Search the Community

This is a small extension script to monitor suff.py, or the Simple Universal Fortigate Fuzzer, and to collect crashlogs for future analysis. Download: suff_monitor.py.txt Mirror: #!/usr/bin/env python3 # suff_monitor.py -- basic monitoring for fuzzing scenarios (suff/burp/mutiny) # # -- updates -- # 22.11.2023 @ 02:23 :: shame init version ready to go # 21.11.2023 @ 19:18 :: log me if you can # 21.11.2023 @ 15:14 :: added: time, sleep, log2fp # 21.11.2023 @ 01:19 :: started this lame code # # idea - run suff_monitor.py against the box you're testing (fgvm): # - add time to sleep and date to log updates # - log in (so same creds as for suff.py, postauth testing, etc) # - get ver/info -> log2file # ** (should be ready at this stage, so): ** # while true: # check_diag_deb(+log2file,+a) # sleep 1 # end_of_file # # ------------- # # for more details: # https://code610.blogspot.com/2023/12/monitoring-suff.html # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # https://github.com/c610/free/blob/master/suff-v0.1.py # https://github.com/c610/free/blob/master/fg7stack_poc.py # # from netmiko import Netmiko import sys,os import time import paramiko ################### ############## ######## #### ## # fplog = open('saveme.log','+a') command = 'diag debug crashlog show' # did you enable logs in your FGVM? def connect_to_crashlog(): # set up for the target try: fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'P@ssw0rd', 'device_type':'fortinet', 'timeout':3 } net_connect = Netmiko( **fw_01 ) print("+ Connected to FG!") print("+ logfile: savethis.log") fplog.write('----starting suff_monitor.py ----\n') fplog.write(net_connect) fplog.write('\n-- results below: --\n') # if we're connected: check diag debug crashlog (or any other you'd like to) send_logcheck_cfg = net_connect.send_config_set( command ) fplog.write(send_logcheck_cfg) fplog.write('\n---- next while loop ----\n') print("+ looks like we just sent this command:\n\t%s\n\n" % send_logcheck_cfg ) print("send_init_cfg finished") ## check crashlog finished except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) ## end of connect_to_crashlog() # ########## #### main ########## print('y0;[') print('starting: connect_to_crashlog()') while True: print('debug: connect_to_crashlog() starting...') connect_to_crashlog() print("... sleeping 1...") time.sleep(1) print('sleep done. next True iter...') #### print("finished main()") Source

Simple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI. c@ubuntu:~/LABS/_SUFLET2$ cat suff.py #!/usr/bin/env python3 # suff.py -- simple universal fortigate fuzzer # # initial idea : xx.10.2022 # finished idea: xx.04.2023 # # special thanks goes to Reykez (https://github.com/Reykez) # # for more details: # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # from netmiko import Netmiko import sys,os import time import paramiko def readFile(filename): words = [] fileText = open(filename.strip(), 'r') for line in fileText.readlines(): for word in line.strip().split(): words.append(word.strip()) words.append('\n') return words ## def writeFile(words, filename): text = ''; for word in words: text += word; if word!='\n': text += ' ' ; f = open(filename, 'w') f.write(text) f.close() ## run modified payload: send is as cfg: fpread = open(filename, 'r') lines = fpread.read() command = lines print("DEBUG :::: type of: %s" % type(command) ) print( command ) print("DEBUG :::: eof\n") ## # set up for the target fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'admin', 'device_type':'fortinet' } # connecting to the target host try: net_connect = Netmiko( **fw_01 ) print("+ connected, checking prompt...") except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) print("... sleeping 1...") time.sleep(2) print("> sending fuzzed command...") send_init_cfg = net_connect.send_config_set( command ) # init_cfg... print("+ looks like we just sent this command:\n\t%s\n\n" % send_init_cfg ) ## finished fuzzed super-payload attack ## #### def modifyFilename(filename, number): name, extension = os.path.splitext(filename) return "{name}{uid}{extension}".format(name=name, uid=str(number).zfill(2), extension=extension) #### parse and validate command line args, proceed program args = sys.argv[1:] filename = args[0] if 0 in range(len(args)) else input ('Filename?') textToReplace = args[1] if 1 in range(len(args)) else input ('text to replace? ') outputBasename = args[2] if 2 in range(len(args)) else input ('output basename') words = readFile(filename); # reaplce any occurency and print fileIndex = 0 for wordIndex in range(len(words)): if words[wordIndex] == '\n': continue fileIndex += 1 wordsCopy = words.copy() try: wordsCopy[wordIndex] = textToReplace writeFile(wordsCopy, modifyFilename(outputBasename, fileIndex ) ) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) pass print('Successfully generated', modifyFilename(outputBasename, 1), '-', modifyFilename(outputBasename, fileIndex), ' files!') Source