Welcome to Katnip’s documentation!¶
Contents:
Introduction¶
What is Katnip?¶
Katnip is a repository of implementations and extensions for Kitty.
While Kitty defines the base classes and syntax, it contains no specific implementation for any of them. So, for example, in order to send a payload over TCP, you need to create some class that extends ServerTarget and is able to send data over TCP, and so on.
Katnip contains such classes. Currently, Katnip contains various implementations of:
Contribution FAQ¶
- Found a bug?
- Open an issue.
- Have a fix?
- Great! please submit a pull request.
- Want to share you implementation?
- Thank You! Please submit a pull request.
API Reference¶
Katnip API Reference¶
Subpackages¶
katnip.controllers package¶
Subpackages¶
Collection of client controllers.
When performing client fuzzing, the main usage of the controller is to trigger the client to start communication with the server stack.
This controller is used to signal the SAS version of the Facedancer stack to perform a USB reset.
-
class
katnip.controllers.client.facedancer.ClientFacedancerController(name, restart_file='/tmp/restart_facedancer', logger=None)¶ Bases:
kitty.controllers.client.ClientControllerClientFacedancerController is a controller that uses files in /tmp to communicate with the facedancer stack. .. note:: This requires a modified version of the facedancer stack.
-
RESTART_FILE= '/tmp/restart_facedancer'¶
-
__init__(name, restart_file='/tmp/restart_facedancer', logger=None)¶ Parameters: - name – name of the object
- controller_port – the device controller port (i.e. ‘/dev/ttyACM0’)
- connect_delay –
- logger – logger for the object (default: None)
-
trigger()¶ Trigger a data exchange from the tested client
-
-
class
katnip.controllers.client.process.ClientProcessController(name, process_path, process_args, process_env=None, logger=None)¶ Bases:
kitty.controllers.client.ClientControllerClientProcessController controls a process by starting it on each trigger. It uses subprocess.Popen and logs the process output (stdout, stderr)
-
__init__(name, process_path, process_args, process_env=None, logger=None)¶ Parameters: - name – name of the object
- process_path – path to the target executable
- process_args – arguments to pass to the process
- process_env – the process environment (default: None)
- logger – logger for this object (default: None)
-
post_test()¶ Logs stdout, stderr amd return code of the target process.
-
sig_dict= {1: 'SIGHUP', 2: 'SIGINT', 3: 'SIGQUIT', 4: 'SIGILL', 5: 'SIGTRAP', 6: 'SIGABRT', 7: 'SIGBUS', 8: 'SIGFPE', 9: 'SIGKILL', 10: 'SIGUSR1', 11: 'SIGSEGV', 12: 'SIGUSR2', 13: 'SIGPIPE', 14: 'SIGALRM', 15: 'SIGTERM', 17: 'SIGCHLD', 18: 'SIGCONT', 19: 'SIGSTOP', 20: 'SIGTSTP', 21: 'SIGTTIN', 22: 'SIGTTOU', 23: 'SIGURG', 24: 'SIGXCPU', 25: 'SIGXFSZ', 26: 'SIGVTALRM', 27: 'SIGPROF', 28: 'SIGWINCH', 29: 'SIGIO', 30: 'SIGPWR', 31: 'SIGSYS', 34: 'SIGRTMIN', 64: 'SIGRTMAX'}¶
-
teardown()¶ Stops the process and calls super’s teardown.
-
trigger()¶ Starts the target in a subprocess
-
-
class
katnip.controllers.client.ssh.ClientSshController(name, username, password, hostname, port, command, process_name, logger=None)¶ Bases:
kitty.controllers.client.ClientControllerClientSshController controlls a remote process by starting it on each trigger using ssh.
-
__init__(name, username, password, hostname, port, command, process_name, logger=None)¶ Parameters: - name – name of the object
- username – ssh login username
- password – ssh login password
- hostname – ssh server ip
- port – ssh server port
- command – client trigger command
- process_name – command process name
- logger – logger for this object (default: None)
-
post_test()¶ Log output of process, check if crashed
-
pre_test(num)¶ Creates an SSH connection
-
teardown()¶ Closes the SSH connection and calls super’s teardown.
-
trigger()¶ Trigger the target communication with the server stack.
-
Frida based controllers for server fuzzing.
-
class
katnip.controllers.server.frida.FridaLaunchServerController(name, logger, device_path, argv, js_script=None)¶ Bases:
kitty.controllers.base.BaseControllerThis controller uses frida to launch an application. You can pass JS script so kitty will be able to detect failures using Frida’s capabilities.
Example: js_code = """ Interceptor.attach(ptr(failure_func_addr), { onEnter: function(args) { send('[kitty:failed] this function should never be called!'); } }); """ ctl = FridaLaunchServerController('fritty', None, 'local', ['someproc'], js_code)
-
__init__(name, logger, device_path, argv, js_script=None)¶ Parameters: - name – name of the object
- logger – logger for the object
- device_path – frida target device path
- argv (list of str) – arguments to launch the application
- js_script (str) – JS script to run on the target. in this script you can perform hooks and detect “failures” on the device. if a failure is detected, call send(‘[kitty:failed] (reason)’); from JS. if somehow a pass is detected, call send(‘[kitty:passed] (reason)’); from JS. (default: None)
-
post_test()¶
-
pre_test(test_number)¶
-
setup()¶
-
teardown()¶
-
-
class
katnip.controllers.server.tcp_system.ServerTcpSystemController(name, logger, proc_name, host, port)¶ Bases:
kitty.controllers.base.BaseControllerThis controller controls a process on a remote machine by sending tcp commands over the network to a local agent on the remote machine to execute the target using popen.
Note
The implementation of the agent is not part of the code it might be added someday, but currently it is not...
-
__init__(name, logger, proc_name, host, port)¶ Parameters: - name – name of the object
- logger – logger for the object
- proc_name – trigger’s process name
- host – hostname of the agent
- port – port of the agent
-
post_test()¶
-
pre_test(test_number)¶
-
setup()¶
-
teardown()¶
-
-
class
katnip.controllers.server.windbgcontroller.WinAppDbgController(name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None)¶ Bases:
kitty.controllers.base.BaseControllerWinAppDbgController controls a server process by starting it on setup making sure it stays up. It uses winappdbg to attach to the target processes.
