fkie-cad / luckycat Goto Github PK

View Code? Open in Web Editor NEW

67.0 8.0 16.0 2.21 MB

A distributed fuzzing management framework

Home Page: https://fkie-cad.github.io/LuckyCAT/

License: GNU General Public License v3.0

Dockerfile 1.33% Shell 4.41% Python 51.55% JavaScript 0.39% HTML 17.57% Makefile 0.26% C 23.64% CSS 0.86%

fuzzing fuzzing-framework firmware-analysis

luckycat's Introduction

Lucky CAT - Crash All the Things!

Note: ⚠️ CALL FOR MAINTAINERS 🚧

As stated in this issue we're currently unable to provide full support/maintenance for this project. Anyhow, feel free to contribute via PR's and we make sure to timely review the suggested changes to let this project not rot away.

What is Lucky CAT?

Lucky CAT (Crash All the Things!) is a distributed fuzzing testing suite with an easy to use web interface. It allows to manage several fuzzing jobs on several remote machines concurrently. Lucky CAT aims to be easily usable, scaleable, extensible, and fun.

Lucky CAT's origin is Joxean Koret's Nightmare Fuzzing Project. However, there may be only traces of Nightmare and Lucky CAT is more 2018-ish by relaying, amongst others, on Bootstrap, Docker, MongoDB, Python 3, and RabbitMQ.

Why use Lucky CAT?

Lucky CAT offers the following features:

Fuzz job management: primary focus on black box fuzzing and embedded devices
Easy deployment: thanks to Docker and Docker Compose
Scalability: Lucky CAT uses a micro service architecture backed by RabbitMQ
Easy integration: Lucky CAT provides a RESTful API to integrate it with your other tools
Responsive WebUI: for job management, crash analysis, and statistics
Fast command line client: for those who never leave the terminal...
Fuzzers included: tiny POSIX-compatible fuzzer cfuzz, afl, afl-otherarch wrappers and many more
Easy fuzzer integration: integrate other fuzzer into Lucky CAT by using either a Python template or a C template
Crash verification: local and remote crash verification with the gdb plugin exploitable

And because we use it to find bugs:

CVE-2018-3005: Oracle VirtualBox (found with trap_fuzzer)
CVE-2018-6924 / FreeBSD-SA-18:12.elf: FreeBSD x64 kernel (found with elf_fuzzer)
CVE-2018-14775 / OpenBSD 6.3 errata 015 / OpenBSD 6.2 errata 020: OpenBSD i386 kernel (found with trap_fuzzer)
OpenBSD 6.3 errata 012 / OpenBSD 6.2 errata 018: OpenBSD x64 kernel (found with elf_fuzzer)

How to install Lucky CAT?

Requirements

You need a recent Linux distribution like Ubuntu 18.04 and at least Docker 18.06.0 as well as docker-compose 1.22.0 to build Lucky CAT. Even though you may not need to worry about the installation of further requirements thanks to Docker, Lucky CAT relies on many amazing open source projects (see PROPS.md).

Installation Process

Pull the whole project:

git clone https://github.com/fkie-cad/luckycat.git

Just use the script start_cluster.sh to build the app - if required - and start Lucky CAT. Afterwards navigate to https://localhost:5000 and create a new user.

In case you wish to remove Lucky CAT, you may use the script docker/clean_docker.sh. Please note that this script deletes all Docker images and containers on your system as well as your Lucky CAT data.

How to use Lucky CAT?

The workflow of Lucky CAT is as follows:

Create a new job either via the web interface or the REST API.
Deploy a fuzzer. Either you choose one of the prebuild fuzzers or your own (based on the the templates, see next section). Ensure a proper configuration (e.g. queue names).
Deploy (if possible) a verifier for crash verification (probably on the real device if you fuzzing some IoT thingy).
Start fuzzing and check on the results and stats in the web interface.

If you wish to integrate or automate Lucky CAT then you may want to have a look at its RESTful API.

How to extend Lucky CAT with a new fuzzer or verifier?

While there are several ways to extend the code, the easiest way is to integrate another fuzzer or verifier.

There are two example fuzzers in luckycat/fuzzers/templates. One of them is written in C and one in Python. Use them as basis and extend them in order to add another fuzzer to Lucky CAT. Similarly, you can extend Lucky CAT by building upon luckycat/verifier/templates.

Contribute

Contributions are always welcomed. Just fork it and open a pull request!

Acknowledgements

This project is partly financed by German Federal Office for Information Security (BSI).

License

    Copyright (C) 2018 -      Fraunhofer FKIE  ([email protected])
    Copyright (C) 2013 - 2015 Joxean Koret     ([email protected])

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
    
    Some plug-ins may have different licenses. If so, a license file is provided in the plug-in's folder.

luckycat's People

Contributors

Stargazers

Watchers

Forkers

sucof eos21 chubbymaggie daydayup40 drtychai mmg1 kankarollo gtt1995 sarina-creat heartsleep zenhumany redcrabs korallin aniketh01 anelkalucio mbernad

luckycat's Issues

How to set up job consumers?

