A distributed fuzzing management framework
As stated in this issue we're currently unable to provide full support/maintenance for this project. Anyhow, feel free to contribute via PR's and we make sure to timely review the suggested changes to let this project not rot away.
Lucky CAT (Crash All the Things!) is a distributed fuzzing testing suite with an easy to use web interface. It allows to manage several fuzzing jobs on several remote machines concurrently. Lucky CAT aims to be easily usable, scaleable, extensible, and fun.
Lucky CAT's origin is Joxean Koret's Nightmare Fuzzing Project. However, there may be only traces of Nightmare and Lucky CAT is more 2018-ish by relaying, amongst others, on Bootstrap, Docker, MongoDB, Python 3, and RabbitMQ.
Lucky CAT offers the following features:
cfuzz
, afl
, afl-otherarch
wrappers and many moreAnd because we use it to find bugs:
You need a recent Linux distribution like Ubuntu 18.04 and at least Docker 18.06.0 as well as docker-compose 1.22.0 to build Lucky CAT. Even though you may not need to worry about the installation of further requirements thanks to Docker, Lucky CAT relies on many amazing open source projects (see PROPS.md).
Pull the whole project:
git clone https://github.com/fkie-cad/luckycat.git
Just use the script start_cluster.sh
to build the app - if required - and start Lucky CAT. Afterwards navigate to https://localhost:5000 and create a new user.
In case you wish to remove Lucky CAT, you may use the script docker/clean_docker.sh
. Please note that this script deletes all Docker images and containers on your system as well as your Lucky CAT data.
The workflow of Lucky CAT is as follows:
If you wish to integrate or automate Lucky CAT then you may want to have a look at its RESTful API.
While there are several ways to extend the code, the easiest way is to integrate another fuzzer or verifier.
There are two example fuzzers in luckycat/fuzzers/templates
. One of them is written in C and one in Python. Use them as basis and extend them in order to add another fuzzer to Lucky CAT.
Similarly, you can extend Lucky CAT by building upon luckycat/verifier/templates
.
Contributions are always welcomed. Just fork it and open a pull request!
This project is partly financed by German Federal Office for Information Security (BSI).
Copyright (C) 2018 - Fraunhofer FKIE ([email protected])
Copyright (C) 2013 - 2015 Joxean Koret ([email protected])
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Some plug-ins may have different licenses. If so, a license file is provided in the plug-in's folder.