-
__init__(name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None)¶ Parameters: - name – name of the object
- process_path – path to the target executable
- process_args – arguments to pass to the process
- attach – try to attach if process path
- sql_crash_db – sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite)
- logger – logger for this object (default: None)
-
post_test()¶
-
pre_test(test_number)¶
-
setup()¶ Called at the beginning of a fuzzing session. Will start the server up.
-
teardown()¶
-
-
class
katnip.controllers.server.vmware.VMWareController(name, vmrun, vmx, background=True, logger=None, snap_name=None)¶ Bases:
kitty.controllers.base.BaseControllerThis is a Base vmware Controler.To use this VMWareController you should reference this class and implement is_victim_alive function.
Example: class MyVMWareController(VMWareController): def __init__(self, name, vmrun, vmx, host, port, background=True, logger=None, snap_name=None): super(MyVMWareController, self).__init__(name, vmrun, vmx, background=background, logger=logger, snap_name=snap_name) self._host = host self._port = port def is_victim_alive(self): # SYN check self.active = False try: self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.s.settimeout(1) self.s.connect((self._host, self._port)) self.s.close() self.active = True except Exception: return self.active return self.active controller = MyVMWareController('VMWare Controller', vmrun='/path/to/vmrun', vmx='/path/to/vmx', host='Target_IP' ,port=Target_port, background=True, snap_name='Snapshot name')
-
__init__(name, vmrun, vmx, background=True, logger=None, snap_name=None)¶ Parameters: - name – name of the object (default: None)
- vmrun – path of vmrun
- vmx – path of the vmx file or vm machine folder
- background – runing vm at background (default: True)
- logger – logger for the controller (default: None)
- snap_name – Snapshot name to revert to on restart (default: None)
Example: - ::
- controller = VMWareController(‘VMWare Controller’, vmrun=’/path/to/vmrun’, vmx=’/path/to/vmx’,
background=True, snap_name=’Snapshot name’)
-
post_test()¶
-
pre_test(test_number)¶
-
setup()¶
-
teardown()¶
-
katnip.legos package¶
Collection of low level data model structures that can save time when implementing some protocols.
For example, TLV legos to implement templates for TLV-based protocol.
Submodules¶
Bittorent file (.torrent) protocol lego. Those legos impelent the bencoding format: https://wiki.theory.org/BitTorrentSpecification#Bencoding
-
class
katnip.legos.bittorrent.TDict(fields={}, fuzz_keys=True, fuzz_delims=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerBencoded dictionary. Format:
d<bencoded string><bencoded element>e-
__init__(fields={}, fuzz_keys=True, fuzz_delims=True, name=None)¶ Parameters: - fields – dictionary of strings and torrent fields
- name – name of container (default: None)
Fuzz_delims: bool (default: True)
-
-
class
katnip.legos.bittorrent.TInteger(value, fuzz_value=True, fuzz_delims=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerBencoded integer. Format: `` i<integer encoded in base ten ASCII>e``
-
__init__(value, fuzz_value=True, fuzz_delims=True, name=None)¶ Parameters: - value – int, will be enclosed in a Int32
- name – name of container (default: None)
Fuzz_value: bool (default: True)
Fuzz_delims: bool (default: True)
-
-
class
katnip.legos.bittorrent.TList(fields=[], fuzz_delims=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerBencoded list. Format:
l<bencoded values>e-
__init__(fields=[], fuzz_delims=True, name=None)¶ Parameters: - fields – content of the list, Fields...
- name – name of container (default: None)
Fuzz_delims: bool (default: True)
-
-
class
katnip.legos.bittorrent.TString(value, fuzz_value=True, fuzz_length=True, fuzz_delim=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerBencoded String. Format:
<string length encoded in base ten ASCII>:<string data>-
__init__(value, fuzz_value=True, fuzz_length=True, fuzz_delim=True, name=None)¶ Parameters: - value – str, will be enclosed in String
- fuzz_value – bool (default: True)
- fuzz_length – bool (default: True)
- fuzz_delim – bool (default: True)
- name – name of container (default: None)
-
Extensions for the DynamicField, allowing advanced mutations on dynamic fields.
-
class
katnip.legos.dynamic.DynamicExtended(key, value, additional_field, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.OneOfContainer that provides mutations based on the dynamic value, or based on the other given field.
-
__init__(key, value, additional_field, fuzzable=True, name=None)¶ Parameters: - key – key for data in the session information
- value – the default value of the Dynamic field
- additional_field – the additional field to base the mutations on
- fuzzable – is this field fuzzable (default: False)
- name – name of the container (default: None)
-
-
class
katnip.legos.dynamic.DynamicInt(key, bitfield, fuzzable=True, name=None)¶ Bases:
katnip.legos.dynamic.DynamicExtendedContainer that provides mutations based on the dynamic value, or based on BitField mutations.
-
__init__(key, bitfield, fuzzable=True, name=None)¶ Parameters: - key – key for data in the session information
- bitfield – a bitfield to base the value on
- fuzzable – (default: True)
- name – (default: None)
-
-
class
katnip.legos.dynamic.DynamicString(key, value, keep_size=False, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None)¶ Bases:
katnip.legos.dynamic.DynamicExtendedContainer that provides mutations based on the dynamic value, or based on string mutations.
-
__init__(key, value, keep_size=False, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None)¶ Parameters: - key – key for data in the session information
- value – the default value of the Dynamic field
- keep_size – should limit the size of the string based on the original string (default: False)
- encoder – string encoder (default:
ENC_STR_DEFAULT) - fuzzable – is this field fuzzable (default: True)
- name – name of the container (default: None)
-
JSON legos - simplified fuzzing of JSON-based protocols
Todo
JsonNumber
-
class
katnip.legos.json.JsonArray(name, values)¶ Bases:
kitty.model.low_level.container.ContainerJSON array field
-
__init__(name, values)¶ Parameters: - name – block name
- values (list of
BaseField) – array members
-
-
class
katnip.legos.json.JsonBoolean(name, value=None, fuzzable=True)¶ Bases:
kitty.model.low_level.container.ContainerJSON boolean field
-
__init__(name, value=None, fuzzable=True)¶ Parameters: - name – block name
- value (bool) – value to be used, if None - generate both ‘true’ and ‘false’ (default: None)
- fuzzable – should we fuzz this field (only if value is not None) (default: True)
-
-
class
katnip.legos.json.JsonNull(name, fuzzable=False)¶ Bases:
kitty.model.low_level.container.ContainerJSON Null field
-
__init__(name, fuzzable=False)¶ Parameters: - name – block name
- fuzzable – should we fuzz this field (default: False)
-
-
class
katnip.legos.json.JsonObject(name, member_dict, fuzz_keys=False)¶ Bases:
kitty.model.low_level.container.ContainerJSON object
-
__init__(name, member_dict, fuzz_keys=False)¶ Parameters: - name – block name
- member_dict (dictionary (str,
BaseField)) – members of this object - fuzz_keys – should we fuzz the dictionary keys (default: False)
-
-
class
katnip.legos.json.JsonString(name, value, fuzzable=True)¶ Bases:
kitty.model.low_level.container.ContainerJSON string field
-
__init__(name, value, fuzzable=True)¶ Parameters: - name – block name
- value – value to be used
- fuzzable – should we fuzz this field (default: True)
-
-
katnip.legos.json.dict_to_JsonObject(the_dict, name=None, ctx=None)¶ Create a JsonObject from a dictionary. The context parameter is used for recursive calls, no need to pass it from outside.
Parameters: - the_dict – dictionary to base the JsonObject on
- ctx – context for the parser (default: None)
Return type: Returns: JSON object that represents the dictionary
-
katnip.legos.json.list_to_JsonArray(the_list, name=None, ctx=None)¶ Create a JsonArray from a list. The context parameter is used for recursive calls, no need to pass it from outside.
Parameters: - the_list – list to base the JsonArray on
- ctx – context for the parser (default: None)
Return type: Returns: JSON object that represents the list
-
katnip.legos.json.str_to_json(json_str, name=None)¶ Create a JSON lego based on a json string.
Parameters: - name – name of the generated container
- json_str – json string to base the template on
Return type: Returns: JSON object or JSON array.
TLV (tag/type-length-value) legos. Simplify fuzzing of TLV-based protocol.
-
class
katnip.legos.tlv.TLV(name, tag, fields=None, tag_size=32, length_size=32, encoder=<kitty.model.low_level.encoder.BitFieldBinEncoder object>, fuzzable=True, fuzz_tag=False, fuzz_length=True)¶ Bases:
kitty.model.low_level.container.ContainerA container for fuzzing TLV elements, it represents a full binary TLV element.
-
__init__(name, tag, fields=None, tag_size=32, length_size=32, encoder=<kitty.model.low_level.encoder.BitFieldBinEncoder object>, fuzzable=True, fuzz_tag=False, fuzz_length=True)¶ Parameters: - name – name of the tlv element
- tag – tag of element
- fields – element fields, e.g. value (default: None)
- tag_size – size of tag field in bits (default: 32)
- length_size – size of length field in bits (default: 32)
- encoder – encoder for tag and length fields (default: ENC_INT_BE)
- fuzzable – should fuzz the element (default: True)
- fuzz_tag – should fuzz the tag value (default: False)
- fuzz_length – should fuzz the element length (default: True)
-
-
class
katnip.legos.tlv.TLVFactory(tag_size=32, length_size=32, encoder=<kitty.model.low_level.encoder.BitFieldBinEncoder object>)¶ Bases:
objectFactory class for TLV elements, which allows configuration for all TLV blocks, including:
- Size of the tag/type field in bits
- Size of the length field in bits
- Encoder for tag and length fields
-
__init__(tag_size=32, length_size=32, encoder=<kitty.model.low_level.encoder.BitFieldBinEncoder object>)¶ Parameters: - tag_size – size of tag field in bits (default: 32)
- length_size – size of length field in bits (default: 32)
- encoder – encoder for tag and length (default: ENC_INT_BE)
-
element(name, tag, fields=None, fuzzable=True, fuzz_tag=False, fuzz_length=True)¶ Generate a TLV element.
Parameters: - name – name of the element
- tag – value of the element tag
- fields – fields of the element may be a field or list of fields - e.g. value (default: None)
- fuzzable – should fuzz the element (default: True)
- fuzz_tag – should fuzz the tag value (default: False)
- fuzz_length – should fuzz the element length (default: True)
URL legos, based on RFC 1738 and others this module containes a basic URL lego, as well as the following specific scheme: HTTP, HTTPS, FTP, FTPS
Todo
URL fragments
-
class
katnip.legos.url.DecimalNumber(value, num_bits=64, signed=False, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.OneOfDecimal number fuzzing. It’s main strategy is to fuzz both values (integer vulnerabilities) and format (string vulnerabilities).
-
__init__(value, num_bits=64, signed=False, fuzzable=True, name=None)¶ Parameters: - value – default integer value
- num_bits – number of bit in the integer (default: 64)
- signed – can the value be negative (default: False)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
-
-
class
katnip.legos.url.EmailAddress(username, hostname, fuzz_delim=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz email address
-
__init__(username, hostname, fuzz_delim=True, fuzzable=True, name=None)¶ Parameters: - username – email username
- hostname – email hostname
- fuzz_delim – should fuzz the delimiter (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
classmethod
from_string(the_str, fuzz_delims=True, fuzzable=True, name=None)¶
-
-
class
katnip.legos.url.EmailUrl(email, scheme='mailto', fuzz_scheme=True, fuzz_user=True, fuzz_host=True, fuzz_delim=True, fuzzable=True, name=None)¶ Bases:
katnip.legos.url.Url-
__init__(email, scheme='mailto', fuzz_scheme=True, fuzz_user=True, fuzz_host=True, fuzz_delim=True, fuzzable=True, name=None)¶ Parameters: - email (
EmailAddress) – the email address - scheme – URL scheme (default: ‘mailto’)
- fuzz_scheme – should fuzz the URL scheme (default: True)
- fuzz_user – should fuzz the username (default: True)
- fuzz_host – should fuzz the host (default: True)
- fuzz_delim – should fuzz the delimiter (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
- email (
-
classmethod
from_string(the_url, fuzz_delims=True, fuzzable=True, name=None)¶
-
-
class
katnip.legos.url.FType(the_type, fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz the FTP Type of FTP URL
ftptype = "A" | "I" | "D" | "a" | "i" | "d"
-
__init__(the_type, fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - the_type (str) – the FTP type
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
-
class
katnip.legos.url.FtpUrl(scheme='ftp', login=None, hostport=None, path=None, ftype=None, fuzz_scheme=True, fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
katnip.legos.url.UrlContainer to fuzz FTP URLs
ftpurl = "ftp://" login [ "/" fpath [ ";type=" ftptype ]] fpath = fsegment *[ "/" fsegment ] fsegment = *[ uchar | "?" | ":" | "@" | "&" | "=" ] ftptype -> see FType
-
__init__(scheme='ftp', login=None, hostport=None, path=None, ftype=None, fuzz_scheme=True, fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - scheme – URL scheme name (default: ‘ftp’)
- login (instance of
BaseFieldrecommend usingLogin) – the login information (default: None) - hostport (
katnip.legos.url.HostPortobject (default: None)) – FTP host and port - path (
katnip.legos.url.Pathobject (default: None)) – file path - ftype (
katnip.legos.url.FTypeobject (default: None)) – FTP type - fuzz_scheme – should fuzz the URL scheme (default: True)
- fuzz_delims – should fuzz the delimiters (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
classmethod
from_string(the_url, fuzz_delims=True, fuzzable=True, name=None)¶ Create an FtpUrl Lego from string
Parameters: - the_url – the url string
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
-
class
katnip.legos.url.HostName(host='', fuzz_delims=False, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz the hostname
host = hostname | hostnumber hostname = *[ domainlabel "." ] toplabel
-
__init__(host='', fuzz_delims=False, fuzzable=True, name=None)¶ Parameters: - host (str) – hostname (default: ‘’)
- fuzz_delims – should fuzz the delimiters (default: False)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
-
-
class
katnip.legos.url.HostPort(host, port=None, fuzz_host=True, fuzz_port=True, fuzz_delim=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer for fuzzing the host/port of the URL.
