-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathfuzzymonkey.py
87 lines (64 loc) · 3.24 KB
/
fuzzymonkey.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
#!/usr/bin/python
#Skiddemonkeys Copyright 2014 Russell Butturini and Joshua Tower
#This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#GNU General Public License for more details.
#You should have received a copy of the GNU General Public License
#along with this program. If not, see <http://www.gnu.org/licenses/>.
from socket import *
from pymongo import MongoClient
from random import randint
from random import choice
from sys import getsizeof
import time
import string
from helperFunctions import openMDB
def fuzzPorts(runTime,dbIp,dbName,monkeyIq,monkeyLoc,minData,maxData,monkeyId):
timeout = time.time() + 60 * runTime
while True:
hostList = {} #reinit each time through
time.sleep(1)
if time.time() > timeout:
break
db = openMDB(dbIp,dbName)
if db is None:
print 'Could not connect to DB'
hosts = db.hosts
if hosts.find({'location':monkeyLoc}).count() == 0:
print 'Fuzzy monkey is waiting for work. Eating bananas. Will check again in 10 seconds.'
time.sleep(10)
else:
for work in hosts.find({'location':monkeyLoc}):
#Start priority calculation
decisionCalc = ( int(monkeyIq) * int(db.targets.find_one({'ip' : work['ip']})['value']))/(db.actions.find({'ip' : work['ip'] }).count() + 1 ) + randint(1,10)
hostList.update( {work['ip'] : decisionCalc } )
target = max(hostList,key=hostList.get)
openPorts = db.hosts.find_one({'ip' : target})['ports']
fuzzTCP = openPorts[randint(0,len(openPorts)-1)]
fuzzData = genFuzzData(randint(int(minData),int(maxData)))
print 'Fuzzy monkey got work! Fuzzing ' + target + ' on port ' + str(fuzzTCP) + ' with ' + str(getsizeof(fuzzData)-37) + ' bytes of data!'
start = time.ctime()
try:
s = socket(AF_INET, SOCK_STREAM)
s.settimeout(10)
s.connect((target, fuzzTCP))
s.send(fuzzData)
result = s.recv(100) #Don't care what we get back.
s.close()
except:
#Handle TCP resets and other aggressive network traffic semi gracefully
pass
end = time.ctime()
saveResults(db,hosts,target,fuzzTCP,str(getsizeof(fuzzData)-37),start,end,monkeyId)
print 'Fuzzy monkey need sleep. Resting for 5 seconds.'
time.sleep(5)
def saveResults(dbConn,coll,target,port,size,startTime,endTime,monkeyId):
action = dbConn.actions
action.insert({'action':'fuzz','ip':target,'port':port,'bytes':size,'start':startTime,'end':endTime,'id':monkeyId})
def genFuzzData(fuzzLen):
return ''.join(choice(string.ascii_letters + string.digits +'!@#$%^&*()') for x in range(fuzzLen) )