首页
社区
课程
招聘
[旧帖] [原创][申请邀请码]GPF各种模式及命令参数 0.00雪花
发表于: 2011-3-7 15:26 912

[旧帖] [原创][申请邀请码]GPF各种模式及命令参数 0.00雪花

2011-3-7 15:26
912
最近在学习GPF,把其具体模式和参数命令总结下:
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF
{{{Bad args -- Did you choose a mode?}}}

General Purpose Fuzzer (GPF) - By: Jared DeMott

'-h R' for the pure fuzz usage
'-h C' for the convert usage
'-h G' for the basic GPF usage
'-h P' for the Pattern Matching GPF usage
'-h p' for the newer Pattern Matching GPF usage ((don't use, not done))
'-h E' for the Evolutionary Fuzzer System (GPF portion) usage
'-h X' for the Replay Evolutionary data from mysqldb
'-h' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
---------------------------------------------------------------------------------------------------------------------------------root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h R ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

Random fuzzing Mode (-R +|x-y)
Usage: GPF <ModeArgs> <hostname/IP> <PORT> <SPORT> <TCP/UDP> <SEED> <DELAY>
        ModeArgs = '-R +|x-y'
                Can specify a range of pkts to send; put only + to send all
        IP = IP address of target. [localhost]
        PORT = Destination port. [21]
        SPORT = Source port. Use a ? for don't care. [?]
        TCP/UDP = Protocol type. [TCP]
        SEED = Any string of numbers (Allows a successful attack to be repeated). [82645286]
        DELAY = Any number of microseconds. [1000]

'-h R' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h C ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

Convert Mode
Usage: GPF -C <filein> <fileout>
        filein = pcap file to read in
        fileout = fileanme to output converted txt.gpf

'-h C' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h G ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

GPF mode (-G b|f|l|r)
Usage: GPF <AttackMode> <CaptureFile> <ReplayMode> <hostname/IP> <PORT> <SPORT> <TCP/UDP> <SEED> <DELAY> <LStart> <LStop> <PStart> <PStop> <AStart> <AInc> <AStop> <AChar> <CycleMode> <extraAttacks> <ReadWait> <PrintChoice> <UserFunc>
        AttackMode Args = '-G r|b|f|l'  [-G b]
                r : Replay - For verification; no attack but can still use userFunc. Starts at LINE.
                b : Buffer overflow attack
                f : Format bug attack  (6e is n; a good choice when searching for format bugs)
                l : Logic (bit flipping) attack - AStart, Inc, Stop, and Char have special meaning - See README.
                        Use AStart, AInc, and AStop to count how many times. POS and AChar have no meaning.
        CaptureFile = File name of the captured traffic to replay. [mycapture.gpf]
        ReplayMode = 'client' (test servers); 'server' (test clients). [client]
        IP = IP address of target or IP address to bind to. [localhost]
        PORT = Destination port or Port to listen on. [21]
        SPORT = Source port. Use a ? for don't care. Only affects client mode. [?]
        TCP/UDP = Protocol type. [TCP]
        SEED = For repeatable randomness (allows a successful test to be repeated). [82645286]
        DELAY = Any number of microseconds [1000]
        LStart = Decimal packet number (which 'leg' of the session) to begin fuzzing on. [0]
        LStop = Decimal packet number (which 'leg' of the session) to stop fuzzing at. [+] (+ = all legs)
        PStart = Decimal position in the data (if 40bytes of data, then 1-40;if>max skip leg) to begin fuzzing at. [0]
        PStop = Decimal position in the data (if 40bytes of data, then 1-40) to stop fuzzing at. [+] (+ = max position)
        AStart = Decimal sized number of bytes to start attacking with. [0]
        AInc = Decimal size number of bytes to increment attack by. [255]
        AStop = Decimal size number of bytes to stop at. [17000]
        AChar = Hex character to fill attack buffer with. Use the from 41 for 'A', etc.
                If AChar equal to 43, then fill with random data (for all three modes). [6e]
        CycleMode = 'close' fd after each attack, or 'finish' replaying as much of capture file as possible. [finish]
        ExtraAttacks = Normal is 1 attackleg/session.  This option allows for multile attacklegs/session. [0]
        ReadWait = How many seconds to wait in a read if data is not availible. [3]
        PrintChoice = Print choice in which to display the session - ascii; hex; auto. [auto]
        UserFunc = Name of user defined code.  Use 'none' if none. [none]

