基础操作
1.创建虚拟环境
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt-get update
sudo apt-get install python3.7
sudo apt-get install virtualenv
virtualenv -p /usr/bin/python2.7 venv
2. 字符串操作
a = 'hello word'
b = a.replace('word','python') # 将word替换为python
3. try的用法
try:
f1 = open(jobpath + "/" + i, "r")
except Exception as e: # 文件可能已经被删除
print(e)
4. 获取数组长度
len(array)
5. dict的用法
if key in dict:
dic[key] = value
for k, v in dict.items():
6. split(" ")的结果。空格之前是空,所以会保留一个空字符("")。
print(" <0x00000000004307be> [func:output file: line:0 module:/home/ybxm/myClusterfuzzClinet/client1/jobprojects/Honggfuzz/1-21-honggfuzz/badcode1]")
['', '<0x00000000004307be>', '[func:output', 'file:', 'line:0', 'module:/home/ybxm/myClusterfuzzClinet/client1/jobprojects/Honggfuzz/1-21-honggfuzz/badcode1]']
7. pip3安装
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py # 下载指定版本的get-pip.py
python3 get-pip.py
文件操作
1. os.remove('a.txt') # 删除文件
2. os.chdir(job_path) # 进入指定目录中
3. os.listdir(crash_path) # 列出crash_path目录下的文件列表
4. os.path.exists("/home/ybxm/123.txt") # 判断文件是否已经存在,也可以是路径
5. os.mkdir("./test") # 创建目录
5. os.path.isfile(save_infolog_path) # 文件是否已经存在
6. os.rename(old_file,new_file)
7. 文件的打开与读取
f1 = open(file1, "r") # r只读,r+读写(从头开始覆盖读写);w(只写,文件没有就创建,有就删除重新创建),w+(读写);a:附加写方式打开,不可读;a+: 附加读写方式打开。
print( f1.read() ) # f1.readline(), 读取单行内容
f1.close()
f2 = open(info_path, "w+") # 将读取到的文件信息作为日志信息存入info目录中; 覆盖原有的内容
f2.write("123")
f2.close()
f3 = open(filename, "rb") # 打开模式选择二进制读取"rb"。
8. 编码与解码
u = '中文' # 指定字符串类型对象u
str1 = u.encode('gb2312') # 以gb2312编码对u进行编码,获得二进制类型对象
>>> print(str1)
b'\xd6\xd0\xce\xc4'
u1 = str1.decode('gb2312') # 以gb2312编码对字符串str进行解码,获得字符串类型对象
>>> print('u1')
'中文'
/* qsym中用法错误,我以为输入的参数是测试用例的内容,但其实是测试用例所在的路径*/
进程创建
1. 进程创建和子进程信息输出
import subprocess
import psutil
os.chdir(job_path) # 必须切换到可执行文件所在的目录下
cmd = (target_path + " < " + crash_path)
with open("./reproduce_result.txt", "ab") as out: # 追加,文件不存在就创建
pro = subprocess.Popen(cmd, shell=True, stdout=out, stderr=out) # 将结果输出到文件
pro = subprocess.Popen(start_cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE) # 将结果输出到shell屏幕上
2. 进程创建中shell = True的作用
1. shell=True参数会让subprocess.Popen接受字符串类型的变量作为命令,并调用shell去执行这个字符串,当shell=False是,
subprocess.Popen只接受数组变量作为命令,并将数组的第一个元素作为命令,剩下的全部作为该命令的参数。如下:
>>>args = ['/bin/cat', '-input', 'test.txt', '-output', 'diege.txt', '-cmd', "echo '$MONEY'"]
>>>p=subprocess.Popen(args)
3. 进程的结束
fp = subprocess.Popen.poll(pro)
poll的返回值fp: 0正常结束, 1sleep, 2子进程不存在, none正在运行
for proc in psutil.process_iter(): # 通过进程名的方式来kill进程
if proc.name() == execname: # 不同的模糊测试实例该名字不一样
proc.terminate()
print("libfuzz process end successfully!")
