[Doona] Network Protocol Fuzzer

Doona is a fork of the Bruteforce Exploit Detector, it was renamed to avoid confusion as it has a large number of of changes. You should get a copy from github if you want to try it: <https://github.com/wireghoul/doona&gt;.

It’s currently a little short on documentation, so I will let the changelog details some of the many differences between Doona and BED:

[ 0.7 ]





- resolved the need for a hardcoded plugin list  

- added max requests option to allow parallel execution (easier than hacking in thread support)  

- added sigpipe handler to prevent silent exit if server unexpectedly closes the connection  

- added http proxy module  

- added more ftp test cases  

- added more rtsp test cases  

- added more http test cases  

- added more irc test cases  

- fixed a long standing BED bug where two test strings where accidentally concatenated  

- fixed a long standing BED bug where a hex representation of a 32bit integer was not max value as intended  

- aliased -m to -s (-s is getting deprecated/reassigned)  

- renamed plugins to modules (-m is for module)  

- removed directory traversal testing code from ftp module  

- rewrote/broke misc testing procedure to test specific edge cases, needs redesign  

- added support for multiple setup/prefix/verbs, ie: fuzzing Host headers with GET/POST/HEAD requests  

- fixed long standing BED bug in the smtp module where it wouldn't greet the mail server correctly with HELO  

- added more smtp test cases  

- fixed long standing BED bug in escaped Unicode strings  

- added more large integer and formatstring fuzz strings  

- fixed column alignment in the progress output

Download Doona