Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Simple script: random (garbage) fuzzer

From: Ron <ron () skullsecurity net>
Date: Fri, 06 Nov 2009 10:13:46 -0500
Hey,

Somebody requested a NSE script to fuzz with random garbage on all
ports. It isn't *terribly* useful, but it could be a good way to exhaust
bandwidth/test for really bad services.

I may do more fuzzer scripts later, but I've attached this one.

I realize this doesn't do a whole heck of a lot, but anybody mind if I
check this in?

Thanks
Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

description = [[
A very simple fuzzer -- this will send garbage (random) junk on every open port. Runs until the server closes the 
connection, and never receives any data. 
]]
---
--@usage
-- nmap --script fuzz-garbage <host>
--
--@output
-- n/a
--
-- @args chunksize The size of the chunks to send (default: 1024). 
-- @args stopafter Stop after sending this many bytes. This will be rounded up to the next
--       chunksize. 
-----------------------------------------------------------------------

author = "Ron Bowes"
copyright = "Ron Bowes"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
categories = {"intrusive","dos"}

-- Set the runlevel to >2 so this runs last (so if it DOES crash something, it doesn't
-- till other scans have had a chance to run)
runlevel = 2

portrule = function(host)
        return true
end

function get_data(size)
        local data = ""

        for i=1, size, 1 do
                data = data .. string.char(math.random(0xFF))
        end

        return data
end

function go(host, port)
        local status, err
        local chunksize = nmap.registry.args.chunksize or 1024
        local stopafter = tonumber(nmap.registry.args.stopafter)
        local socket = nmap.new_socket()
        local amt = 0

        -- Set the random seed
        math.randomseed(os.time())

        status, err = socket:connect(host.ip, port.number)
        if(not(status)) then
                return false, "Couldn't connect: " .. err
        end

        while true do
                local data = get_data(chunksize)
                status, err = socket:send(data)
                if(not(status)) then
                        return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt)
                end
                amt = amt + chunksize

                if(stopafter and amt >= stopafter) then
                        return true, string.format("Finished sending %d bytes\n", stopafter)
                end
        end

        return true, "Working!"
end

action = function(host, port)
        local status, result = go(host, port)

        if(not(status)) then
                if(nmap.debugging() > 0) then
                        return "ERROR: "  .. result
                end
        else
                return result
        end
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: