Doona是Bruteforce Detector Tool(BED)的开源实现。BED是用来检测潜在缓冲区溢出,字符串处理异常等问题的工具。 Doona在澳大利亚是棉被的意思。他为BED加入了很多非常有用的功能,并改进了BED功能。
源代码: https://github.com/wireghoul/doona Doona主页 | Kali Doona仓库
作者: Eldar Marcussen aka wireghoul 开源协议: GPLv2 Doona包中的工具 doona – BED的开源版本
root@kali:~# doona -h
Doona 1.0 by Wireghoul (www.justanotherhacker.com)
Usage:
./doona.pl -m [module] <options>
-m <module> = DICT/FINGER/FTP/HTTP/IMAP/IRC/LPD/NNTP/PJL/POP/PROXY/RTSP/SMTP/SOCKS4/SOCKS5/TFTP/WHOIS
-c <int> = Execute a health check after every <int> fuzz cases
-t <target> = Host to check (default: localhost)
-p <port> = Port to connect to (default: module specific standard port)
-o <timeout> = seconds to wait after each test (default: 2 seconds)
-r <index> = Resumes fuzzing at test case index
-k = Keep trying until server passes a health check
-d = Dump test case to stdout (use in combination with -r)
-M <num> = Exit after executing <num> number of fuzz cases
-h = Help (this text)
use "./doona.pl -m [module] -h" for module specific option.
Only -m is a mandatory switch.
使用HTTP工具 (-m HTTP)对(-t 192.168.1.15)进行模糊测试, 每5个目标(-M 5)暂停一次:
root@kali:~# doona -m HTTP -t 192.168.1.15 -M 5
Doona 1.0 by Wireghoul (www.justanotherhacker.com)
+ Buffer overflow testing
1/37 [XAXAX] ......
Max requests (5) completed, index: 5