Init WFuzz state

procmon/README.md

@@ -0,0 +1,30 @@
+# Process monitor
+Process monitor is Python 2 script, which can monitor tested process.
+This means, it should be running on testing target.
+You can find process monitor script in this folder both for Windows and Unix systems.
+
+Process monitor works by communication via port 26002, so all nodes between tested and testing device needs to have open this port.
+
+## What is it good for?
+Well, process monitor is used for the following benefits:
+- Restarting tested application after failure
+- Checks before and after each test if process is still running
+- Starting tested application when it dies cause of testing payload
+- Generating dump file for each application crash
+
+## Installation
+Windows process monitor needs some prerequisites. See installation instructions here:
+https://boofuzz.readthedocs.io/en/latest/user/install.html#extras
+
+## Running of script
+Process monitor contains help with arguments description, so just enter `--help` argument and it will print a help for you.
+
+Example command:
+`python process_monitor_windows.py -p TestedApplication.exe`
+
+
+## How to tell WFuzz that we want to monitor process?
+If you want to use process monitor, just add starting command for your tested service / process into WFuzz configuration file. Example configuration key should look like this:
+`"startup_command": ["python", "C:\\server\\httpd.py"]`
+
+WFuzz then automatically connect with running process monitor script on tested system and will use its features.

procmon/process_monitor_unix.py

@@ -0,0 +1,110 @@
+import sys
+
+import click
+
+from boofuzz import helpers
+from boofuzz.constants import DEFAULT_PROCMON_PORT
+from boofuzz.utils.debugger_thread_simple import DebuggerThreadSimple
+from boofuzz.utils.process_monitor_pedrpc_server import ProcessMonitorPedrpcServer
+
+"""
+By nnp
+http://www.unprotectedhex.com
+
+This intended as a basic replacement for Sulley's process_monitor.py on *nix.
+The below options are accepted. Crash details are limited to the signal that
+caused the death and whatever operating system supported mechanism is in place (i.e
+core dumps)
+
+Replicated methods:
+    - alive
+    - log
+    - post_send
+    - pre_send
+    - start_target
+    - stop_target
+    - set_start_commands
+    - set_stop_commands
+
+Limitations
+    - Cannot attach to an already running process
+    - Currently only accepts one start_command
+    - Limited 'crash binning'. Relies on the availability of core dumps. These
+      should be created in the same directory the process is ran from on Linux
+      and in the (hidden) /cores directory on OS X. On OS X you have to add
+      the option COREDUMPS=-YES- to /etc/hostconfig and then `ulimit -c
+      unlimited` as far as I know. A restart may be required. The file
+      specified by crash_bin will any other available details such as the test
+      that caused the crash and the signal received by the program
+"""
+
+
+def err(msg):
+    sys.stderr.write("ERR> " + msg + "\n") or sys.exit(1)
+
+
+def serve_procmon(port, crash_bin, proc_name, ignore_pid, log_level, coredump_dir):
+    with ProcessMonitorPedrpcServer(
+        host="0.0.0.0",
+        port=port,
+        crash_filename=crash_bin,
+        debugger_class=DebuggerThreadSimple,
+        proc_name=proc_name,
+        pid_to_ignore=ignore_pid,
+        level=log_level,
+        coredump_dir=coredump_dir,
+    ) as servlet:
+        servlet.serve_forever()
+
+
+@click.command()
+@click.option(
+    "--crash-bin",
+    "--crash_bin",
+    "-c",
+    help="filename to serialize crash bin class to",
+    default="boofuzz-crash-bin",
+    metavar="FILENAME",
+)
+@click.option(
+    "--ignore-pid",
+    "--ignore_pid",
+    "-i",
+    type=int,
+    help="PID to ignore when searching for target process",
+    metavar="PID",
+)
+@click.option(
+    "--log-level",
+    "--log_level",
+    "-l",
+    help="log level: default 1, increase for more verbosity",
+    type=int,
+    default=1,
+    metavar="LEVEL",
+)
+@click.option("--proc-name", "--proc_name", "-p", help="process name to search for and attach to", metavar="NAME")
+@click.option("--port", "-P", help="TCP port to bind this agent to", type=int, default=DEFAULT_PROCMON_PORT)
+@click.option(
+    "--coredump-dir",
+    "--coredump_dir",
+    "-d",
+    help="directory where coredumps are moved to (you may need to adjust ulimits to create coredumps)",
+    default="coredumps",
+)
+def go(crash_bin, ignore_pid, log_level, proc_name, port, coredump_dir):
+    if coredump_dir is not None:
+        helpers.mkdir_safe(coredump_dir)
+
+    serve_procmon(
+        port=port,
+        crash_bin=crash_bin,
+        proc_name=proc_name,
+        ignore_pid=ignore_pid,
+        log_level=log_level,
+        coredump_dir=coredump_dir,
+    )
+
+
+if __name__ == "__main__":
+    go()

procmon/process_monitor_windows.py

@@ -0,0 +1,66 @@
+#!c:\\python\\python.exe
+from __future__ import print_function
+
+import click
+
+from boofuzz.constants import DEFAULT_PROCMON_PORT
+from boofuzz.utils.debugger_thread_pydbg import DebuggerThreadPydbg
+from boofuzz.utils.process_monitor_pedrpc_server import ProcessMonitorPedrpcServer
+
+
+def serve_procmon(port, crash_bin, proc_name, ignore_pid, log_level):
+    with ProcessMonitorPedrpcServer(
+        host="0.0.0.0",
+        port=port,
+        crash_filename=crash_bin,
+        debugger_class=DebuggerThreadPydbg,
+        proc_name=proc_name,
+        pid_to_ignore=ignore_pid,
+        level=log_level,
+        coredump_dir=None,
+    ) as servlet:
+        servlet.serve_forever()
+
+
+# app.args.add_argument("-c", "--crash_bin", help='filename to serialize crash bin class to',
+#                       default='boofuzz-crash-bin', metavar='FILENAME')
+# app.args.add_argument("-i", "--ignore_pid", help='PID to ignore when searching for target process', type=int,
+#                       metavar='PID')
+# app.args.add_argument("-l", "--log_level", help='log level: default 1, increase for more verbosity', type=int,
+#                       default=1, metavar='LEVEL')
+# app.args.add_argument("-p", "--proc_name", help='process name to search for and attach to', metavar='NAME')
+# app.args.add_argument("-P", "--port", help='TCP port to bind this agent to', type=int, default=DEFAULT_PROCMON_PORT)
+@click.command()
+@click.option(
+    "--crash-bin",
+    "--crash_bin",
+    "-c",
+    help="filename to serialize crash bin class to",
+    default="boofuzz-crash-bin",
+    metavar="FILENAME",
+)
+@click.option(
+    "--ignore-pid",
+    "--ignore_pid",
+    "-i",
+    type=int,
+    help="PID to ignore when searching for target process",
+    metavar="PID",
+)
+@click.option(
+    "--log-level",
+    "--log_level",
+    "-l",
+    help="log level: default 1, increase for more verbosity",
+    type=int,
+    default=1,
+    metavar="LEVEL",
+)
+@click.option("--proc-name", "--proc_name", "-p", help="process name to search for and attach to", metavar="NAME")
+@click.option("--port", "-P", help="TCP port to bind this agent to", type=int, default=DEFAULT_PROCMON_PORT)
+def go(crash_bin, ignore_pid, log_level, proc_name, port):
+    serve_procmon(port=port, crash_bin=crash_bin, proc_name=proc_name, ignore_pid=ignore_pid, log_level=log_level)
+
+
+if __name__ == "__main__":
+    go()