FuzzerLocal

2018-01-18T00:00:00
ID EXPLOITPACK:D2292522939EF6D2422A5623DAEBAB17
Type exploitpack
Reporter Juan Sacco
Modified 2018-01-18T00:00:00

Description

This is yet a simple fuzzer written in Python that bruteforce a local binary using a De Bruijn pattern and xRand to trigger Segmentation faults, also it tries to guess the arguments using an Alphabet and Random list.

                                        
                                            # Fuzzer Author: Juan Sacco <jsacco@exploitpack.com>
# Date and time: 18 Jan 2018
import argparse
import os
import sys
import subprocess
from datetime import datetime
import signal

timeout = 2

# Argument list
argNoArg = ["", " "]
argListLow = ["a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t",
              "u",
              "v", "w", "x", "y", "z"]
argListCap = ["A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T",
              "U",
              "V", "V", "X", "Y", "Z"]
argRandom = ["config", "file", "rc", "debug", "demon", "select", "url", "http", "time", "timeout", "option",
             "output",
             "value", "host", "server", "opt", "level", "group", "groups", "mode", "link", "unlink", "create",
             "delete",
             "remove", "new", "directory", "dir", "exclude", "diff", "compress", "uncompress", "parameter",
             "buffer",
             "mime", "string", "text", "status", "log", "logfile", "bind", "unbind", "pid", "clone", "add", "reset",
             "fetch", "pull", "delete", "multi", "multiple", "remote"]
deBruijnPattern = [
    "AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAoAASAApAATAAqAAUAArAAVAAtAAWAAuAAXAAvAAYAAwAAZAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%cA%2A%HA%dA%3A%IA%eA%4A%JA%fA%5A%KA%gA%6A%LA%hA%7A%MA%iA%8A%NA%jA%9A%OA%kA%PA%lA%QA%mA%RA%oA%SA%pA%TA%qA%UA%rA%VA%tA%WA%uA%XA%vA%YA%wA%ZA%xA%yA%zAs%AssAsBAs$AsnAsCAs-As(AsDAs;As)AsEAsaAs0AsFAsbAs1AsGAscAs2AsHAsdAs3AsIAseAs4AsJAsfAs5AsKAsgAs6AsLAshAs7AsMAsiAs8AsNAsjAs9AsOAskAsPAslAsQAsmAsRAsoAsSAspAsTAsqAsUAsrAsVAstAsWAsuAsXAsvAsYAswAsZAsxAsyAszAB%ABsABBAB$ABnABCAB-AB(ABDAB;AB)ABEABaAB0ABFABbAB1ABGABcAB2ABHABdAB3ABIABeAB4ABJABfAB5ABKABgAB6ABLABhAB7ABMABiAB8ABNABjAB9ABOABkABPABlABQABmABRABoABSABpABTABqABUABrABVABtABWABuABXABvABYABwABZABxAByABzA$%A$sA$BA$$A$nA$CA$-A$(A$DA$;A$)A$EA$aA$0A$FA$bA$1A$GA$cA$2A$HA$dA$3A$IA$eA$4A$JA$fA$5A$KA$gA$6A$LA$hA$7A$MA$iA$8A$NA$jA$9A$OA$kA$PA$lA$QA$mA$RA$oA$SA$pA$TA$qA$UA$rA$VA$tA$WA$uA$XA$vA$YA$wA$ZA$xA$yA$zAn%AnsAnBAn$AnnAnCAn-An(AnDAn;An)AnEAnaAn0AnFAnbAn1AnGAncAn2AnHAndAn3AnIAneAn4AnJAnfAn5AnKAngAn6AnLAnhAn7AnMAniAn8AnNAnjAn9AnOAnkAnPAnlAnQAnmAnRAnoAnSAnpAnTAnqAnUAnrAnVAntAnWAnuAnXAnvAnYAnwAnZAnxAnyAnzAC%ACsACBAC$ACnACCAC-AC(ACDAC;AC)ACEACaAC0ACFACbAC1ACGACcAC2ACHACdAC3ACIACeAC4ACJACfAC5ACKACgAC6ACLAChAC7ACMACiAC8ACNACjAC9ACOACkACPAClACQACmACRACoACSACpACTACqACUACrACVACtACWACuACXACvACYACwACZACxACyACzA-%A-sA-BA-$A-nA-CA--A-(A-DA-;A-)A-EA-aA-0A-FA-bA-1A-GA-cA-2A-HA-dA-3A-IA-eA-4A-JA-fA-5A-KA-gA-6A-LA-hA-7A-MA-iA-8A-NA-jA-9A-OA-kA-PA-lA-QA-mA-RA-oA-SA-pA-TA-qA-UA-rA-VA-tA-WA-uA-XA-vA-YA-wA-ZA-xA-yA-zA(%A(sA(BA($A(nA(CA(-A((A(DA(;A()A(EA(aA(0A(FA(bA(1A(GA(cA(2A(HA(dA(3A(IA(eA(4A(JA(fA(5A(KA(gA(6A(LA(hA(7A(MA(iA(8A(NA(jA(9A(OA(kA(PA(lA(QA(mA(RA(oA(SA(pA(TA(qA(UA(rA(VA(tA(WA(uA(XA(vA(YA(wA(ZA(xA(yA(zAD%ADsADBAD$ADnADCAD-AD(ADDAD;AD)ADEADaAD0ADFADbAD1ADGADcAD2ADHADdAD3ADIADeAD4ADJADfAD5ADKADgAD6ADLADhAD7ADMADiAD8ADNADjAD9ADOADkADPADlADQADmADRADoADSADpADTADqADUADrADVADtADWADuADXADvADYADwADZADxADyADzA;%A;sA;BA;$A;nA;CA;-A;(A;DA;;A;)A;EA;aA;0A;FA;bA;1A;GA;cA;2A;HA;dA;3A;IA;eA;4A;JA;fA;5A;KA;gA;6A;LA;hA;7A;MA;iA;8A;NA;jA;9A;OA;kA;PA;lA;QA;mA;RA;oA;SA;pA;TA;qA;UA;rA;VA;tA;WA;uA;XA;vA;YA;wA;ZA;xA;yA;zA)%A)sA)BA)$A)nA)CA)-A)(A)DA);A))A)EA)aA)0A)FA)bA)1A)GA)cA)2A)HA)dA)3A)IA)eA)4A)JA)fA)5A)KA)gA)6A)LA)hA)7A)MA)iA)8A)NA)jA)9A)OA)kA)PA)lA)QA)mA)RA)oA)SA)pA)TA)qA)UA)rA)VA)tA)WA)uA)XA)vA)YA)wA)ZA)xA)yA)zAE%AEsAEBAE$AEnAECAE-AE(AEDAE;AE)AEEAEaAE0AEFAEbAE1AEGAEcAE2AEHAEdAE3AEIAEeAE4AEJAEfAE5AEKAEgAE6AELAEhAE7AEMAEiAE8AENAEjAE9AEOAEkAEPAElAEQAEmAERAEoAESAEpAETAEqAEUAErAEVAEtAEWAEuAEXAEvAEYAEwAEZAExAEyAEzAa%AasAaBAa$AanAaCAa-Aa(AaDAa;Aa)AaEAaaAa0AaFAabAa1AaGAacAa2AaHAadAa3AaIAaeAa4AaJAafAa5AaKAagAa6AaLAahAa7AaMAaiAa8AaNAajAa9AaOAakAaPAalAaQAamAaRAaoAaSAapAaTAaqAaUAarAaVAatAaWAauAaXAavAaYAawAaZAaxAayAazA0%A0sA0BA0$A0nA0CA0-A0(A0DA0;A0)A0EA0aA00A0FA0bA01A0GA0cA02A0HA0dA03A0IA0eA04A0JA0fA05A0KA0gA06A0LA0hA07A0MA0iA08A0NA0jA09A0OA0kA0PA0lA0QA0mA0RA0oA0SA0pA0TA0qA0UA0rA0VA0tA0WA0uA0XA0vA0YA0wA0ZA0xA0yA0zAF%AFsAFBAF$AFnAFCAF-AF(AFDAF;AF)AFEAFaAF0AFFAFbAF1AFGAFcAF2AFHAFdAF3AFIAFeAF4AFJAFfAF5AFKAFgAF6AFLAFhAF7AFMAFiAF8AFNAFjAF9AFOAFkAFPAFlAFQAFmAFRAFoAFSAFpAFTAFqAFUAFrAFVAFtAFWAFuAFXAFvAFYAFwAFZAFxAFyAFzAb%AbsAbBAb$AbnAbCAb-Ab(AbDAb;Ab)AbEAbaAb0AbFAbbAb1AbGAbcAb2AbHAbdAb3AbIAbeAb4AbJAbfAb5AbKAbgAb6AbLAbhAb7AbMAbiAb8AbNAbjAb9AbOAbkAbPAblAbQAbmAbRAboAbSAbpAbTAbqAbUAbrAbVAbtAbWAbuAbXAbvAbYAbwAbZAbxAbyAbzA1%A1sA1BA1$A1nA1CA1-A1(A1DA1;A1)A1EA1aA10A1FA1bA11A1GA1cA12A1HA1dA13A1IA1eA14A1JA1fA15A1KA1gA16A1LA1hA17A1MA1iA18A1NA1jA19A1OA1kA1PA1lA1QA1mA1RA1oA1SA1pA1TA1qA1UA1rA1VA1tA1WA1uA1XA1vA1YA1wA1ZA1xA1yA1zAG%AGsAGBAG$AGnAGCAG-AG(AGDAG;AG)AGEAGaAG0AGFAGbAG1AGGAGcAG2AGHAGdAG3AGIAGeAG4AGJAGfAG5AGKAGgAG6AGLAGhAG7AGMAGiAG8AGNAGjAG9AGOAGkAGPAGlAGQAGmAGRAGoAGSAGpAGTAGqAGUAGrAGVAGtAGWAGuAGXAGvAGYAGwAGZAGxAGyAGzAc%AcsAcBAc$AcnAcCAc-Ac(AcDAc;Ac)AcEAcaAc0AcFAcbAc1AcGAccAc2AcHAcdAc3AcIAceAc4AcJAcfAc5AcKAcgAc6AcLAchAc7AcMAciAc8AcNAcjAc9AcOAckAcPAclAcQAcmAcRAcoAcSAcpAcTAcqAcUAcrAcVActAcWAcuAcXAcvAcYAcwAcZAcxAcyAczA2%A2sA2BA2$A2nA2CA2-A2(A2DA2;A2)A2EA2aA20A2FA2bA21A2GA2cA22A2HA2dA23A2IA2eA24A2JA2fA25A2KA2gA26A2LA2hA27A2MA2iA28A2NA2jA29A2OA2kA2PA2lA2QA2mA2RA2oA2SA2pA2TA2qA2UA2rA2VA2tA2WA2uA2XA2vA2YA2wA2ZA2xA2yA2zAH%AHsAHBAH$AHnAHCAH-AH(AHDAH;AH)AHEAHaAH0AHFAHbAH1AHGAHcAH2AHHAHdAH3AHIAHeAH4AHJAHfAH5AHKAHgAH6AHLAHhAH7AHMAHiAH8AHNAHjAH9AHOAHkAHPAHlAHQAHmAHRAHoAHSAHpAHTAHqAHUAHrAHVAHtAHWAHuAHXAHvAHYAHwAHZAHxAHyAHzAd%AdsAdBAd$AdnAdCAd-Ad(AdDAd;Ad)AdEAdaAd0AdFAdbAd1AdGAdcAd2AdHAddAd3AdIAdeAd4AdJAdfAd5AdKAdgAd6AdLAdhAd7AdMAdiAd8AdNAdjAd9AdOAdkAdPAdlAdQAdmAdRAdoAdSAdpAdTAdqAdUAdrAdVAdtAdWAduAdXAdvAdYAdwAdZAdxAdyAdzA3%A3sA3BA3$A3nA3CA3-A3(A3DA3;A3)A3EA3aA30A3FA3bA31A3GA3cA32A3HA3dA33A3IA3eA34A3JA3fA35A3KA3gA36A3LA3hA37A3MA3iA38A3NA3jA39A3OA3kA3PA3lA3QA3mA3RA3oA3SA3pA3TA3qA3UA3rA3VA3tA3WA3uA3XA3vA3YA3wA3ZA3xA3yA3zAI%AIsAIBAI$AInAICAI-AI(AIDAI;AI)AIEAIaAI0AIFAIbAI1AIGAIcAI2AIHAIdAI3AIIAIeAI4AIJAIfAI5AIKAIgAI6AILAIhAI7AIMAIiAI8AINAIjAI9AIOAIkAIPAIlAIQAImAIRAIoAISAIpAITAIqAIUAIrAIVAItAIWAIuAIXAIvAIYAIwAIZAIxAIyAIzAe%AesAeBAe$AenAeCAe-Ae(AeDAe;Ae)AeEAeaAe0AeFAebAe1AeGAecAe2AeHAedAe3AeIAeeAe4AeJAefAe5AeKAegAe6AeLAehAe7AeMAeiAe8AeNAejAe9AeOAekAePAelAeQAemAeRAeoAeSAepAeTAeqAeUAerAeVAetAeWAeuAeXAevAeYAewAeZAexAeyAezA4%A4sA4BA4$A4nA4CA4-A4(A4DA4;A4)A4EA4aA40A4FA4bA41A4GA4cA42A4HA4dA43A4IA4eA44A4JA4fA45A4KA4gA46A4LA4hA47A4MA4iA48A4NA4jA49A4OA4kA4PA4lA4QA4mA4RA4oA4SA4pA4TA4qA4UA4rA4VA4tA4WA4uA4XA4vA4YA4wA4ZA4xA4yA4zAJ%AJsAJBAJ$AJnAJCAJ-AJ(AJDAJ;AJ)AJEAJaAJ0AJFAJbAJ1AJGAJcAJ2AJHAJdAJ3AJIAJeAJ4AJJAJfAJ5AJKAJgAJ6AJLAJhAJ7AJMAJiAJ8AJNAJjAJ9AJOAJkAJPAJlAJQAJmAJRAJoAJSAJpAJTAJqAJUAJrAJVAJtAJWAJuAJXAJvAJYAJwAJZAJxAJyAJzAf%AfsAfBAf$AfnAfCAf-Af(AfDAf;Af)AfEAfaAf0AfFAfbAf1AfGAfcAf2AfHAfdAf3AfIAfeAf4AfJAffAf5AfKAfgAf6AfLAfhAf7AfMAfiAf8AfNAfjAf9AfOAfkAfPAflAfQAfmAfRAfoAfSAfpAfTAfqAfUAfrAfVAftAfWAfuAfXAfvAfYAfwAfZAfxAfyAfzA5%A5sA5BA5$A5nA5CA5-A5(A5DA5;A5)A5EA5aA50A5FA5bA51A5GA5cA52A5HA5dA53A5IA5eA54A5JA5fA55A5KA5gA56A5LA5hA57A5MA5iA58A5NA5jA59A5OA5kA5PA5lA5QA5mA5RA5oA5SA5pA5TA5qA5UA5rA5VA5tA5WA5uA5XA5vA5YA5wA5ZA5xA5yA5zAK%AKsAKBAK$AKnAKCAK-AK(AKDAK;AK)AKEAKaAK0AKFAKbAK1AKGAKcAK2AKHAKdAK3AKIAKeAK4AKJAKfAK5AKKAKgAK6AKLAKhAK7AKMAKiAK8AKNAKjAK9AKOAKkAKPAKlAKQAKmAKRAKoAKSAKpAKTAKqAKUAKrAKVAKtAKWAKuAKXAKvAKYAKwAKZAKxAKyAKzAg%AgsAgBAg$AgnAgCAg-Ag(AgDAg;Ag)AgEAgaAg0AgFAgbAg1AgGAgcAg2AgHAgdAg3AgIAgeAg4AgJAgfAg5AgKAggAg6AgLAghAg7AgMAgiAg8AgNAgjAg9AgOAgkAgPAglAgQAgmAgRAgoAgSAgpAgTAgqAgUAgrAgVAgtAgWAguAgXAgvAgYAgwAgZAgxAgyAgzA6%A6sA6BA6$A6nA6CA6-A6(A6DA6;A6)A6EA6aA60A6FA6bA61A6GA6cA62A6HA6dA63A6IA6eA64A6JA6fA65A6KA6gA66A6LA6hA67A6MA6iA68A6NA6jA69A6OA6kA6PA6lA6QA6mA6RA6oA6SA6pA6TA6qA6UA6rA6VA6tA6WA6uA6XA6vA6YA6wA6ZA6xA6yA6zAL%ALsALBAL$ALnALCAL-AL(ALDAL;AL)ALEALaAL0ALFALbAL1ALGALcAL2ALHALdAL3ALIALeAL4ALJALfAL5ALKALgAL6ALLALhAL7ALMALiAL8ALNALjAL9ALOALkALPALlALQALmALRALoALSALpALTALqALUALrALVALtALWALuALXALvALYALwALZALxALyALzAh%AhsAhBAh$AhnAhCAh-Ah(AhDAh;Ah)AhEAhaAh0AhFAhbAh1AhGAhcAh2AhHAhdAh3AhIAheAh4AhJAhfAh5AhKAhgAh6AhLAhhAh7AhMAhiAh8AhNAhjAh9AhOAhkAhPAhlAhQAhmAhRAhoAhSAhpAhTAhqAhUAhrAhVAhtAhWAhuAhXAhvAhYAhwAhZAhxAhyAhzA7%A7sA7BA7$A7nA7CA7-A7(A7DA7;A7)A7EA7aA70A7FA7bA71A7GA7cA72A7HA7dA73A7IA7eA74A7JA7fA75A7KA7gA76A7LA7hA77A7MA7iA78A7NA7jA79A7OA7kA7PA7lA7QA7mA7RA7oA7SA7pA7TA7qA7UA7rA7VA7tA7WA7uA7XA7vA7YA7wA7ZA7xA7yA7zAM%AMsAMBAM$AMnAMCAM-AM(AMDAM;AM)AMEAMaAM0AMFAMbAM1AMGAMcAM2AMHAMdAM3AMIAMeAM4AMJAMfAM5AMKAMgAM6AMLAMhAM7AMMAMiAM8AMNAMjAM9AMOAMkAMPAMlAMQAMmAMRAMoAMSAMpAMTAMqAMUAMrAMVAMtAMWAMuAMXAMvAMYAMwAMZAMxAMyAMzAi%AisAiBAi$AinAiCAi-Ai(AiDAi;Ai)AiEAiaAi0AiFAibAi1AiGAicAi2AiHAidAi3AiIAieAi4AiJAifAi5AiKAigAi6AiLAihAi7AiMAiiAi8AiNAijAi9AiOAikAiPAilAiQAimAiRAioAiSAipAiTAiqAiUAirAiVAitAiWAiuAiXAivAiYAiwAiZAixAiyAizA8%A8sA8BA8$A8nA8CA8-A8(A8DA8;A8)A8EA8aA80A8FA8bA81A8GA8cA82A8HA8dA83A8IA8eA84A8JA8fA85A8KA8gA86A8LA8hA87A8MA8iA88A8NA8jA89A8OA8kA8PA8lA8QA8mA8RA8oA8SA8pA8TA8qA8UA8rA8VA8tA8WA8uA8XA8vA8YA8wA8ZA8xA8yA8zAN%ANsANBAN$ANnANCAN-AN(ANDAN;AN)ANEANaAN0ANFANbAN1ANGANcAN2ANHANdAN3ANIANeAN4ANJANfAN5ANKANgAN6ANLANhAN7ANMANiAN8ANNANjAN9ANOANkANPANlANQANmANRANoANSANpANTANqANUANrANVANtANWANuANXANvANYANwANZANxANyANzAj%AjsAjBAj$AjnAjCAj-Aj(AjDAj;Aj)AjEAjaAj0AjFAjbAj1AjGAjcAj2AjHAjdAj3AjIAjeAj4AjJAjfAj5AjKAjgAj6AjLAjhAj7AjMAjiAj8AjNAjjAj9AjOAjkAjPAjlAjQAjmAjRAjoAjSAjpAjTAjqAjUAjrAjVAjtAjWAjuAjXAjvAjYAjwAjZAjxAjyAjzA9%A9sA9BA9$A9nA9CA9-A9(A9DA9;A9)A9EA9aA90A9FA9bA91A9GA9cA92A9HA9dA93A9IA9eA94A9JA9fA95A9KA9gA96A9LA9hA97A9MA9iA98A9NA9jA99A9OA9kA9PA9lA9QA9mA9RA9oA9SA9pA9TA9qA9UA9rA9VA9tA9WA9uA9XA9vA9YA9wA9ZA9xA9yA9zAO%AOsAOBAO$AOnAOCAO-AO(AODAO;AO)AOEAOaAO0AOFAObAO1AOGAOcAO2AOHAOdAO3AOIAOeAO4AOJAOfAO5AOKAOgAO6AOLAOhAO7AOMAOiAO8AONAOjAO9AOOAOkAOPAOlAOQAOmAORAOoAOSAOpAOTAOqAOUAOrAOVAOtAOWAOuAOXAOvAOYAOwAOZAOxAOyAOzAk%AksAkBAk$AknAkCAk-Ak(AkDAk;Ak)AkEAkaAk0AkFAkbAk1AkGAkcAk2AkHAkdAk3AkIAkeAk4AkJAkfAk5AkKAkgAk6AkLAkhAk7AkMAkiAk8AkNAkjAk9AkOAkkAkPAklAkQAkmAkRAkoAkSAkpAkTAkqAkUAkrAkVAktAkWAkuAkXAkvAkYAkwAkZAkxAkyAkzAP%APsAPBAP$APnAPCAP-AP(APDAP;AP)APEAPaAP0APFAPbAP1APGAPcAP2APHAPdAP3APIAPeAP4APJAPfAP5APKAPgAP6APLAPhAP7APMAPiAP8APNAPjAP9APOAPkAPPAPlAPQAPmAPRAPoAPSAPpAPTAPqAPUAPrAPVAPtAPWAPuAPXAPvAPYAPwAPZAPxAPyAPzAl%AlsAlBAl$AlnAlCAl-Al(AlDAl;Al)AlEAlaAl0AlFAlbAl1AlGAlcAl2AlHAldAl3AlIAleAl4AlJAlfAl5AlKAlgAl6AlLAlhAl7AlMAliAl8AlNAljAl9AlOAlkAlPAllAlQAlmAlRAloAlSAlpAlTAlqAlUAlrAlVAltAlWAluAlXAlvAlYAlwAlZAlxAlyAlzAQ%AQsAQBAQ$AQnAQCAQ-AQ(AQDAQ;AQ)AQEAQaAQ0AQFAQbAQ1AQGAQcAQ2AQHAQdAQ3AQIAQeAQ4AQJAQfAQ5AQKAQgAQ6AQLAQhAQ7AQMAQiAQ8AQNAQjAQ9AQOAQkAQPAQlAQQAQmAQRAQoAQSAQpAQTAQqAQUAQrAQVAQtAQWAQuAQXAQvAQYAQwAQZAQxAQyAQzAm%AmsAmBAm$AmnAmCAm-Am(AmDAm;Am)AmEAmaAm0AmFAmbAm1AmGAmcAm2AmHAmdAm3AmIAmeAm4AmJAmfAm5AmKAmgAm6AmLAmhAm7AmMAmiAm8AmNAmjAm9AmOAmkAmPAmlAmQAmmAmRAmoAmSAmpAmTAmqAmUAmrAmVAmtAmWAmuAmXAmvAmYAmwAmZAmxAmyAmzAR%ARsARBAR$ARnARCAR-AR(ARDAR;AR)AREARaAR0ARFARbAR1ARGARcAR2ARHARdAR3ARIAReAR4ARJARfAR5ARKARgAR6ARLARhAR7ARMARiAR8ARNARjAR9AROARkARPARlARQARmARRARoARSARpARTARqARUARrARVARtARWARuARXARvARYARwARZARxARyARzAo%AosAoBAo$AonAoCAo-Ao(AoDAo;Ao)AoEAoaAo0AoFAobAo1AoGAocAo2AoHAodAo3AoIAoeAo4AoJAofAo5AoKAogAo6AoLAohAo7AoMAoiAo8AoNAojAo9AoOAokAoPAolAoQAomAoRAooAoS"]


class Alarm(Exception):
    pass


def alarm_handler(signum, frame):
    raise Alarm


signal.signal(signal.SIGALRM, alarm_handler)


def fuzz(binary, none, pattern, lower, upper, random):
    if all:
        none = True
        pattern = True
        lower = True
        upper = True
        random = True

    try:
        if none:
            # No argument
            for arg in range(len(argNoArg)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, argNoArg[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime("%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzzing with: " + char + "*" + str(len(char * x)) + " | Argument: None" + argNoArg[arg] + "\n")

                        signal.alarm(0)
                    except Alarm:
                        pass
        if pattern:
            # No Argument + DeBruijn
            for arg in range(len(argNoArg)):
                for x in range(0, 1):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, argNoArg[arg] + " " + deBruijnPattern[0]])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime("%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzzing with: DeBruijn*10000 | Argument: None" + argNoArg[arg] + "\n")

                        signal.alarm(0)
                    except Alarm:
                        pass

        if lower:
            # Argument list lower-case
            for arg in range(len(argListLow)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "-" + argListLow[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: -" + argListLow[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass

            for arg in range(len(argListLow)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "--" + argListLow[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: --" + argListLow[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass

        if upper:
            # Argument list upper-case
            for arg in range(len(argListCap)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "-" + argListCap[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: -" + argListCap[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass

            for arg in range(len(argListCap)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "--" + argListCap[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: --" + argListCap[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass
        if random:
            # Argument list Random
            for arg in range(len(argRandom)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "-" + argRandom[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: -" + argRandom[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass

            for arg in range(len(argRandom)):
                for x in range(0, 10000, 200):
                    try:
                        signal.alarm(timeout)
                        process = subprocess.Popen([binary, "--" + argRandom[arg] + " " + (char * x)])
                        # Wait for the command to finish.
                        process.wait()
                        if str(process.returncode) == "-11":
                            with open('segfault.log', 'ab') as log:
                                log.write("[SEGFAULT] " + datetime.now().strftime(
                                    "%d %b %Y %H:%M:%S") + " - Binary: " + binary + " | Fuzz: " + char + "*" + str(
                                    len(char * x)) + " | Argument: --" + argRandom[arg] + "\n")
                        signal.alarm(0)
                    except Alarm:
                        pass
        print("[*] Fuzzer executed successfully")
    except OSError as e:
        if e.errno == os.errno.ENOENT:
            print("[*] Sorry! Binary not found!")
        else:
            print("[*] Error executing fuzzer")


# Fuzzer arguments
try:
    parser = argparse.ArgumentParser(description='[*] Exploit Pack - Local Fuzzer <jsacco@exploitpack.com>')
    parser.add_argument('-f', '--file', help='Binary file or List of files ( Line-By-Line )', required=True)
    parser.add_argument('-c', '--char', help='ASCII char used to fuzz', required=True)
    parser.add_argument('-n', '--noargs', help='Fuzz the binary without guessing arguments', required=False,
                        action='store_true')
    parser.add_argument('-db', '--debruijn', help='De Bruijn pattern in the argument', required=False,
                        action='store_true')
    parser.add_argument('-l', '--lower', help='Brute-force arguments using abcdefghijklmnopqrstubwxyz and - / --',
                        required=False, action='store_true')
    parser.add_argument('-u', '--upper', help='Brute-force arguments using ABCDEFGHIJKLMNOPQRSTUVWXYZ and - / --',
                        required=False, action='store_true')
    parser.add_argument('-r', '--random', help='Brute-force arguments using a hardcoded list', required=False,
                        action='store_true')
    parser.add_argument('-a', '--all', help='Fuzz the binary using all possible options', required=False,
                        action='store_true')
    args = vars(parser.parse_args())
    file = args["file"]
    char = args["char"]
    none = args["noargs"]
    pattern = args["debruijn"]
    lower = args["lower"]
    upper = args["upper"]
    random = args["random"]
    all = args["all"]
    binary = False
    with open(file, 'rb') as f:
        for block in f:
            if b'\0' in block:
                binaryorNot = True
            else:
                binaryorNot = False
    if binaryorNot:
        fuzz(file, none, pattern, lower, upper, random)
    else:
        with open(file, "r") as ins:
            array = []
            for line in ins:
                array.append(line)
                for fuzzBin in array:
                    toFuzz = fuzzBin.rstrip()
                    fuzz(toFuzz, none, pattern, lower, upper, random)
except IndexError:
    sys.exit()