Web user interface and service agent for the monitoring and remote management of WinAFL.

Overview

WinAFL Pet

GitLab pipeline status Docker Cloud Build Status Docker Cloud Automated build Docker Image Size (tag) GitHub

WinAFL Pet is a web user interface dedicated to WinAFL remote management via an agent running as a system service on fuzzing machines. The purpose of this project is to allow easy monitoring of fuzzing jobs running on several remote machines. Typical use case is to run the server component on a NAS or Raspberry PI and deploy agents on a virtualization server as you like. The below figure shows this typical deployment scenario.

Demo

WinAFL Pet demo screencapture

Requirements

The following tools must be available on the fuzzing machine. It is recommended to install all the tools in a single directory (e.g. C:\Tools\...) for easier management. In general, if WinAFL runs fine manually, should be also fine when run by the agent. In fact, start fuzzing manually and continue with the agent once everything is set up correctly.

Deployment

Server

The server is written in Go using the Gin web framework and it is running in a minimal Docker image based on Alpine Linux. You could use the following command to start a container with persistent data storage:

> docker run -p 127.0.0.1:4141:4141 \
    -v /path/to/winaflpet/data:/opt/winaflpet/data \
    sgabe/winaflpet

Agent

The agent is also written in Go and designed for minimal footprint. Currently it uses the Windows Credential Vault to store an automatically generated API key. A service account with Log on as a service permission is necessary to retrieve the API key from the vault. See the FAQ for more information. Note down the key as it will be necessary to create a new agent on the management interface.

> winaflpet-agent.exe --service install
  Username of service account: fuzzy\gabor
  Password of service account: ********
  Secret key of service account: 
> winaflpet-agent.exe --service start

Usage

Currently the default user is admin with the hostname or Docker container ID as password. Do not forget to change the default password after logging in. Follow the below steps to start fuzzing:

  1. Go to the Agents page and create a new agent using the previously generated secret key.
  2. Go to the Jobs page and create a new job associated with the agent created in the previous step.
  3. Start a fuzzing instance by clicking on the play icon.
  4. Be patient until the start request completes (and WinAFL finishes the dry-run).
  5. View statistics by clicking on the eye icon.
  6. Check running instances by clicking on the circle icon.
  7. Collect crash data by clicking on the cloud icon.
  8. Go to the Crashes page to verify new crashes by clicking on the pencil icon.
  9. Go to the Jobs page and stop all fuzzing instances by clicking on the stop icon.

Environment variables

Some of the configuration options are exposed via environment variables to be used in the container. This allows you to customize WinAFL Pet without creating or modifying configuration files. The below table summarizes the available environment variables and their default settings.

Variable Default
WINAFLPET_DATA data
WINAFLPET_HOST 127.0.0.1
WINAFLPET_PORT 4141
WINAFLPET_LOG winaflpet.log

Building WinAFL Pet

You can build the server in a Docker container on Linux:

make server

Or the service binary for the agent on Windows:

make agent

FAQ

How do I configure a user account to have Logon as a service permission?

Perform the following to edit the Local Security Policy of the computer where you want to fuzz:

  1. Open the Local Security Policy.
  2. Expand Local Policies and click on User Rights Assignment.
  3. In the right pane, double-click Log on as a service.
  4. Click on the Add User or Group... button to add the new user.
  5. In the Select Users or Groups dialogue, find the user you wish to enter and click OK.
  6. Click OK in the Log on as a service Properties to save changes.

Ensure that the user which you have added above is not listed in the Deny log on as a service policy in the Local Security Policy.

Issues
  • How to goto the web page?

    How to goto the web page?

    now I run docker in linux and agent in Windows,but cannot find the web page,there is some screenshot: image image image any suggestion? and also,I tried to change the listening port,but no result,it still use 4141

    opened by jie-xiao 5
  • cannot build it

    cannot build it

    so I cannot build it my system is kali_vm-2020-04 when use make server,some WARNING appers: WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping go: github.com/Arafatk/[email protected]: Get "https://proxy.golang.org/github.com/%21arafatk/glot/@v/v0.0.0-20180312013246-79d5219000f0.mod": dial tcp 216.58.199.17:443: connect: connection refused
    there is full output:

    $ make server fatal: not a git repository (or any of the parent directories): .git fatal: not a git repository (or any of the parent directories): .git docker build
    --build-arg BUILD_VER=0.0.3
    --build-arg BUILD_REV=
    --build-arg BUILD_DATE=
    -t sgabe/winaflpet:0.0.3 . Sending build context to Docker daemon 372.1MB Step 1/28 : FROM [email protected]:4d8abd16b03209b30b48f69a2e10347aacf7ce65d8f9f685e8c3e20a512234d9 as builder ---> b3bc898ad092 Step 2/28 : ARG BUILD_VER ---> Using cache ---> 273ae2890698 Step 3/28 : ARG BUILD_REV ---> Using cache ---> 216bfe5352c3 Step 4/28 : ARG BUILD_DATE ---> Using cache ---> 1bdfdf06ff54 Step 5/28 : ENV BUILD_VER ${BUILD_VER} ---> Using cache ---> e29ab0141782 Step 6/28 : ENV BUILD_REV ${BUILD_REV} ---> Using cache ---> 034dc16b3159 Step 7/28 : ENV BUILD_DATE ${BUILD_DATE} ---> Using cache ---> c4bfb2130b0a Step 8/28 : ENV GO111MODULE=on ---> Using cache ---> c9ab107748f0 Step 9/28 : ENV USER=winaflpet ---> Using cache ---> 622ae2639eea Step 10/28 : ENV UID=10001 ---> Using cache ---> 605d4af34d59 Step 11/28 : LABEL org.label-schema.build-date=$BUILD_DATE org.label-schema.vcs-url="https://github.com/sgabe/winaflpet.git" org.label-schema.vcs-ref=$BUILD_REV org.label-schema.schema-version="1.0.0-rc1" ---> Using cache ---> 4aa1e33622ac Step 12/28 : COPY . /tmp/winaflpet/ ---> 9865bf28f536 Step 13/28 : RUN apk update && apk add --no-cache git ca-certificates tzdata gnuplot libc-dev gcc && update-ca-certificates && adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "${UID}" "${USER}" && cd /tmp/winaflpet/server && go get -d -v . && CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-X main.BuildVer=$BUILD_VER -X main.BuildRev=$BUILD_REV -w -s -extldflags '-static'" -a -o /tmp/winaflpet/winaflpet . ---> Running in a31040ec5713 fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz v3.12.4-13-gd2f1c4c4bf [http://dl-cdn.alpinelinux.org/alpine/v3.12/main] v3.12.4-14-g9c39e1ba94 [http://dl-cdn.alpinelinux.org/alpine/v3.12/community] OK: 12757 distinct packages available fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz (1/54) Upgrading musl (1.1.24-r9 -> 1.1.24-r10) (2/54) Installing libgcc (9.3.0-r2) (3/54) Installing libstdc++ (9.3.0-r2) (4/54) Installing binutils (2.34-r1) (5/54) Installing gmp (6.2.0-r0) (6/54) Installing isl (0.18-r0) (7/54) Installing libgomp (9.3.0-r2) (8/54) Installing libatomic (9.3.0-r2) (9/54) Installing libgphobos (9.3.0-r2) (10/54) Installing mpfr4 (4.0.2-r4) (11/54) Installing mpc1 (1.1.0-r1) (12/54) Installing gcc (9.3.0-r2) (13/54) Installing nghttp2-libs (1.41.0-r0) (14/54) Installing libcurl (7.69.1-r3) (15/54) Installing expat (2.2.9-r1) (16/54) Installing pcre2 (10.35-r0) (17/54) Installing git (2.26.3-r0) (18/54) Installing libxau (1.0.9-r0) (19/54) Installing libbsd (0.10.0-r0) (20/54) Installing libxdmcp (1.1.3-r0) (21/54) Installing libxcb (1.14-r1) (22/54) Installing libx11 (1.6.12-r0) (23/54) Installing libxext (1.3.4-r0) (24/54) Installing libxrender (0.9.10-r3) (25/54) Installing brotli-libs (1.0.9-r1) (26/54) Installing libbz2 (1.0.8-r1) (27/54) Installing libpng (1.6.37-r1) (28/54) Installing freetype (2.10.4-r0) (29/54) Installing libuuid (2.35.2-r0) (30/54) Installing fontconfig (2.13.1-r2) (31/54) Installing pixman (0.40.0-r2) (32/54) Installing cairo (1.16.0-r2) (33/54) Installing libjpeg-turbo (2.0.5-r0) (34/54) Installing libwebp (1.1.0-r0) (35/54) Installing libgd (2.3.0-r1) (36/54) Installing libffi (3.3-r2) (37/54) Installing libintl (0.20.2-r0) (38/54) Installing libblkid (2.35.2-r0) (39/54) Installing libmount (2.35.2-r0) (40/54) Installing pcre (8.44-r0) (41/54) Installing glib (2.64.6-r0) (42/54) Installing lua5.3-libs (5.3.5-r6) (43/54) Installing libxft (2.3.3-r0) (44/54) Installing fribidi (1.0.9-r0) (45/54) Installing graphite2 (1.3.14-r0) (46/54) Installing harfbuzz (2.6.6-r0) (47/54) Installing pango (1.44.7-r2) (48/54) Installing ncurses-terminfo-base (6.2_p20200523-r0) (49/54) Installing ncurses-libs (6.2_p20200523-r0) (50/54) Installing readline (8.0.4-r0) (51/54) Installing gnuplot (5.2.8-r0) (52/54) Installing musl-dev (1.1.24-r10) (53/54) Installing libc-dev (0.7.2-r3) (54/54) Installing tzdata (2021a-r0) Executing busybox-1.31.1-r16.trigger OK: 180 MiB in 68 packages WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping go: github.com/Arafatk/[email protected]: Get "https://proxy.golang.org/github.com/%21arafatk/glot/@v/v0.0.0-20180312013246-79d5219000f0.mod": dial tcp 216.58.199.17:443: connect: connection refused
    The command '/bin/sh -c apk update && apk add --no-cache git ca-certificates tzdata gnuplot libc-dev gcc && update-ca-certificates && adduser --disabled-password --gecos "" --home "/nonexistent" --shell "/sbin/nologin" --no-create-home --uid "${UID}" "${USER}" && cd /tmp/winaflpet/server && go get -d -v . && CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -ldflags="-X main.BuildVer=$BUILD_VER -X main.BuildRev=$BUILD_REV -w -s -extldflags '-static'" -a -o /tmp/winaflpet/winaflpet .' returned a non-zero code: 1 make: *** [Makefile:16: server] Error 1

