Re: Simple script: random (garbage) fuzzer

[Fyodor <fyodor () insecure org>]

On Fri, Nov 06, 2009 at 10:13:46AM -0500, Ron wrote:
> Hey,
>
> Somebody requested a NSE script to fuzz with random garbage on all
> ports. It isn't *terribly* useful, but it could be a good way to exhaust
> bandwidth/test for really bad services.

Nice.  Did they request it on a public forum somewhere that you can
link to?  It would be interesting to know more about the use case they
have in mind.

Maybe it should include a stopafter limit by default?  That way it
doesn't go forever for people who acidentally specify it (perhaps
among other scripts) without specifying the stopafter arg.

Also, you might want to make this output line more clear:
return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt)

You might want to note that it failed to send more data and thus the
service may have crashed.  Otherwise it looks pretty similar to the
successful finish case:

return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt)

> I realize this doesn't do a whole heck of a lot, but anybody mind if I
> check this in?

I'm on the fence on this one, but I'm not opposed to checking it in
(as long as it is changed to complete at some point by default).  I
suppose one can always do this sort of thing with the likes of "cat
/dev/urandom | ncat --send-only target port", but the NSE script lets
Nmap find the open ports for it, and also handles many ports at once.

Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/