Published on February 4th, 2016 📆 | 6770 Views ⚑0
Kitty — Python Fuzzing Framework
The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP communication channels — without writing everything from scratch each time. A generic and abstract framework that would include common functionalities of every fuzzing process and would allow the user to easily extend and use it to test their specific target.
Each part of the fuzzer stands on its own. This means that you can use the same monitoring code for different applications, or the same payload generator (aka Data Model) for testing parsing of the same data that is received over different channels.
If you need to test something “new”, you will not need to change Kitty’s core code. Most, if not all, features can be implemented in the user code. This includes monitoring, controlling and communicating with the fuzzed target.
Rich data modeling
The data model core is rich and allows describing advanced data structures, including strings, hashes, lengths, conditions and many more. And, like most of the framework, it is designed to be extended even further as necessary.
Support for multi-stage fuzzing tests. Not only you can describe what the payload of an individual message will look like, you can also describe the order of messages, and even perform fuzzing on the sequence’s order.
Client and Server fuzzing
You can fuzz both servers and clients, assuming you have a matching stack. Sounds like a big requirement, but it isn’t: it just means that you should have the means to communicate with the target, which you should have in most cases anyway.
Runs on Linux, OS X and Windows.
What it’s not?
Well, Kitty is not a fuzzer. It also contains no implementation of specific protocol or communication channel. You can write your own fuzzer with it, and you can use Kitty-based code of others, but it’s not an out-of-the-box fuzzer.
Kitty, as a framework, implements the fuzzer main loop, and provides syntax for modeling data and base classes for each of the elements that are used to create a full fuzzing session. However, specific implementations of classes are not part of the Kitty framework. This means that Kitty defines the interface and base class to perform data transactions with a target, but it doesn’t provide implementations for data transmition over HTTP, TCP or UART.
Implementations of all sorts of classes can be found in the complimentary repository Katnip, which has the sole porpuse of providing specific implementaions. As such, Katnip contains different implementations for targets (such as
SslTarget), controllers (such as
SshController), monitors and templates. Use them when you write your fuzzer, as they will save you a lot of time, and may serve as a reference for your own implementations.