    opened by jie-xiao 0
Releases(v0.5.0)
  • v0.5.0(Jun 8, 2022)

    Added

    • Ability to export/import jobs.
    • Periodic email alerts of new crashes.
    • Button to purge crash records from database.

    Changed

    • Update Bootstrap icons to v1.8.3.
    • Update button style for jobs.
    • Update Docker base images.
    Source code(tar.gz)
    Source code(zip)
  • v0.4.0(Feb 5, 2022)

  • v0.3.1(Feb 2, 2022)

    Changed

    • More specific regex pattern for crash detection.

    Fixed

    • Replace invalid execs_per_sec value for unmarshaling.
    • Ignore unspecified or zero value for memory limit.
    Source code(tar.gz)
    Source code(zip)
  • v0.3.0(Dec 18, 2021)

    Added

    • Support for using WinAFL as a pre-configured tool for DynamoRIO.
    • Support for afl-fuzz environment variables and autoresume.

    Changed

    • Update fuzzing job templates.

    Fixed

    • Purging of crash recrods from the database.
    • Handle error when Python path is incorrect.
    • Use the randomly generated shared memory name.
    Source code(tar.gz)
    Source code(zip)
  • v0.2.0(Nov 2, 2021)

  • v0.1.0(Oct 10, 2021)

    Added

    • Support for sample delivery via shared memory.

    Changed

    • Set coverage type values in job creation form.
    • Update build constraints.
    • Migrate structable from Masterminds to sgabe.

    Fixed

    • Increase the width of the search box.
    • Overflowing card header.
    • Hide pager for single page.
    Source code(tar.gz)
    Source code(zip)
  • v0.0.7(Oct 2, 2021)

  • v0.0.6(Apr 10, 2021)

  • v0.0.5(Apr 1, 2021)

  • v0.0.4(Mar 22, 2021)

    Added

    • Flag to enable debug mode and non-secure session cookie.
    • Show bitmap coverage information among overall results.

    Fixed

    • Show target method when offset is not specified.
    • Binding to command line host and port flags.
    • Anonymous function as parameter to setTimeout().

    Changed

    • Allow running up to 20 fuzzer instances simultaneously.
    • Reload the page after successfully starting a job.
    • Use goroutine to read process's standard output.
    • More specific regex pattern to find crash samples.
    Source code(tar.gz)
    Source code(zip)
  • v0.0.3(Jan 24, 2021)

    Added

    • Support additional command line arguments for target application.
    • Support for absolute paths for input and output.

    Fixed

    • Fix regex pattern used to extract crash location from BugId output.
    • Return early on invalid number of PIDs provided for checking a job.
    • Missing instrumentation option to set target_offset.

    Changed

    • Use smaller font size in footer for mobile screens.
    • Allow crash analysis when page heap is not enabled.
    • Allow running up to 8 fuzzer instances simultaneously.
    • Sort crashes in descending order by internal ID.
    • Update crash file paths when resuming aborted jobs.
    • Increase request timeout to avoid errors when starting jobs.
    • Increase database query limit to display more crashes.
    • Refactor crash template.
    • Improve regex pattern to detect system errors.