hostport = host [ ":" port ] port = digits
-
__init__(host, port=None, fuzz_host=True, fuzz_port=True, fuzz_delim=True, fuzzable=True, name=None)¶ Parameters: - host (str or instance of
BaseFieldrecommend usingHostName) – hostname - port – port number (default: None)
- fuzz_host – should fuzz the hostname (default: True)
- fuzz_port – should fuzz the port (default: True)
- fuzz_delim – should fuzz the delimiter (default: True)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
- host (str or instance of
-
-
class
katnip.legos.url.HttpUrl(scheme='http', login=None, hostport=None, path=None, search=None, fuzz_scheme=True, fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
katnip.legos.url.UrlContainer to fuzz Http(s) URL
httpurl = "http://" hostport [ "/" hpath [ "?" search ]] hpath = hsegment *[ "/" hsegment ] hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ] search = *[ uchar | ";" | ":" | "@" | "&" | "=" ]
-
__init__(scheme='http', login=None, hostport=None, path=None, search=None, fuzz_scheme=True, fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - scheme – URL scheme name (default: ‘http’)
- login (instance of
BaseFieldrecommend usingLogin) – the login information (default: None) - hostport –
katnip.legos.url.HostPortobject, must be set (default: None) - path – Path object (default: None)
- search – Search object (default: None)
- fuzz_scheme – should fuzz the URL scheme (default: True)
- fuzz_delims – should fuzz the delimiters (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
classmethod
from_string(the_url, fuzz_delims=True, fuzzable=True, name=None)¶ Create an HttpUrl Lego from string
Parameters: - the_url – the url string
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – is the container fuzzable (default: True)
- name – name of the container (default: None)
-
-
class
katnip.legos.url.IpUrl(scheme, login, url_path=None, fuzz_scheme=True, fuzz_login=True, fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
katnip.legos.url.UrlIP-based URL
ip-schemepart = "//" login [ "/" urlpath ] login -> see Login class alphadigit = alpha | digit hostnumber = digits "." digits "." digits "." digits user = *[ uchar | ";" | "?" | "&" | "=" ] password = *[ uchar | ";" | "?" | "&" | "=" ] urlpath = *xchar ; depends on protocol see section 3.1
-
__init__(scheme, login, url_path=None, fuzz_scheme=True, fuzz_login=True, fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - scheme (str or instance of
BaseField) – url scheme - login (str or instance of
BaseFieldrecommend usingLogin) – the login information - url_path – the url path (default: None)
- fuzz_scheme – should fuzz scheme (default: True)
- fuzz_login – should fuzz login (default: True)
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
- scheme (str or instance of
-
-
class
katnip.legos.url.Login(username=None, password=None, fuzz_username=True, fuzz_password=True, fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz the login part of the URL
login = [ user [ ":" password ] "@" ]
-
__init__(username=None, password=None, fuzz_username=True, fuzz_password=True, fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - username – user name (default: None)
- password – password (default: None)
- fuzz_username – should fuzz username (default: True)
- fuzz_password – should fuzz password (default: True)
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
-
-
class
katnip.legos.url.Path(path=None, path_delim='/', fuzz_delims=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz the path of the URL
-
__init__(path=None, path_delim='/', fuzz_delims=True, fuzzable=True, name=None)¶ Parameters: - path (str) – path string
- path_delim – delimiter in the path str
- fuzz_delims – should fuzz the delimiters (default: False)
- name – name of container (default: None)
- fuzzable – should fuzz the container (default: True)
-
-
class
katnip.legos.url.Search(search='', fuzz_delims=False, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerContainer to fuzz the search part of the URL
Todo
real implementation (parse search string etc.)
-
__init__(search='', fuzz_delims=False, fuzzable=True, name=None)¶ Parameters: - search – search string (default: ‘’)
- fuzz_delims – should fuzz the delimiters (default: False)
- name – name of container (default: None)
- fuzzable – should fuzz the container (default: True)
-
-
class
katnip.legos.url.Url(scheme, parts, fuzz_scheme=True, fuzz_parts=True, fuzz_delim=True, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerBase container for fuzzing URLs.
genericurl = scheme ":" schemepart
-
__init__(scheme, parts, fuzz_scheme=True, fuzz_parts=True, fuzz_delim=True, fuzzable=True, name=None)¶ Parameters: - scheme (str or instance of
BaseField) – url scheme - parts (str or instance of
BaseField) – url parts (i.e. content) - fuzz_scheme – should fuzz scheme (default: True)
- fuzz_parts – should fuzz parts (default: True)
- fuzz_delim – should fuzz delimiters (default: True)
- fuzzable – should fuzz the container (default: True)
- name – name of container (default: None)
- scheme (str or instance of
-
-
katnip.legos.url.url_from_string(url, fuzz_delims=True, fuzzable=True, name=None)¶ Create a URL from string, only URLs with supported schemes will result in a lego. In the rest of the cases, an exception will be raised.