'-h G' for this usage
NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h P ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

Pattern (Tokenizer) GPF mode
Usage: GPF -P <CaptureFile> <ReplayMode> <hostname/IP> <PORT> <SPORT> <TCP/UDP> <SEED> <DELAY> <ReadWait> <PrintChoice> <UserFunc> <TokPrint> <TokAid> <MutationRate> <OnSessionSetupError>
        -P = Pattern Matching tokenizes each piece of each leg and inserts random attacks based on patterns.
        CaptureFile = File name of the captured traffic to tokenize and replayFuzz. [mycapture]
        ReplayMode = 'client' (test servers); 'server' (test clients). [client]
        IP = IP address of target or IP address to bind to. [localhost]
        PORT = Destination port or Port to listen on. [21]
        SPORT = Source port. Use a ? for don't care. Only affects client mode. [?]
        TCP/UDP = Protocol type. [TCP]
        SEED = For repeatable randomness (allows a successful attack to be repeated). [78883310]
        DELAY = Any number of microseconds. [2000]
        ReadWait = How many seconds to wait in a read if data is not availible. [3]
        PrintChoice = Print choice in which to display the session - 'ascii'; 'hex'; 'auto'. [AUTO]
        UserFunc = Name of user defined code.  Use 'none' if none. [none]
        TokPrint = Print parsed toks at start of replay for FYI/debugging. Use either 'long' or 'short'. [short]
        TokAid = Name of code that will help parse protocol.  Use 'NONE' if none. [GENERIC_ASCII]
        MutationRate = Rate of Mutations: 'high', 'med', or 'low'. [med]
        OnSessionSetupError = If TCP session setup fails either 'CONTINUE' or 'QUIT'. [CONTINUE]

'-h P' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF

root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h p ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

Pattern (Tokenizer) GPF mode
Usage: GPF -P <CaptureFile> <ReplayMode> <hostname/IP> <PORT> <SPORT> <TCP/UDP> <SEED> <DELAY> <ReadWait> <PrintChoice> <UserFunc> <TokPrint> <TokAid> <MutationRate> <OnSessionSetupError>
        -P = Pattern Matching tokenizes each piece of each leg and inserts random attacks based on patterns.
        CaptureFile = File name of the captured traffic to tokenize and replayFuzz. [mycapture]
        ReplayMode = 'client' (test servers); 'server' (test clients). [client]
        IP = IP address of target or IP address to bind to. [localhost]
        PORT = Destination port or Port to listen on. [21]
        SPORT = Source port. Use a ? for don't care. Only affects client mode. [?]
        TCP/UDP = Protocol type. [TCP]
        SEED = For repeatable randomness (allows a successful attack to be repeated). [78883310]
        DELAY = Any number of microseconds. [2000]
        ReadWait = How many seconds to wait in a read if data is not availible. [3]
        PrintChoice = Print choice in which to display the session - 'ascii'; 'hex'; 'auto'. [AUTO]
        UserFunc = Name of user defined code.  Use 'none' if none. [none]
        TokPrint = Print parsed toks at start of replay for FYI/debugging. Use either 'long' or 'short'. [short]
        TokAid = Name of code that will help parse protocol.  Use 'NONE' if none. [GENERIC_ASCII]
        MutationRate = Rate of Mutations: 'high', 'med', or 'low'. [med]
        OnSessionSetupError = If TCP session setup fails either 'CONTINUE' or 'QUIT'. [CONTINUE]

'-h P' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h E ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

