Flag to support command-line argument fuzzing

[bannsec]

Currently autoPwn should work as normal with afl style command fuzzing, which boils down to @@ generation of a file name per run. This doesn't actually fuzz the command-line arguments and there is experimental support for fuzzing command-line arguments for afl if you compile your target binary with some modifications.

It would be helpful if autoPwn could automate this for black-box fuzzing. Generally, that would seem to boil down into the following steps:

1. Modify binary in some way to initially take input from stdin and input that into argv correctly. a. Possibly via LD_PRELOAD somehow b. Possibly via on-the-fly binary patching (i.e.: patchkit, preeny in-memory patch, patcherex if they ever fix it...)
2. User would need to specify where to fuzz via some param (similar to @@)
3. autoPwn would spawn with that argument filled with a buffer of "A", to simply make sure argv has room for the fuzz. Likely would also pass in this argument placement via environment variable (i.e.: AUTOPWN_ARGV=1)
4. Hooked code would lookup the environment variable, strlen check the existing input for that argument, then read in up to that length of input from stdin, ensuring to null terminate.

It's messy, but i haven't seen a great solution to this challenge yet.

[bannsec]

Initial support for @@@ argument has been added. Currently, it only works for amd64 and likely has some bugs.

If anyone wants to try, simply use it the same way that you would use the AFL @@ command. I.e.:

autoPwn --disable-drill ls @@@

Recommending --disable-drill for now since it will not correctly hand-off input to driller.

[bannsec]

Added support for arbitrary number of @@@ fuzz locations: 2c66175

[bannsec]

Supports i386 now as well