Fuzzing framework written in Kitty:python language

Kitty is an open source, modular, extensible fuzzy Testing framework written in Python, inspired by the Peach Fuzzer of Openrce's Sulley and Michael Eddington (now Deja Vu security).

Goal

When we started writing Kitty, the goal was to help us fuzz special goals. It is also the private and internal protocols that run on non-TCP/IP channels. A generic, abstract framework should contain all the common features that we can think of in the fuzzy testing process, and can be easily extended by users to attack specific targets.

　　

Characteristics

With this goal in mind, the following features are important:

1, modularity: Each part of the Fuzzer is independent, which means that you can monitor different programs with the same monitoring code, the data generated by the same load generation tool (aka Data Model) can be transmitted in different channels;

2, Extensibility: If you want to test new things, do not need to modify the core of Kitty code. Even if not all, most of the functionality should be implemented in user code. This includes monitoring, control, and communication with the target being fuzz;

3. Rich data Model: The core of the data model should be rich, can describe the advanced data structure, including string, hash, length, condition and other. And like other frameworks, but also to design, in the future when necessary to expand;

4, State: Support multi-stage fuzzy test. Not only to describe what the load of individual messages should be, but also to describe the order of messages, and even to fuzzing in sequence;

5, client and server fuzzing: Suppose you have a matching program stack, you can fuzz the server and the client. This sounds like a high requirement, but it's not: just want you to be able to communicate with the target as usual;

6, cross-platform: can be run on Linux,os x and Windows.

It's not XX.

Well, Kitty is not a fuzzy tester. It contains a specific protocol or communication channel that has not yet been implemented. You can use it to write your own fuzzy tester, you can also use other kitty-based code, but it is not an out-of-the-box fuzzy tester. A good place to get Kitty model implementation is KATNIP.

Katnip

Kitty, as a framework, implements the main loop of the fuzzy tester and provides the syntax for the data model and base class needed to create a complete fuzzing session. However, the implementation of a particular class is not part of the kitty framework. This means that kitty defines the interface and base class for data passing with the target, but does not provide data transfer implementations on top of http,tcp or UART. Each type of implementation can be found in the attached software repository Katnip GitHub.

What's next?

Install Kitty:

Pip Install Git+https://github.com/cisco-sas/kitty.git#egg=kitty

Read the documentation here.

Build your own fuzzer.

Photo Frames http://www.biyinjishi.com/products/a65-b6535/d100137/
Creative Home http://www.biyinjishi.com/products/a65-b6550/d100137
Cup http://www.biyinjishi.com/products/a65-b6550/d100139/
t -shirts http://www.biyinjishi.com/products/a65-b6550/d100140/
Sweatshirt http://www.biyinjishi.com/products/a65-b6550/d100140/
Notepad http://www.biyinjishi.com/products/a65-b6550/d100141/
Mobile Peripheral http://www.biyinjishi.com/products/a65-b6550/d100142/
Pillow http://www.biyinjishi.com/products/a65-b6550/d100143/
Invitation http://www.biyinjishi.com/products/a65-b6550/d100144/
Greeting Card http://www.biyinjishi.com/products/a65-b6550/d100144/
Anthology http://www.biyinjishi.com/products/a65-b6550/d100148/
Poetry http://www.biyinjishi.com/products/a65-b6550/d100148/
autobiography http://www.biyinjishi.com/products/a65-b6550/d100148/
individual out of the book http://www.biyinjishi.com/products/a65-b6580/d100144
Book http://www.biyinjishi.com/products/a65-b6580/d100146/

Fuzzing framework written in Kitty:python language