    Removed

    • Unused id attributes in the HTML templates.
    • Unused CSS stylesheet.
    Source code(tar.gz)
    Source code(zip)
  • v0.0.2(Dec 14, 2020)

  • v0.0.1(Dec 14, 2020)

Owner
Gabor Seljan
If there is one, there is more.
Gabor Seljan
IT Asset Fleet Remote Management and Monitoring (RMM) platform

ratd Remote Access Toolkit Daemon IT Asset Remote Management and Monitoring (RMM) platform How to use: You can't, just yet. Release Plan Release 0 Cre

null 7 May 27, 2022
Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd data, and intelligent diagnosis.

Kstone 中文 Kstone is an etcd management platform, providing cluster management, monitoring, backup, inspection, data migration, visual viewing of etcd

TKEStack 544 Jun 27, 2022
Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo

igo agent 英文 | 中文 Igo Agent is the agent of Igo, a command-line tool, through which you can quickly start Igo, and other capabilities may be added lat

null 1 Dec 22, 2021
Shoes-agent - Framework for myshoes provider using agent

shoes-agent Framework for myshoes provider using agent. agent: agent for shoes-a

Tachibana waita 2 Jan 8, 2022
Cloudbase Solutions 1 Feb 17, 2022
Integrated ssh-agent for windows. (pageant compatible. openSSH ssh-agent etc ..)

OmniSSHAgent About The chaotic windows ssh-agent has been integrated into one program. Chaos Map of SSH-Agent on Windows There are several different c

YAMASAKI Masahide 18 Jun 3, 2022
⚡️ Control plane management agent for FD.io's VPP

VPP Agent The VPP Agent is a Go implementation of a control/management plane for VPP based cloud-native Virtual Network Functions (VNFs). The VPP Agen

EMnify 0 Aug 3, 2020
Metrics go: CudgX indicator management tool, which integrates monitoring and data analysis indicator capabilities

Metrics-Go metrics-go 是cudgx指标打点工具,它集成了监控和数据分析指标能力。 数据流程 指标数据流程为: 用户代码调用打点 SDK指标

Galaxy-Future 10 Mar 1, 2022
Help developer to sync between local file and remote apollo portal web since portal web is so messy to use

apollo-synchronizer Help developer to sync between local file and remote apollo portal web since portal web is so messy to use Features download names

yeqown 3 May 16, 2022
Amazon Elastic Container Service Agent

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

Amazon Web Services 1.9k Jun 26, 2022
Amazon ECS Container Agent: a component of Amazon Elastic Container Service

Amazon ECS Container Agent The Amazon ECS Container Agent is a component of Amazon Elastic Container Service (Amazon ECS) and is responsible for manag

null 0 Dec 28, 2021
Open URL in your local web browser from the SSH-connected remote environment.

opener Open URL in your local web browser from the SSH-connected remote environment. How does opener work? opener is a daemon process that runs locall

Kazuki Suda 54 Jun 24, 2022
Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA)

Sign Container Images with cosign and Verify signature by using Open Policy Agent (OPA) In the beginning, I believe it is worth saying that this proje

Batuhan Apaydın 58 May 28, 2022
ip-masq-agent-v2 aims to solve more specific networking cases, allow for more configuration options, and improve observability compared to the original.

ip-masq-agent-v2 Based on the original ip-masq-agent, v2 aims to solve more specific networking cases, allow for more configuration options, and impro

Microsoft Azure 3 Jun 1, 2022
Bastionzeros Agent and Daemon!

Bzero Bastionzero Bastionzero is a simple to use zero trust access SaaS for dynamic cloud environments. Bastionzero is the most secure way to lock dow

Bastion Zero 5 Mar 29, 2022
The metrics-agent collects allocation metrics from a Kubernetes cluster system and sends the metrics to cloudability

metrics-agent The metrics-agent collects allocation metrics from a Kubernetes cluster system and sends the metrics to cloudability to help you gain vi

null 0 Jan 14, 2022
Telegraf - An agent for collecting, processing, aggregating, and writing metrics

Telegraf Telegraf is an agent for collecting, processing, aggregating, and writi

null 0 Feb 11, 2022
A lightweight, cloud-native data transfer agent and aggregator

English | 中文 Loggie is a lightweight, high-performance, cloud-native agent and aggregator based on Golang. It supports multiple pipeline and pluggable

null 682 Jun 21, 2022
nano-gpu-agent is a Kubernetes device plugin for GPU resources allocation on node.

Nano GPU Agent About this Project Nano GPU Agent is a Kubernetes device plugin implement for gpu allocation and use in container. It runs as a Daemons

Nano GPU 40 Jun 10, 2022