String dst_ip = null;
String bind_ip = null;
try {
src_ip = testEntity.getParamJson()[0];
dst_ip = testEntity.getParamJson()[1];
bind_ip = testEntity.getParamJson()[2];
} catch (Exception e) {
log.error("igmpv1参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.IGMPV1 + " -s " + src_ip + " -d " + dst_ip + " -b " + bind_ip;
}
private String icmpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "icmp"))
return "";
String dst_mac = null;
String src_mac = null;
String dst_ip = null;
String src_ip = null;
try {
dst_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
src_ip = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("icmp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.ICMP + " " + dst_mac + " " + src_mac + " " + dst_ip + " " + src_ip;
}
private String http_dos_qemuCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "http"))
return "";
String dst_ip = null;
String port = null;
try {
dst_ip = protocolGeneration.getParamJson()[0];
port = protocolGeneration.getParamJson()[1];
dst_ip = testEntity.getParamJson()[0];
port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("http_dos_qemu参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.HTTP_DOS_QUMU + " -d " + dst_ip + " -p " + port;
}
private String hdlcCmd(testEntity protocolGeneration) {
private String hdlcCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 0, "hdlc"))
return "";
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.HDLC;
}
private String ftpCmd(testEntity protocolGeneration) {
private String ftpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "ftp"))
return "";
String target_host = null;
String target_port = null;
try {
target_host = protocolGeneration.getParamJson()[0];
target_port = protocolGeneration.getParamJson()[1];
target_host = testEntity.getParamJson()[0];
target_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("frp参数解析失败!");
log.error("ftp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.FTP + target_host + " " + target_port;
}
private String frpCmd(testEntity protocolGeneration) {
private String frpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "frp"))
return "";
String target_host = null;
String target_port = null;
try {
target_host = protocolGeneration.getParamJson()[0];
target_port = protocolGeneration.getParamJson()[1];
target_host = testEntity.getParamJson()[0];
target_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("frp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.FRP + target_host + " " + target_port;
}
private String dnsCmd(testEntity protocolGeneration) {
private String dnsCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "dns"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = protocolGeneration.getParamJson()[0];
dst_port = protocolGeneration.getParamJson()[1];
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("dns参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.DNS + dst_ip + " " + dst_port;
}
private String dhcpCmd(testEntity protocolGeneration) {
private String dhcpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "dhcp"))
return "";
String dst_ip = null;
String dst_port = null;
try {
dst_ip = protocolGeneration.getParamJson()[0];
dst_port = protocolGeneration.getParamJson()[1];
dst_ip = testEntity.getParamJson()[0];
dst_port = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("dhcp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.DHCP + dst_ip + " " + dst_port;
}
private String bgpCmd(testEntity protocolGeneration) {
private String bgpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 4, "bgp"))
return "";
String src_ip = null;
String src_port = null;
String dst_ip = null;
String dst_port = null;
try {
src_ip = protocolGeneration.getParamJson()[0];
src_port = protocolGeneration.getParamJson()[1];
dst_ip = protocolGeneration.getParamJson()[2];
dst_port = protocolGeneration.getParamJson()[3];
src_ip = testEntity.getParamJson()[0];
src_port = testEntity.getParamJson()[1];
dst_ip = testEntity.getParamJson()[2];
dst_port = testEntity.getParamJson()[3];
} catch (Exception e) {
log.error("bgp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.BGP + src_ip + " " + src_port + " " + dst_ip + " " + dst_port;
}
public String arpCmd(testEntity protocolGeneration) {
public String arpCmd(testEntity testEntity) {
if (!testTools.paramsLenghtTest(testEntity.getParamJson().length, 2, "arp"))
return "";
String dst_mac = null;
String src_mac = null;
try {
dst_mac = protocolGeneration.getParamJson()[0];
src_mac = protocolGeneration.getParamJson()[1];
dst_mac = testEntity.getParamJson()[0];
src_mac = testEntity.getParamJson()[1];
} catch (Exception e) {
log.error("arp参数解析失败!");
}
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.RAW + dst_mac + " " + src_mac;
return kitty.getVenvPath() + " " + kitty.getPath() + protocolConstent.ARP + dst_mac + " " + src_mac;
}
}
fuzzbackend/src/main/java/com/example/fuzzControll/service/impl/vulnerabilityTypeServiceImpl.java
package com.example.fuzzControll.service.impl;
import com.example.fuzzControll.conf.kittyProperties;
import com.example.fuzzControll.constents.vulnerabilityTypeConstent;
import com.example.fuzzControll.pojo.vo.testEntity;
import com.example.fuzzControll.service.vulnerabilityTypeService;
import com.example.fuzzControll.tools.cmdTools;
......@@ -27,16 +26,38 @@ public class vulnerabilityTypeServiceImpl implements vulnerabilityTypeService {
public String parseParameters(testEntity testEntity) {
switch (testEntity.getTestClassName().toLowerCase()) {
case "array_index_out_of_bounds_vulnerabilit":
return arrayIndexOutOfBoundsVulnerabilitCmd(testEntity);
case "array_index_out_of_bounds_vulnerabilit"://have error
return cmd(testEntity, 0);
case "boundary_condition_vulnerability"://have error
return cmd(testEntity, 1);
case "buffer_overflow_vulnerability"://have error
return cmd(testEntity, 2);
case "command_injection_vulnerability"://have error
return cmd(testEntity, 3);
case "memory_duplicate_release_vulnerability"://have error
return cmd(testEntity, 4);
case "format_string_vulnerability"://have error
return cmd(testEntity, 5);
case "integer_overflow_vulnerability"://have error
return cmd(testEntity, 6);
case "numeric_error_vulnerabilit"://have error
return cmd(testEntity, 7);
case "symbol_extension_vulnerability"://have error
return cmd(testEntity, 8);
case "uaf_vulnerabilit"://have error
return cmd(testEntity, 9);
case "cross_script_vulnerability"://have error
return cmd(testEntity, 10);
case "sql_injection_vulnerabilit"://have error
return cmd(testEntity, 11);
default:
log.error("未知漏洞![{}]", testEntity.getTestClassName());
return null;
}
}
private String arrayIndexOutOfBoundsVulnerabilitCmd(testEntity testEntity) {
return kitty.getVenvPath() + " " + kitty.getVulnerabilityTypePath() +"vul_types_test.py "+ vulnerabilityTypeConstent.ARRAY_INDEX_OUT_OF_BOUNDS_VULNERABILIT ;
private String cmd(testEntity testEntity, int kindNum) {
return kitty.getVenvPath() + " " + kitty.getVulnerabilityTypePath() + "vul_types_test.py " + kindNum;
}
//todo 还有很多类型要写
}
fuzzbackend/src/main/java/com/example/fuzzControll/tools/regularTools.java 0 → 100644
package com.example.fuzzControll.tools;
//todo 对ip等增加正则判断
public class regularTools {
}
fuzzbackend/src/main/java/com/example/fuzzControll/tools/testTools.java 0 → 100644
package com.example.fuzzControll.tools;
import lombok.extern.slf4j.Slf4j;
@Slf4j
public class testTools {
public static boolean paramsLenghtTest(int paramsLen,int needParamsLen,String name){
Boolean isOk = paramsLen==needParamsLen;
if(!isOk){
log.error("[{}]所需参数与获取参数不符!",name);
}
return isOk==true?true:false;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment