[Doona] Network Protocol Fuzzer

Saturday, October 26, 2013

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: https://github.com/wireghoul/doona.

It's currently a little short on documentation, so I will let the changelog details some of the many differences between Doona and BED:
[ 0.7 ]
- resolved the need for a hardcoded plugin list
- added max requests option to allow parallel execution (easier than hacking in thread support)
- added sigpipe handler to prevent silent exit if server unexpectedly closes the connection
- added http proxy module
- added more ftp test cases
- added more rtsp test cases
- added more http test cases
- added more irc test cases
- fixed a long standing BED bug where two test strings where accidentally concatenated
- fixed a long standing BED bug where a hex representation of a 32bit integer was not max value as intended
- aliased -m to -s (-s is getting deprecated/reassigned)
- renamed plugins to modules (-m is for module)
- removed directory traversal testing code from ftp module
- rewrote/broke misc testing procedure to test specific edge cases, needs redesign
- added support for multiple setup/prefix/verbs, ie: fuzzing Host headers with GET/POST/HEAD requests
- fixed long standing BED bug in the smtp module where it wouldn't greet the mail server correctly with HELO
- added more smtp test cases
- fixed long standing BED bug in escaped Unicode strings
- added more large integer and formatstring fuzz strings
- fixed column alignment in the progress output

Subscribe via e-mail for updates!