Parameters: - url – the URL string
- fuzz_delims – should fuzz delimiters (default: True)
- fuzzable – should the resulted container be fuzzable (default: True)
- name – name of the resulted container (default: None)
Legos to generate USB HID reports
-
katnip.legos.usb_hid.GenerateHidReport(report_str, name=None)¶ Generate an HID report Container from a HID report string
Parameters: - report_str – HID report string
- name – name of generated Container (default: None)
Raises: KittyException if not enough bytes are left for command
Examples: Template( name='MyHidReport', fields=GenerateHidReport( '05010906A101050719E029E7150025017501950881029501750881011900296515002565750895018100C0', ) )
XML (tag/type-length-value) legos. Simplify template creation of XML-based protocol.
-
class
katnip.legos.xml.XmlAttribute(name, attribute, value, fuzz_attribute=False, fuzz_value=True)¶ Bases:
kitty.model.low_level.container.ContainerXML attribute field, consists of tag and value
-
__init__(name, attribute, value, fuzz_attribute=False, fuzz_value=True)¶ Parameters: - name – name of the block
- attribute – attribute
- value (str/unicode/int) – value of the attribute
- fuzz_attribute – should we fuzz the attribute field (default: False)
- fuzz_value – should we fuzz the value field (default: True)
-
-
class
katnip.legos.xml.XmlElement(name, element_name, attributes=[], content=None, fuzz_name=True, fuzz_content=False, delimiter='')¶ Bases:
kitty.model.low_level.container.ContainerXML element field
-
__init__(name, element_name, attributes=[], content=None, fuzz_name=True, fuzz_content=False, delimiter='')¶ Parameters: - name – name of the field
- element_name – element name
- attributes (list) – list of attributes of this element (default: [])
- content (str/unicode/int/[XmlElement]) – content of this element (default=None)
- fuzz_name – should we fuzz the element name
- fuzz_content – should we fuzz the content (n/a for XmlElement)
-
katnip.model package¶
Subpackages¶
Extensions to Kitty’s encoders.
This module contain encoders that were excluded from Kitty because they are too esoteric or because they require external dependencies that might be harder to install on some platforms.
External dependencies that are not installed by default: pycrypto
-
katnip.model.low_level.encoder.AesCbcDecryptEncoder(key=None, iv=None, key_size=16, key_provider=None)¶ AES CBC Decrypt encoder. See
AesDecryptEncoderfor parameter description.
-
katnip.model.low_level.encoder.AesCbcEncryptEncoder(key=None, iv=None, key_size=16, key_provider=None, padder=None)¶ AES CBC Encrypt encoder. See
AesEncryptEncoderfor parameter description.
-
class
katnip.model.low_level.encoder.AesDecryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockDecryptEncoderAES decryption encoder. See
BlockCipherEncoderfor parameters.
-
katnip.model.low_level.encoder.AesEcbDecryptEncoder(key=None, iv=None, key_size=16, key_provider=None)¶ AES ECB Decrypt encoder. See
AesDecryptEncoderfor parameter description.
-
katnip.model.low_level.encoder.AesEcbEncryptEncoder(key=None, iv=None, key_size=16, key_provider=None, padder=None)¶ AES ECB Encrypt encoder. See
AesEncryptEncoderfor parameter description.
-
class
katnip.model.low_level.encoder.AesEncryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockEncryptEncoderAES encryption encoder. See
BlockCipherEncoderfor parameters.
-
class
katnip.model.low_level.encoder.BlockCipherEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
kitty.model.low_level.encoder.StrEncoderGeneric block cipher encoder.
-
__init__(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ All fields default to None. :type key: str :param key: encryption key, must be 8 bytes :param iv: iv, must be 8 bytes long, if None - use zeros :param mode: encrytion mode :param key_size: size of key, should be provided only when using key provider :type key_provider: function(key_size) -> str :param key_provider: function that returns key :type padder: function(str, block_size) -> str :param padder: function that pads the data, if None - will pad with zeros
-
-
class
katnip.model.low_level.encoder.BlockDecryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockCipherEncoderGeneric block cipher decryption encoder. See
BlockCipherEncoderfor parameters.-
encode(data)¶
-
-
class
katnip.model.low_level.encoder.BlockEncryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockCipherEncoderGeneric block cipher encryption encoder.
-
encode(data)¶
-
-
class
katnip.model.low_level.encoder.Des3DecryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockDecryptEncoder3DES decryption encoder. See
BlockCipherEncoderfor parameters.
-
class
katnip.model.low_level.encoder.Des3EncryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockEncryptEncoder3DES encryption encoder. See
BlockCipherEncoderfor parameters.
-
class
katnip.model.low_level.encoder.DesDecryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockDecryptEncoderDES decryption encoder. See
BlockCipherEncoderfor parameters.
-
class
katnip.model.low_level.encoder.DesEncryptEncoder(key=None, iv=None, mode=None, key_size=None, key_provider=None, padder=None)¶ Bases:
katnip.model.low_level.encoder.BlockEncryptEncoderDES encryption encoder. See
BlockCipherEncoderfor parameters.
Radamsa wrapper to generate mutations using radamsa.
You can get radamsa at https://github.com/aoh/radamsa
-
class
katnip.model.low_level.radamsa.RadamsaField(value, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None, fuzz_count=1000, seed=123456, bin_path=None)¶ Bases:
kitty.model.low_level.field.BaseFieldThis class uses radamsa to generate payload based on a given input. Since radamsa can run infinitly, it is limited by the user, by specifying the amount of payloads to generate (fuzz_count). To provide repeatablity, the user provides a seed that is used to generate seeds for radamsa. If radamsa is not installed in the system path, the user can provide the path (bin_path). If bin_path not specified, it will be assumed that the radamsa binary is in the path already.
