Sayfalar

[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona.

It's currently a little short on documentation, so I will let the changelog details some of the many differences between Doona and BED:




[ 0.7 ]



- resolved the need for a hardcoded plugin list



- added max requests option to allow parallel execution (easier than hacking in thread support)



- added sigpipe handler to prevent silent exit if server unexpectedly closes the connection



- added http proxy module



- added more ftp test cases



- added more rtsp test cases



- added more http test cases



- added more irc test cases



- fixed a long standing BED bug where two test strings where accidentally concatenated



- fixed a long standing BED bug where a hex representation of a 32bit integer was not max value as intended



- aliased -m to -s (-s is getting deprecated/reassigned)



- renamed plugins to modules (-m is for module)



- removed directory traversal testing code from ftp module



- rewrote/broke misc testing procedure to test specific edge cases, needs redesign



- added support for multiple setup/prefix/verbs, ie: fuzzing Host headers with GET/POST/HEAD requests



- fixed long standing BED bug in the smtp module where it wouldn't greet the mail server correctly with HELO



- added more smtp test cases



- fixed long standing BED bug in escaped Unicode strings



- added more large integer and formatstring fuzz strings



- fixed column alignment in the progress output