Evolutionary GPF mode
Usage: GPF -E <Mysql host> <Mysql user> <Mysql passwd> <ID> <StartingGen> <PaiMei host> <PaiMei PORT> <StalkType> <PlayMode> <HOST> <PORT> <SPORT> <TCP/UDP> <DELAY> <Wait> <DisplayLevel> <PrintChoice> <Pools> <Sessions> <Fixed/Max> <Legs> <Fixed/Max> <Toks> <Fixed/Max> <Generations> <SessionMutationRate> <PoolCrossoverRate> <PoolMutationRate> <UserFunc> <SeedFile> <proxy> <Diversity>
        Mysql Host = Hostname or IP address of the Mysql server. [WindowsBox]
        Mysql user = Mysql user. [user]
        Mysql passwd = Mysql passwd. [passwd]
        ID = This Mysql ID will be need to continue from previous runs. [0]
        Starting Generation = Use zero for a new run. n to continue from a previously saved run. [0]
        On save, if the ID/gen (in mysqldb) contains data, the saved generation is deleted to make room for new data.
        Also, if you restart and ID with gen==0 all data for that ID is deleted.
        PaiMei Host = Hostname or IP address of the PaiMei (debugger) server. [WindowsBox]
        PaiMei PORT = Destination port of the PaiMei (debugger) server. [31338]
        PaiMei stalk type = 'funcs' or 'basic_blocks'. [funcs]
        PlayMode = 'client' (test servers); 'server' (test clients). [client]
        HOST = Hostname or IP address of target or IP address to bind to. [localhost]
        PORT = Destination port or Port to listen on. [21]
        SPORT = Source port. Use a ? for don't care. Only affects client mode. [?]
        TCP/UDP = Protocol type. [TCP]
        DELAY = Any number of microseconds. [2000]
        Wait = How many clicks to wait in a read/write if data is not availible/couldn't send. [20]
        A click is .01 sec. So 20 would be .2 of a second.
        DisplayLevel = Various levels of printed details as we run - 'low'; 'med'; 'high'. [low]
        PrintChoice = Print choice in which to display the session - 'ascii'; 'hex'; 'auto'. [AUTO]
        Pools = Number of (genotype) pools. [4]
        Sessions/Pool = Number of (genotypes) sessions/pool. [25]
        Fixed/Max = Should the previous number be Fixed or a Max? [Fixed]
        Legs/session = Maximum number of legs/session. [10]
        Fixed/Max = Should the previous number be Fixed or a Max? [Fixed]
        Tokens/leg = Maximum number of tokens/leg. [10]
        Fixed/Max = Should the previous number be Fixed or a Max? [Fixed]
        Generations = Number of generations to run. [400]
        Session crossover (within a pool) occurs each generation to create totally new sessions in each pool.
        SessionMutationRate = Mutate 2 toks (1 data, 1 type) in each session only every X generations. [3]
        PoolCross0verRate = Crossover pools (creates newly ordered sessions in each pool) every X generations. [5]
        PoolMutationRate = Insert or delete a random session from each pool every X generations. [9]
        UserFunc = Name of user defined code. (Not yet tested for -E mode.)  Use 'none' if none. [none]
        SeedFile = File that contains seed strings that may be hard to randomly guess. Use 'none' if none. [X_cmds.seed]
        Proxy = Use 'yes' or 'no'. If yes, the HOST/PORT from above will point the the proxy. [no]
        Diversity = 0=no fitness boost for diverse sessions/pools; 1=give a boost. [1]

'-h E' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
*******************************************************************************

root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h X ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

'-h R' for the pure fuzz usage
'-h C' for the convert usage
'-h G' for the basic GPF usage
'-h P' for the Pattern Matching GPF usage
'-h p' for the newer Pattern Matching GPF usage ((don't use, not done))
'-h E' for the Evolutionary Fuzzer System (GPF portion) usage
'-h X' for the Replay Evolutionary data from mysqldb
'-h' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF
*******************************************************************************
root@ubuntu:/home/xq/桌面/GPF/bin# ./GPF -h ?

General Purpose Fuzzer (GPF) - By: Jared DeMott

'-h R' for the pure fuzz usage
'-h C' for the convert usage
'-h G' for the basic GPF usage
'-h P' for the Pattern Matching GPF usage
'-h p' for the newer Pattern Matching GPF usage ((don't use, not done))
'-h E' for the Evolutionary Fuzzer System (GPF portion) usage
'-h X' for the Replay Evolutionary data from mysqldb
'-h' for this usage

NOTE: Be sure to enter vaild command line options as only marginal vaildation is preformed inside GPF

[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//