[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona.

It's currently a little short on documentation, so I will let the changelog details some of the many differences between Doona and BED:

[ 0.7 ]

- resolved the need for a hardcoded plugin list

- added max requests option to allow parallel execution (easier than hacking in thread support)

- added sigpipe handler to prevent silent exit if server unexpectedly closes the connection

- added http proxy module

- added more ftp test cases

- added more rtsp test cases

- added more http test cases

- added more irc test cases

- fixed a long standing BED bug where two test strings where accidentally concatenated

- fixed a long standing BED bug where a hex representation of a 32bit integer was not max value as intended

- aliased -m to -s (-s is getting deprecated/reassigned)

- renamed plugins to modules (-m is for module)

- removed directory traversal testing code from ftp module

- rewrote/broke misc testing procedure to test specific edge cases, needs redesign

- added support for multiple setup/prefix/verbs, ie: fuzzing Host headers with GET/POST/HEAD requests

- fixed long standing BED bug in the smtp module where it wouldn't greet the mail server correctly with HELO

- added more smtp test cases

- fixed long standing BED bug in escaped Unicode strings

- added more large integer and formatstring fuzz strings

- fixed column alignment in the progress output

Disqus Comments