Example: from katnip.model.low_level.radamsa import RadamsaField RadamsaField(name='ip address', value='127.0.0.1', fuzz_count=20, bin_path='/path/to/radamsa')
-
__init__(value, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None, fuzz_count=1000, seed=123456, bin_path=None)¶ Parameters: - value – default value
- encoder (
ENC_STR_DEFAULT) – encoder for the field - fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
- fuzz_count – fuzz count (default: 1000)
- seed – random seed for generating radamsa seeds (default: 123456)
- bin_path – path to the radamsa binary (default: None)
-
get_info()¶
-
num_mutations()¶ Returns: number of mutations this field will perform
-
reset()¶
-
-
class
katnip.model.low_level.scapy.ScapyField(value, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None, fuzz_count=1000, seed=1024)¶ Bases:
kitty.model.low_level.field.BaseFieldWrap a fuzzed scapy.packet.Packet object as a kitty field. Since the fuzzing parameters can be configured by the fuzz function of Scapy, this field assumes that the fuzz function was already called on the given field
Example: from scapy.all import * tcp_packet = IP()/TCP() field = ScapyField(value=fuzz(tcp_packet), name='tcp packet', fuzz_count=50, seed=1000)
-
__init__(value, encoder=<kitty.model.low_level.encoder.StrEncoder object>, fuzzable=True, name=None, fuzz_count=1000, seed=1024)¶ Parameters: - value – scapy_packet_class
- encoder (
ENC_STR_DEFAULT) – encoder for the field - fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
- fuzz_count – fuzz count (default: 1000)
- seed – random seed (default: 1024)
-
get_info()¶
-
num_mutations()¶ Returns: number of mutations this field will perform
-
reset()¶
-
katnip.monitors package¶
Submodules¶
Network monitor
-
class
katnip.monitors.network.NetworkMonitor(interface, dir_path, name, logger=None)¶ Bases:
kitty.monitors.base.BaseMonitorNetworkMonitor is a monitor for network activity on a specific interface. It runs on a separate thread, and currently requires root permissions or CAP_NET_RAW capabilities on Linux.
-
__init__(interface, dir_path, name, logger=None)¶ Parameters: - interface – name of interface to listen to
- dir_path – path to store captured pcaps
- name – name of the monitor
- logger – logger for the monitor instance
-
post_test()¶ Store the pcap.
-
pre_test(test_number)¶ Clean the packet list.
-
setup()¶ Open the L2socket.
-
teardown()¶ Close the L2socket.
-
-
class
katnip.monitors.serial.SerialMonitor(name, dev_name=None, baudrate=115200, capture_dir='.', logger=None)¶ Bases:
kitty.monitors.base.BaseMonitorSerialMonitor monitors the output of a serial connection by looking for a pattern in the serial output.
This monitor captures all the received data from the serial, but it is also able to detect successful/failed tests by looking for specific patterns in the serial output.
Note
The monitor can work either with a success pattern (failure if pattern was not found) or with a failure pattern (success if pattern was not found)
Examples: Setting a monitor that will fail a test if a line that contains “stack smashing detected” appears in the serial
monitor = SerialMonitor('detect smash monitor', '/dev/ttyUSB0', capture_dir='serial_caps') monitor.set_failure_pattern('stack smashing detected')
Setting a monitor that will fail a test if a line that contains either “reboot” or “restart” appears on the serial (utilizing regex)
monitor = SerialMonitor('detect reboot monitor', '/dev/ttyUSB0', capture_dir='serial_caps') monitor.set_failure_pattern('(reboot)|(restart)')
-
__init__(name, dev_name=None, baudrate=115200, capture_dir='.', logger=None)¶ Parameters: - name – name of the monitor object
- dev_name – serial device
- baudrate – serial baudrate
- capture_dir – where to store the captured serial output
- logger – logger for the monitor object
-
add_failure_pattern(failure_pattern)¶ Set a pattern that declares the test as failed if received
Parameters: failure_pattern (str) – regular expression pattern of output that signifies failure (e.g. potential bug there)
-
add_pattern_callback(pattern, cb)¶ Add a pattern to search for on the serial output, and the callback that will be called when the pattern is found.
Parameters: - pattern (str) – regular expression pattern to be searched for in the serial output
- cb (callable) – the callback to be called when pattern is found; must accept 3 params: (1) a SerialMonitor instance (2) the matching line (3) the re match object of the found match
-
add_success_pattern(success_pattern)¶ Set a pattern that declares the test successful if received
Parameters: success_pattern (str) – regular expression pattern of output that signifies success (e.g. no bug there)
-
close_fd()¶
-
post_test()¶
-
pre_test(test_number)¶
-
set_failure_pattern(failure_pattern)¶
-
set_success_pattern(success_pattern)¶
-
setup()¶
-
teardown()¶
-
-
class
katnip.monitors.ssh.SSHMonitor(name, username, password, hostname, port, status_command, restart_command=None, logger=None)¶ Bases:
kitty.monitors.base.BaseMonitorSSHMonitor monitors target ip and runs a command over SSH in case it is not responding.
-
__init__(name, username, password, hostname, port, status_command, restart_command=None, logger=None)¶ Parameters: - name – name of the object
- username – ssh login username
- password – ssh login password
- hostname – ssh server ip
- port – ssh server port
- status_command – command to make sure target is alive
- restart_command – command to restart the target in case it is deadore
- logger – logger for this object (default: None)
-
post_test()¶
-
pre_test(test_number)¶
-
teardown()¶
-
-
class
katnip.monitors.ssh_file.SshFileMonitor(name, username, password, hostname, port, file_mask, local_dir, use_scp=False, fail_if_exists=True, setup_commands=[], on_fail_command=None, on_fail_delay=0, logger=None)¶ Bases:
kitty.monitors.base.BaseMonitorSshFileMonitor monitors for files using a file_mask. If found - moves files to local folder, renaming with test number.
-
X_pre_test(test_number)¶
-
__init__(name, username, password, hostname, port, file_mask, local_dir, use_scp=False, fail_if_exists=True, setup_commands=[], on_fail_command=None, on_fail_delay=0, logger=None)¶ Parameters: - name – name of the object
- username – ssh login username
- password – ssh login password
- hostname – ssh server ip
- port – ssh server port
- file_mask – file_mask to fetch
- local_dir – local_path to store fetched files
- use_scp – use the SCP protocol for transferring files instead of SFTP
- fail_if_exists – fail test if file exists (default: True)
- on_fail_command – command to run on failure (default: None)
- on_fail_delay – time to sleep after running on_fail_command (default: 0)
- logger – logger for this object (default: None)
-
post_test()¶
-
setup()¶ Called at the begining of the fuzzing session
-
teardown()¶
-
TelnetMonitor monitors the output of a telnet connection by looking for a pattern in the command output
-
class
katnip.monitors.telnet.TelnetMonitor(name, username, password, host, port=23, cmd_timeout=3, capture_dir='.', logger=None)¶ Bases:
kitty.monitors.base.BaseMonitor-
__init__(name, username, password, host, port=23, cmd_timeout=3, capture_dir='.', logger=None)¶ Parameters: - name – name of the monitor
- username – remote username
- password – remote password
- host – telnet host
- port – telnet port (default: 23)
- cmd_timeout – timtout for running the command (default: 3)
- capture_dir – where to store the telnet output (default: =’.’)
