Developement in still progress! I will update readme for this project soon!
Sweetmon2 is a fuzzer monitoring framework based Python3 + Django2. User can check their fuzzers and crashes on the web. It can reduce repetitive work for fuzz testers.
THIS IS NOT STABLE VERSION! USE AT YOUR OWN RISK.
First of all, Please clone this project into your server.
git clone https://github.com/sweetchipsw/sweetmon2.git
Sweetmon2 supports docker to make install this project easier. It creates docker container that contains Web and Database on your server automatically. But, some of sensitive information(secret key, default ID and password) are included in installer script which needs to access DB server or create server. So you must CHANGE these before you run the installer script.
# ...
SECRET_KEY = 'vugf#x=7v(k#lbte%u1dc5+lebyb7y-9m!aa3oyro6nxc71=%='
ALLOWED_HOSTS = ['localhost', '127.0.0.1', "*"]
# ...
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
# ...
Please change SECRET_KEY
and ALLOWED_HOSTS
(Optional, add your domain and remove "*") and make sure that DEBUG
flag shuold be False
to prevent disclosing sensitive debugging information.
version: "3"
services:
sweetmon2-db:
container_name: sweetmon2-db
image: mariadb:latest
environment:
MYSQL_ROOT_PASSWORD: "sweetmon"
MYSQL_DATABASE: "sweetmon2"
MYSQL_USER: "sweetmon"
MYSQL_PASSWORD: "sweetmon"
volumes:
- "./conf/mysql:/var/lib/mysql"
networks:
- sweetmon2
sweetmon2-web:
container_name: sweetmon2-web
build:
context: "./"
dockerfile: Dockerfile
environment:
MYSQL_DATABASE: "sweetmon2"
MYSQL_USER: "sweetmon"
MYSQL_PASSWORD: "sweetmon"
LANG: "en_US.UTF-8"
LC_ALL: "en_US.UTF-8"
volumes:
- "./data/:/data/"
ports:
- "80:80"
- "443:443"
depends_on:
- sweetmon2-db
networks:
- sweetmon2
networks:
sweetmon2:
Please change MYSQL_ROOT_PASSWORD
, MYSQL_USER
, MYSQL_PASSWORD
before you create database container. Note that you should change both of services's(sweetmon2-web, sweetmon2-db) credential.
You should install some of dependencies to create sweetmon2 container by docker and docker-compose.
# Download docker
sudo apt install docker.io
# Download docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
# Make it to executable
sudo chmod +x /usr/local/bin/docker-compose
Before you start the installation, please make directories to persist data which will be created on sweetmon2 container.
# Make ./data/ directory to persist sweetmon2 data (crashes, files, etc)
sudo mkdir -p ./data/file/crash
sudo mkdir -p ./data/file/users
sudo chmod 777 ./data/ -R
After you install the dependencies, move your working directory to /sweetmon2/install/
.
There are two options for creating webserver.
- HTTP Webserver
- HTTPS Webserver (Recommended)
Creating normal(not HTTPS one) container is really simple.
# Create docker container by using docker-compose
sudo docker-compose up -d
# TODO
# sudo docker-compose -f sweetmon.yml
Almost done! Go to Common
section.
You can issue SSL certificate easily by using Letsencrypt
. It can be installed by apt
on Ubuntu server.
To install letsencrypt, try apt install letsencrypt
command. and to issue certificate for your server, try under command. (Note that Letsencrypt uses 80 and 443 port to check request validation. So you must stop your application which uses 80 or 443 port before execute the letsencrypt.)
sudo letsencrypt certonly -a standalone -d domain.com
(Replace domain.com with your domain!)
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/domain.com/fullchain.pem. Your
cert will expire on 2017-mm-dd. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
When the certificate issued successfully, you will receive above message! And you can check your certificate on /etc/letsencrypt/live/domain/
directory.
$ sudo ls /etc/letsencrypt/live/domain/
cert.pem chain.pem fullchain.pem privkey.pem
Copy all of these files to /sweetmon2/install/ssl/cert/
directory. Finally, execute docker-compose
# Create docker container by using docker-compose
sudo docker-compose -f install/sweetmon_ssl.yml up -d
# TODO
# sudo docker-compose -f sweetmon.conf
Almost done! Go to Common
section.
When the docker-compose job completed, you will see two containers. One is web container, and the other one is database container.
# Check container ID of 'sweetmon2-web' container.
sweetchip@ubuntu:~/sweetmon2/install$ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
4b372faec196 install_sweetmon2-web "apachectl -D FORE..." About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 443/tcp sweetmon2-web
75373984ae0f mariadb:latest "docker-entrypoint..." About a minute ago Up About a minute 3306/tcp sweetmon2-db
# 4b372faec196 is sweetmon2-web's container ID.
# 4b372faec196 install_sweetmon2-web "apachectl -D FORE..." About a minute ago Up About a minute 0.0.0.0:80->80/tcp, 443/tcp sweetmon2-web
# Create database scheme
# Replace [CONTAINER ID] to your 'CONTAINER ID'. (In this example, 4b372faec196 is valid value.)
sudo docker exec -it [CONTAINER ID] python3 /app/sweetmon2/manage.py makemigrations
# Apply DB scheme on maria server
sudo docker exec -it [CONTAINER ID] python3 /app/sweetmon2/manage.py migrate
# Create new user (Super user)
sudo docker exec -it [CONTAINER ID] python3 /app/sweetmon2/manage.py createsuperuser
All done! Open your web browser, and go to http(s)://SERVER-IP-ADDRESS/
. (Also, make sure your port-forwarding setting is valid.)
import requests
import socket
import random
import time
import json
# Define common headers
ENDPOINT_URL = "http://SWEETMON2-DOMAIN/api/v1"
# API KEY from sweetmon2
header = {"apikey":"a44087ec8cf60d7a9962babfde55be8284d1a966e4cb53c8b60978f427ae7c85"}
# CRASH UPLOAD TEST
post = {"title":"""===31337===ERROR: AddressSanitizer: heap-use-after-free on address 0x60700000dfb5 at pc 0x45917b bp 0x7fff4490c700 sp 0x7fff4490c6f8 READ of size 1 at 0x60700000dfb5 thread T0""",
"crashlog":"CRASH LOG CONTENTS"}
files = {'file': "CRASH FILE CONTENTS"}
r = requests.post(ENDPOINT_URL+"/crash/upload", files=files, data=post, headers=header)
result = json.loads(r.text)
if result['result']:
print("[*] Upload : Success")
else:
print("[*] Upload : Fail")
This is a example of script to upload crash. For more API informations, Check this API Documentations.
Sweetmon2 supports APIs to interact with your fuzzer and Sweetmon2. There are two type of APIs one is user API which is way to interact with your fuzzer and Sweetmon. It supports saving fuzzer or uploading crashes and logs to server. The other one is server API which can getting the information of your fuzzer status or creating new fuzzer instance on your Sweetmon2.
To get more informations, check this API Documentations.