基蒂模糊框架
kittyfuzzer的Python项目详细描述
Sulley: Boo?Boo: Kitty!
基蒂是什么?
kitty是一个开源的模块化和可扩展的模糊框架 用python编写, 灵感来自OpenRCE的Sulley 还有迈克尔·埃丁顿的(现在是德亚·伍安全的)Peach Fuzzer。
目标
当我们开始写Kitty的时候,我们的目标是帮助我们模糊不寻常的目标 -意思是非TCP/IP通信上的专有和秘密协议 不需要每次都从头开始写。一个普通的 抽象框架,包括 我们可以想到的模糊化过程,允许用户轻松地扩展 用它来测试他们的特定目标。
功能
考虑到这一目标,以下功能对我们非常重要:
Modularity: | Each part of the fuzzer stands on its own. This means that you can use the same monitoring code for different applications, or the same payload generator (aka Data Model) for testing parsing of the same data that is received over different channels. |
---|---|
Extensibility: | If you need to test something “new”, you will not need to change Kitty’s core code. Most, if not all, features can be implemented in the user code. This includes monitoring, controlling and communicating with the fuzzed target. |
Rich data modeling: | |
The data model core is rich and allows describing advanced data structures, including strings, hashes, lengths, conditions and many more. And, like most of the framework, it is designed to be extended even further as necessary. | |
Stateful: | Support for multi-stage fuzzing tests. Not only you can describe what the payload of an individual message will look like, you can also describe the order of messages, and even perform fuzzing on the sequence’s order. |
Client and Server fuzzing: | |
You can fuzz both servers and clients, assuming you have a matching stack. Sounds like a big requirement, but it isn’t: it just means that you should have the means to communicate with the target, which you should have in most cases anyway. | |
Cross platform: | Runs on Linux, OS X and Windows. We don’t judge ;-) |
不是什么?
好吧,凯蒂不是个毛绒绒的。它也不包含 协议或通信信道。你可以用它写你自己的绒毛 你可以使用基于kitty的其他代码,但它不是一个现成的模糊器。
katnip是获取(和添加)kitty模型实现的一个好地方。
卡尼普
作为一个框架,kitty实现了fuzzer主循环,并提供 为每个元素建模数据和基类的语法 用于创建完整的模糊会话的。但是,具体 类的实现不是kitty框架的一部分。 这意味着kitty定义了要执行的接口和基类 有目标的数据事务,但它不提供实现 用于通过http、tcp或uart进行数据传输。
各种类的实现都可以在 储存库-Katnip。
开始
安装Kitty:
pip install kittyfuzzer
阅读ReadTheDocs上的一些文档。
请看示例
建立你自己的模糊器:-)
贡献常见问题解答
- 发现了一个错误?
- 打开issue
- 有解决办法吗? 太好了!请提交pull request
- 实现了一个有趣的控制器/监视器/目标?
- 请在Katnip repository中提交拉取请求
- 使用基于kitty的fuzzer发现了一个有趣的bug? 我们很想听听!请给我们写信