- logger – logger for the object (default: None)
-
add_monitor_cmd(cmd, expected_output=None)¶
-
add_post_test_cmd(cmd, expected_output=None)¶
-
add_pre_test_cmd(cmd, expected_output=None)¶
-
post_test()¶
-
pre_test(test_number)¶
-
set_failure_pattern(failure_pattern)¶ set a pattern that declares the test a failure if received
-
set_monitor_command(cmd)¶
-
set_success_pattern(success_pattern)¶ set a pattern that declares the test successful if received
-
setup()¶
-
teardown()¶
-
katnip.targets package¶
Submodules¶
-
class
katnip.targets.application.ApplicationTarget(name, path, args, env=None, tempfile=None, timeout=2, logger=None)¶ Bases:
kitty.targets.server.ServerTargetApplicationTarget will run an application for each fuzzed payloads
-
__init__(name, path, args, env=None, tempfile=None, timeout=2, logger=None)¶ Parameters: - name – name of the object
- path – path to the target executable
- args – arguments to pass to the process
- env – the process environment (default: None)
- tempfile – temp filename to be created with the mutated data as contents (default: None)
- timeout – seconds to wait for the process stdout and stderr output before kill (default: 2)
- logger – logger for this object (default: None)
Example: ApplicationTarget( name='ApplicationTarget', path='/tmp/myApp', args=['-a', '-b', '-c tempdata.bin'], env=None, tempfile='/tmp/tempdata.bin', timeout=1.5)
Will run
/tmp/myApp -a -b -c /tmp/tempdata.binfor evey mutation with timout of 1.5 seconds
-
post_test(test_num)¶
-
pre_test(test_num)¶
-
-
class
katnip.targets.file.FileTarget(name, file_path, base_name, postfix=None, logger=None)¶ Bases:
kitty.targets.server.ServerTargetFileTarget will create files with the fuzzed payloads
-
__init__(name, file_path, base_name, postfix=None, logger=None)¶ Parameters: - name – name of the target
- file_path – path to stores files at
- base_name – base file name, it will be appended by the test number
- postfix – filename postfix (default: None)
- logger – logger for the object (default: None)
Example: FileTarget('FileTarget', '/tmp', 'fuzzed', '.bin')
Will generate the followinf files:
/tmp/fuzzed_0.bin /tmp/fuzzed_1.bin /tmp/fuzzed_2.bin ...
-
pre_test(test_num)¶
-
-
class
katnip.targets.raw_udp.RawUdpTarget(name, interface, host, port, timeout=None, logger=None)¶ Bases:
katnip.targets.udp.UdpTargetRawUdpTarget is implementation of a UDP target using a raw socket
-
__init__(name, interface, host, port, timeout=None, logger=None)¶ Parameters: - name – name of the target
- interface – interface name
- host – host ip (to send data to) currently unused
- port – port to send to
- timeout – socket timeout (default: None)
- logger – logger for the object (default: None)
-
Warning
This module is not tested yet.
-
class
katnip.targets.serial.SerialTarget(name, device, baudrate=115200, timeout=0.5, open_at='setup', logger=None, expect_response=False)¶ Bases:
kitty.targets.server.ServerTargetFuzzing over serial (uart) line.
You can tell the target whether to reconnect each test (‘pre_test’), or only at the beginning of the entire fuzzing session (‘setup’), by specifying the matching string as the open_at parameter to
__init__-
__init__(name, device, baudrate=115200, timeout=0.5, open_at='setup', logger=None, expect_response=False)¶ Parameters: - name – name of the target
- device – serial device name/path
- baudrate – baud rate of the serial channel (default: 115200)
- timeout – receive timeout on the channel in seconds (default: 0.5)
- open_at (str) – at what stage should the port be opened. Either ‘setup’ or ‘pre_test’ (default: ‘setup’)
- logger – logger for this object (default: None)
- expect_response – should wait for response from the victim (default: False)
Examples: >>> SerialTarget('SomeTarget', '/dev/ttyUSB0', 57600) >>> SerialTarget('ToTarget', '/dev/ttyUSB0', timeout=5)
-
post_test(test_num)¶ Called after each test
Parameters: test_num – the test number
-
pre_test(test_num)¶ Called before each test
Parameters: test_num – the test number
-
setup()¶
-
teardown()¶
-
-
class
katnip.targets.ssl.SslTarget(name, host, port, timeout=None, logger=None)¶ Bases:
katnip.targets.tcp.TcpTargetSslTarget is an implementation of SSL target, used for testing HTTPs etc.
-
__init__(name, host, port, timeout=None, logger=None)¶ Parameters: - name – name of the target
- host – host ip (to send data to) currently unused
- port – port to send to
- timeout – socket timeout (default: None)
- logger – logger for the object (default: None)
-
-
class
katnip.targets.tcp.TcpTarget(name, host, port, max_retries=10, timeout=None, logger=None)¶ Bases:
kitty.targets.server.ServerTargetTcpTarget is implementation of a TCP target for the ServerFuzzer
-
__init__(name, host, port, max_retries=10, timeout=None, logger=None)¶ Parameters: - name – name of the target
- host – host ip (to send data to) currently unused
- port – port to send to
- max_retries – maximum connection retries (default: 10)
- timeout – socket timeout (default: None)
- logger – logger for the object (default: None)
-
post_test(test_num)¶ Called after a test is completed, perform cleanup etc.
-
pre_test(test_num)¶
-
-
class
katnip.targets.udp.UdpTarget(name, host, port, timeout=None, logger=None)¶ Bases:
kitty.targets.server.ServerTargetUdpTarget is implementation of a UDP target
-
__init__(name, host, port, timeout=None, logger=None)¶ Parameters: - name – name of the target
- host – host ip (to send data to) currently unused
- port – port to send to
- timeout – socket timeout (default: None)
- logger – logger for the object (default: None)
-
post_test(test_num)¶
-
pre_test(test_num)¶
-
set_binding(host, port, expect_response=False)¶ enable binding of socket to given ip/address
-
katnip.templates package¶
Templates for different protocols
Note
the templates themselves are not documented in here, please take a look at the source for the list of templates.
Submodules¶
Tempalte of a bittorent file.
Use it directly, or copy and modify it, as it generates many ( > 1M ) payloads.
This template is based on the MetaInfo file structure: https://wiki.theory.org/BitTorrentSpecification#Metainfo_File_Structure
bootp basic Template
FTP Protocol command templates. Based on RFC 959 (https://www.ietf.org/rfc/rfc959.txt)
Nice presentation about FTP can be found here: http://www.csun.edu/~jeffw/Semesters/2006Fall/COMP429/Presentations/Ch25-FTP.pdf
-
class
katnip.templates.ftp.TelnetString(command, optional=False, parameter=None, name=None)¶ Bases:
kitty.model.low_level.container.Templaterepresents: [Command]<SP>[Parameter]<CRLF>
-
__init__(command, optional=False, parameter=None, name=None)¶ Parameters: - command – command string
- optional – has optional parameter (default: False)
- parameter – optional parameter string(default: None)
- name – name of the field (default: None)
-
PNG Templates - There’s still work to be done
-
class
katnip.templates.png.Chunk(chunk_type, data_fields=None, fuzzable=True, name=None)¶ Bases:
kitty.model.low_level.container.ContainerPNG Chunk
-
__init__(chunk_type, data_fields=None, fuzzable=True, name=None)¶ Parameters: - chunk_type – four-char string (e.g. IHDR, iTXt, etc.)
- data_fields (field or list of fields) – chunk data(default: None)
- fuzzable – is the field fuzzable(default: True)
- name – name of the field(default: None)
-
-
katnip.templates.png.compression_func(s)¶
-
class
katnip.templates.png.iTXt(keyword, data, fuzzable=True, name='iTXt', compressed=False)¶ Bases:
katnip.templates.png.ChunkiTXt chunk.
-
__init__(keyword, data, fuzzable=True, name='iTXt', compressed=False)¶ Parameters: - keyword – chunk keyword
- data (str) – chunk data
- fuzzable – is the field fuzzable (default: True)
- name – name of the field (default: ‘tEXt’)
- compressed – is data compressed (default: False)
-
-
class
katnip.templates.png.tEXt(keyword, data, fuzzable=True, name='tEXt')¶ Bases:
katnip.templates.png.ChunktEXt chunk.
-
__init__(keyword, data, fuzzable=True, name='tEXt')¶ Parameters: - keyword – chunk keyword
- data (str) – chunk data
- fuzzable – is the field fuzzable (default: True)
- name – name of the field (default: ‘tEXt’)
-
-
class
katnip.templates.png.zTXt(keyword, data, fuzzable=True, name='zTXt')¶ Bases:
katnip.templates.png.ChunkzTXt chunk.
-
__init__(keyword, data, fuzzable=True, name='zTXt')¶ Parameters: - keyword – chunk keyword
- data (str) – chunk data
- fuzzable – is the field fuzzable (default: True)
- name – name of the field (default: ‘zTXt’)
-
USB Protocol tempaltes. The templates here are based on the USB 2.0 spec. All page / section references are for the USB 2.0 spec document The USB 2.0 may be downloaded from: http://www.usb.org/developers/docs/usb20_docs/usb_20_042814.zip
-
class
katnip.templates.usb.Descriptor(name, descriptor_type, fields, fuzz_type=True)¶ Bases:
kitty.model.low_level.container.TemplateUSB descriptor template.
-
__init__(name, descriptor_type, fields, fuzz_type=True)¶
-
-
class
katnip.templates.usb.R2PDataBlock(name, status, error, chain_param, ab_data, fuzzable=True)¶ Bases:
kitty.model.low_level.container.Template-
__init__(name, status, error, chain_param, ab_data, fuzzable=True)¶
-
-
class
katnip.templates.usb.R2PDataRateAndClockFrequency(name, status, error, freq, rate, fuzzable=True)¶ Bases:
kitty.model.low_level.container.Template-
__init__(name, status, error, freq, rate, fuzzable=True)¶
-
-
class
katnip.templates.usb.R2PEscape(name, status, error, ab_data, fuzzable=True)¶ Bases:
kitty.model.low_level.container.Template-
__init__(name, status, error, ab_data, fuzzable=True)¶
-
-
class
katnip.templates.usb.R2PParameters(name, status, error, proto, ab_data, fuzzable=True)¶ Bases:
kitty.model.low_level.container.Template-
__init__(name, status, error, proto, ab_data, fuzzable=True)¶
-
-
class
katnip.templates.usb.R2PSlotStatus(name, status, error, clock_status, fuzzable=True)¶ Bases:
kitty.model.low_level.container.Template-
__init__(name, status, error, clock_status, fuzzable=True)¶
-
katnip.utils package¶
Submodules¶
-
class
katnip.utils.sshutils.ReconnectingSSHConnection(hostname, port, username, password, use_scp=False, scp_sanitize=None)¶ Bases:
objectA wrapper around paramiko’s SSHClient which handles connection dropouts gracefully.
-
__init__(hostname, port, username, password, use_scp=False, scp_sanitize=None)¶ Parameters: - hostname – ssh server hostname or ip
- port – ssh server port
- username – ssh login username
- password – ssh login password
- use_scp – use the SCP protocol for transferring files instead of SFTP (default: False)
- scp_sanitize – sanitization function used on filenames passed to the scp module, if used. (defaut: no sanitization)
-
close()¶ Close the connection
-
exec_command(command)¶ Execute a command on the ssh server.
Parameters: command – the command string to execute Returns: a tuple of the return_code from the command, the stdout output and the stderr output
-
get(remotepath, localpath)¶ Get a file from the ssh server using sftp or scp.
Parameters: - remotepath – the remote path of the file to be copied
- localpath – the local path to which the file should be copied
Raises: OSException or IOException if file not found
-
put(localpath, remotepath)¶ Put a file on the ssh server using sftp or scp.
Parameters: - localpath – the local path to the file to copy
- remotepath – the remote path to which the file should be copied
Raises: OSException or IOException if file not found
-
remove(remotepath)¶ Remove a file from the ssh server using sftp or scp.
Parameters: remotepath – the remote path of the file to be removed Raises: OSException or IOException if file not found
-