I've successfully deployed the project, created a job, and spent a while poking around, but it's not clear to me how to actually get a fuzzer to run the job. As I understand it, the builtin fuzzers are in the fuzzers directory in the project root, and they're supposed to get jobs from RabbitMQ running in the queue container, which handles various queues shared among the rest of the containers, to run. But are there any actually ready-to-go fuzzers implemented in this project, or are you supposed to just write your own? Seems like a really cool project and I'd like to use it.

failures when bringing up docker containers

I'm getting two errors when bringing up the docker containers, and I'm not sure what's going wrong. Have you seen either of these errors?

frontend_1  | Traceback (most recent call last):
frontend_1  |   File "./luckycat/frontend/luckycat_frontend.py", line 2, in <module>
frontend_1  |     from luckycat.frontend.app import app
frontend_1  |   File "./luckycat/frontend/app.py", line 23, in <module>
frontend_1  |     add_flask_security(app)
frontend_1  |   File "./luckycat/frontend/security/init_security.py", line 53, in add_flask_security
frontend_1  |     create_default_user_and_roles(user_datastore)
frontend_1  |   File "./luckycat/frontend/security/init_security.py", line 33, in create_default_user_and_roles
frontend_1  |     flash('Added default user on first request', 'success')
frontend_1  |   File "/usr/local/lib/python3.5/dist-packages/flask/helpers.py", line 408, in flash
frontend_1  |     flashes = session.get('_flashes', [])
frontend_1  |   File "/usr/local/lib/python3.5/dist-packages/werkzeug/local.py", line 347, in __getattr__
frontend_1  |     return getattr(self._get_current_object(), name)
frontend_1  |   File "/usr/local/lib/python3.5/dist-packages/werkzeug/local.py", line 306, in _get_current_object
frontend_1  |     return self.__local()
frontend_1  |   File "/usr/local/lib/python3.5/dist-packages/flask/globals.py", line 37, in _lookup_req_object
frontend_1  |     raise RuntimeError(_request_ctx_err_msg)
frontend_1  | RuntimeError: Working outside of request context.
frontend_1  |
frontend_1  | This typically means that you attempted to use functionality that needed
frontend_1  | an active HTTP request.  Consult the documentation on testing for
frontend_1  | information about how to avoid this problem.
frontend_1  | unable to load app 0 (mountpoint='') (callable not found or import error)

backend_1   | Traceback (most recent call last):
backend_1   |   File "/usr/local/bin/luckycat_backend.py", line 4, in <module>
backend_1   |     __import__('pkg_resources').run_script('Lucky-CAT==0.1', 'luckycat_backend.py')
backend_1   |   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 719, in run_script
backend_1   |     self.require(requires)[0].run_script(script_name, ns)
backend_1   |   File "/usr/lib/python3/dist-packages/pkg_resources/__init__.py", line 1504, in run_script
backend_1   |     exec(code, namespace, namespace)
backend_1   |   File "/usr/local/lib/python3.5/dist-packages/Lucky_CAT-0.1-py3.5.egg/EGG-INFO/scripts/luckycat_backend.py", line 33, in <module>
backend_1   |     main()
backend_1   |   File "/usr/local/lib/python3.5/dist-packages/Lucky_CAT-0.1-py3.5.egg/EGG-INFO/scripts/luckycat_backend.py", line 11, in main
backend_1   |     crash_verification_sender = CrashVerificationSender.CrashVerificationSender()
backend_1   |   File "/usr/local/lib/python3.5/dist-packages/Lucky_CAT-0.1-py3.5.egg/luckycat/backend/CrashVerificationSender.py", line 22, in __init__
backend_1   |     if not self.wq.queue_exists(self.ver_queue):
backend_1   |   File "/usr/local/lib/python3.5/dist-packages/Lucky_CAT-0.1-py3.5.egg/luckycat/backend/WorkQueue.py", line 18, in queue_exists
backend_1   |     conn = pika.BlockingConnection(pika.ConnectionParameters(self._host))
backend_1   |   File "/usr/lib/python3/dist-packages/pika/adapters/blocking_connection.py", line 339, in __init__
backend_1   |     self._process_io_for_connection_setup()
backend_1   |   File "/usr/lib/python3/dist-packages/pika/adapters/blocking_connection.py", line 374, in _process_io_for_connection_setup
backend_1   |     self._open_error_result.is_ready)
backend_1   |   File "/usr/lib/python3/dist-packages/pika/adapters/blocking_connection.py", line 395, in _flush_output
backend_1   |     raise exceptions.ConnectionClosed()
backend_1   | pika.exceptions.ConnectionClosed
luckycat_backend_1 exited with code 1

You do not have permission to view this resource.

I'm getting this error when trying to create a new user.