break
服务器端的请求与下载
1. 子节点与后端2通信
子节点向后端2请求job:
data = [("nodename", nodename), ("ip", ip), ("cores", cores), ("mem", mem)] url = url_get_job + urllib.parse.urlencode(data) # url_get_job = "http://localhost:5001/cget/getjob?" api_result = req.urlopen(url).read() result = json.loads(api_result) # 将后端2返回的job信息转化为json格式
后端2返回job信息:
name = request.args.get("nodename") ipaddr = request.args.get("ip") men = request.args.get("mem") corenum = request.args.get("cores") return jsonify({"exist": "no"})
子节点向后端2请求固件:
url_get_arch = "http://localhost:5001/cget/getarch?" data = [("type", type), ("name", name)] url = url_get_arch + urllib.parse.urlencode(data) f = req.urlopen(url) data = f.read() # 读取文件内容
后端2返回固件:
type = request.args.get("type") name = request.args.get("name") return send_from_directory(r"" + path + "", filename=name+".zip", as_attachment=True)
子节点提交漏洞文件:
url_post_crash = "http://localhost:5001/cpost/postcrash" data = {"nodename": nodename, "jobname": jobname, "crashnum":\ (jobname + "_" + nodename + "_" + "crash_" + str(crash_number))} res = requests.post(url_post_crash, files={"file": open(crash_path + i, 'rb')}, data=data) print(res.text) # res.text = "上传漏洞用例成功!"
后端2接收文件:
file = request.files.get('file') jobname = request.form["jobname"] crashnum = request.form["crashnum"] return "上传漏洞用例成功!"
前端传递任务信息与固件给后端1:
vue.js页面
let formData = new FormData();
formData.append("file", this.form.file);
formData.append("jobname", this.form.jobname);
formData.append("fuzz", this.form.fuzz);
formData.append("botnum", this.form.botnum);
formData.append("runtime", this.form.runtime);
formData.append("exec", this.form.exec);
uplodaJobInfo(formData).then(resp => {
this.$message(resp.data.msg); // 弹窗显示“任务创建从成功”
this.$router.push({ path: "/joblist" });
})
api页面:
import request from '@/utils/request'
export const uplodaJobInfo = (formData) => {
return request.post('/createjob/', formData, {
headers: {
'Content-Type': 'multipart/form-data'
}
})
}
后端1接收文件:
file = request.files.get('file')
# file.read()
job_info = request.form.to_dict()
jobname = job_info.get("jobname")
fuzz = job_info.get("fuzz")
botnum = job_info.get("botnum")
runtime = job_info.get("runtime")
execname = job_info.get("exec")return jsonify({
'msg': '任务创建成功'
}), 200
Python图表绘制
#!/usr/bin/python
import matplotlib
matplotlib.use("TkAgg")
import matplotlib.pyplot as plt
# y1=[1, 4, 9, 16, 25]
# y2=[1, 6, 10, 26, 35]
# x = range(0, 5)
f1 = "output-pdftotext-1h-aflfast_qsymold" + "/master/plot_data"
f2 = "output-pdftotext-1h-aflfast_qsymchange" + "/slave1/plot_data"
x = range(0, 61, 5)
def get_y(f1):
tmp_x = 0
y1 = []
f = open(f1, "r")
lines = f.read().split("\n")
start_time = lines[1].split(", ")[0]
# print(start_time)
for i in range(1, len(lines)-1):
res = lines[i].split(", ")
# print("res[0] " + res[0] + " start_time " + start_time)
difftime = int(res[0]) - int(start_time)
if difftime >= tmp_x:
y1.append(int(res[7]))
tmp_x += 300
# print(difftime)
# print(tmp_x)
if i == len(lines)-2 and tmp_x <= 3600:
y1.append(int(res[7]))
print(tmp_x)
return y1
y1 = get_y(f1)
y2 = get_y(f2)
plt.plot(x, y1, marker='o', mec='b', label='qsym-old')
plt.plot(x, y2, marker='o', mec='y', label='qsym-new')
plt.title('pdftotext crashes in queue over time')
plt.xlabel('time')
plt.ylabel('crash num')
plt.legend() # pic example
plt.show()
"""
for i in range(0, 5):
plt.text(x[i], y1[i]-1, (x[i], y1[i]-1), fontsize=1, label='y = 2x')
"""
Python问题
1. ImportError: No module named '_tkinter', please install the python3-tk package? # 在ubuntu16.04中使用matplotlib时报错
解决办法:sudo apt-get install python3.6-tk
参考链接
1. subprocess.Popen介绍:https://blog.csdn.net/qq_34355232/article/details/87709418
2. python绘图介绍:https://www.cnblogs.com/onemorepoint/p/7482644.html