Nmap Development mailing list archives
Re: Simple script: random (garbage) fuzzer
From: Ron <ron () skullsecurity net>
Date: Sat, 07 Nov 2009 07:23:43 -0500
Fyodor wrote:
On Fri, Nov 06, 2009 at 10:13:46AM -0500, Ron wrote:Hey, Somebody requested a NSE script to fuzz with random garbage on all ports. It isn't *terribly* useful, but it could be a good way to exhaust bandwidth/test for really bad services.Nice. Did they request it on a public forum somewhere that you can link to? It would be interesting to know more about the use case they have in mind.
No, I'm doing a class right now and the instructor mentioned it. His case was primarily finding low-hanging fruit services on certain systems. It might be need to write fuzzers for specific protocols, too. HTTP fuzzer, SMB fuzzer, etc etc. That's something I hadn't really thought of using NSE for before.
Maybe it should include a stopafter limit by default? That way it doesn't go forever for people who acidentally specify it (perhaps among other scripts) without specifying the stopafter arg.
Sure, any suggestions on how long it should go for? Most services do terminate the connection pretty fast when they receive garbage, so it actually doesn't run forever. But that obviously isn't a safe assumption.
Also, you might want to make this output line more clear: return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt) You might want to note that it failed to send more data and thus the service may have crashed. Otherwise it looks pretty similar to the successful finish case: return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt)
I'll revisit the language.
I realize this doesn't do a whole heck of a lot, but anybody mind if I check this in?I'm on the fence on this one, but I'm not opposed to checking it in (as long as it is changed to complete at some point by default). I suppose one can always do this sort of thing with the likes of "cat /dev/urandom | ncat --send-only target port", but the NSE script lets Nmap find the open ports for it, and also handles many ports at once.
Yeah, I agree.
Cheers, -F
Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Simple script: random (garbage) fuzzer Ron (Nov 06)
- Re: Simple script: random (garbage) fuzzer Fyodor (Nov 06)
- Re: Simple script: random (garbage) fuzzer Ron (Nov 07)
- Re: Simple script: random (garbage) fuzzer Fyodor (Nov 08)
- Re: Simple script: random (garbage) fuzzer Jon Kibler (Nov 07)
- Re: Simple script: random (garbage) fuzzer Ron (Nov 07)
- Re: Simple script: random (garbage) fuzzer Fyodor (Nov 06)