Skip to content

Instantly share code, notes, and snippets.

@ais2397
Created July 2, 2020 20:17
Show Gist options
  • Save ais2397/1bed83535b7b65a7d488deb310a0dd78 to your computer and use it in GitHub Desktop.
Save ais2397/1bed83535b7b65a7d488deb310a0dd78 to your computer and use it in GitHub Desktop.
import re
import os
import sys
linux_syscalls = ["read", "write", "open", "close", "stat", "fstat", "lstat", "poll", "lseek", "mmap", "mprotect", "munmap", "brk", "rt_sigaction", "rt_sigprocmask", "rt_sigreturn", "ioctl", "pread64", "pwrite64", "readv", "writev", "access", "pipe", "select", "sched_yield", "mremap", "msync", "mincore", "madvise", "shmget", "shmat", "shmctl", "dup", "dup2", "pause", "nanosleep", "getitimer", "alarm", "setitimer", "getpid", "sendfile", "socket", "connect", "accept", "sendto", "recvfrom", "sendmsg", "recvmsg", "shutdown", "bind", "listen", "getsockname", "getpeername", "socketpair", "setsockopt", "getsockopt", "clone", "fork", "vfork", "execve", "exit", "wait4", "kill", "uname", "semget", "semop", "semctl", "shmdt", "msgget", "msgsnd", "msgrcv", "msgctl", "fcntl", "flock", "fsync", "fdatasync", "truncate", "ftruncate", "getdents", "getcwd", "chdir", "fchdir", "rename", "mkdir", "rmdir", "creat", "link", "unlink", "symlink", "readlink", "chmod", "fchmod", "chown", "fchown", "lchown", "umask", "gettimeofday", "getrlimit", "getrusage", "sysinfo", "times", "ptrace", "getuid", "syslog", "getgid", "setuid", "setgid", "geteuid", "getegid", "setpgid", "getppid", "getpgrp", "setsid", "setreuid", "setregid", "getgroups", "setgroups", "setresuid", "getresuid", "setresgid", "getresgid", "getpgid", "setfsuid", "setfsgid", "getsid", "capget", "capset", "rt_sigpending", "rt_sigtimedwait", "rt_sigqueueinfo", "rt_sigsuspend", "sigaltstack", "utime", "mknod", "uselib", "personality", "ustat", "statfs", "fstatfs", "sysfs", "getpriority", "setpriority", "sched_setparam", "sched_getparam", "sched_setscheduler", "sched_getscheduler", "sched_get_priority_max", "sched_get_priority_min", "sched_rr_get_interval", "mlock", "munlock", "mlockall", "munlockall", "vhangup", "modify_ldt", "pivot_root", "_sysctl", "prctl", "arch_prctl", "adjtimex", "setrlimit", "chroot", "sync", "acct", "settimeofday", "mount", "umount2", "swapon", "swapoff", "reboot", "sethostname", "setdomainname", "iopl", "ioperm", "create_module", "init_module", "delete_module", "get_kernel_syms", "query_module", "quotactl", "nfsservctl", "getpmsg", "putpmsg", "afs_syscall", "tuxcall", "security", "gettid", "readahead", "setxattr", "lsetxattr", "fsetxattr", "getxattr", "lgetxattr", "fgetxattr", "listxattr", "llistxattr", "flistxattr", "removexattr", "lremovexattr", "fremovexattr", "tkill", "time", "futex", "sched_setaffinity", "sched_getaffinity", "set_thread_area", "io_setup", "io_destroy", "io_getevents", "io_submit", "io_cancel", "get_thread_area", "lookup_dcookie", "epoll_create", "epoll_ctl_old", "epoll_wait_old", "remap_file_pages", "getdents64", "set_tid_address", "restart_syscall", "semtimedop", "fadvise64", "timer_create", "timer_settime", "timer_gettime", "timer_getoverrun", "timer_delete", "clock_settime", "clock_gettime", "clock_getres", "clock_nanosleep", "exit_group", "epoll_wait", "epoll_ctl", "tgkill", "utimes", "vserver", "mbind", "set_mempolicy", "get_mempolicy", "mq_open", "mq_unlink", "mq_timedsend", "mq_timedreceive", "mq_notify", "mq_getsetattr", "kexec_load", "waitid", "add_key", "request_key", "keyctl", "ioprio_set", "ioprio_get", "inotify_init", "inotify_add_watch", "inotify_rm_watch", "migrate_pages", "openat", "mkdirat", "mknodat", "fchownat", "futimesat", "newfstatat", "unlinkat", "renameat", "linkat", "symlinkat", "readlinkat", "fchmodat", "faccessat", "pselect6", "ppoll", "unshare", "set_robust_list", "get_robust_list", "splice", "tee", "sync_file_range", "vmsplice", "move_pages", "utimensat", "epoll_pwait", "signalfd", "timerfd_create", "eventfd", "fallocate", "timerfd_settime", "timerfd_gettime", "accept4", "signalfd4", "eventfd2", "epoll_create1", "dup3", "pipe2", "inotify_init1", "preadv", "pwritev", "rt_tgsigqueueinfo", "perf_event_open", "recvmmsg", "fanotify_init", "fanotify_mark", "prlimit64", "name_to_handle_at", "open_by_handle_at", "clock_adjtime", "syncfs", "sendmmsg", "setns", "getcpu", "process_vm_readv", "process_vm_writev", "kcmp", "finit_module", "sched_setattr", "sched_getattr", "renameat2", "seccomp", "getrandom", "memfd_create", "kexec_file_load", "bpf", "execveat", "userfaultfd", "membarrier", "mlock2", "copy_file_range", "preadv2", "pwritev2", "pkey_mprotect", "pkey_alloc", "pkey_free", "statx", "io_pgetevents", "rseq", "use", "entry","pidfd_send_signal", "io_uring_setup", "io_uring_enter", "io_uring_register","open_tree", "move_mount", "fsopen", "fsconfig", "fsmount", "fspick", "pidfd_open","clone3", "openat2", "pidfd_getfd", "rt_sigaction", "rt_sigreturn", "ioctl", "readv","writev", "recvfrom", "sendmsg", "recvmsg", "execve", "ptrace", "rt_sigpending","rt_sigtimedwait", "rt_sigqueueinfo", "sigaltstack", "timer_create", "mq_notify","kexec_load", "waitid", "set_robust_list", "get_robust_list", "vmsplice","move_pages", "preadv", "pwritev", "rt_tgsigqueueinfo", "recvmmsg", "sendmmsg","process_vm_readv", "process_vm_writev", "setsockopt", "getsockopt", "io_setup","io_submit", "execveat", "preadv2", "pwritev2"]
listed_syscalls = []
listed_syscalls_names = []
missing_syscalls = []
def usage():
print "USAGE: python linux.py <path to sys/linux>: Syzkaller Stats for linux"
def syzkaller_check(path):
for filename in os.listdir(path):
if filename.endswith(".txt"):
content = open(os.path.join(path, filename)).readlines()
syzkaller_file_parser(content)
#find_missing_syscalls()
print_syscalls()
def syzkaller_file_parser(content):
sys = re.compile("\A((?!(#|syz|define)).*?)\(.*\).*")
name_parse = re.compile("(.*)\$(.*)")
for line in content:
sys_match = sys.match(line)
if sys_match:
#print sys_match.groups()
syscall_name=sys_match.groups()[0].strip()
if name_parse.match(syscall_name):
listed_syscalls_names.append(name_parse.match(syscall_name).groups()[0].strip())
else:
listed_syscalls_names.append(syscall_name)
def find_missing_syscalls():
for i in set(listed_syscalls_names):
if i not in set(linux_syscalls):
missing_syscalls.append(i)
def print_syscalls():
print "="*50
print "Linux Stats"
print "="*50
print "[*] No. of syscalls fuzzed : " + str(len(set(listed_syscalls_names)))
print "[*] Total no. of syscalls : " + str(len(linux_syscalls))
print "[*] Coverage percentage : " + str((len(set(listed_syscalls_names))*100)/len(linux_syscalls))
def main():
if len(sys.argv) < 2:
usage()
exit()
path = sys.argv[1]
syzkaller_check(path)
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment