BED VULNERABILITY ANALYSIS TOOL
BED (aka Bruteforce Exploit Detector) is a plain-text protocol fuzzer that checks software for common vulnerabilities like buffer overflows, format string bugs, integer overflows, etc.
Written in Perl by mjm and Eric Sesterhenn, the tool currently supports following protocols:
- finger
- ftp
- http
- imap
- irc
- lpd
- pjl
- pop
- smtp
- socks4
- socks5.
Basic syntax
$ ./bed.pl -s <plugin> [options]
Options
- -s <plugin>
- Plugin to use (mandatory)
- Valid plugins are: FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5
- Use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.
- -t <target>
- Host to check (default: localhost)
- -p <port>
- Port to connect to (default: standard port)
- -o <timeout>
- seconds to wait after each test (default: 2 seconds)
$ ./bed.pl -s HTTP -t 192.168.100.16 -p 80 BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de ) + Buffer overflow testing: testing: 1 HEAD XAXAX HTTP/1.0 ........... testing: 2 HEAD / XAXAX ........... testing: 3 GET XAXAX HTTP/1.0 ........... testing: 4 GET / XAXAX ........... testing: 5 POST XAXAX HTTP/1.0 ........... testing: 6 POST / XAXAX ........... testing: 7 GET /XAXAX ........... testing: 8 POST /XAXAX ........... + Formatstring testing: testing: 1 HEAD XAXAX HTTP/1.0 ....... testing: 2 HEAD / XAXAX ....... testing: 3 GET XAXAX HTTP/1.0 ....... testing: 4 GET / XAXAX ....... testing: 5 POST XAXAX HTTP/1.0 ....... testing: 6 POST / XAXAX ....... testing: 7 GET /XAXAX ....... testing: 8 POST /XAXAX ....... * Normal tests + Buffer overflow testing: testing: 1 User-Agent: XAXAX ........... testing: 2 Host: XAXAX ........... testing: 3 Accept: XAXAX ........... testing: 4 Accept-Encoding: XAXAX ........... testing: 5 Accept-Language: XAXAX ........... testing: 6 Accept-Charset: XAXAX ........... testing: 7 Connection: XAXAX ........... testing: 8 Referer: XAXAX ........... testing: 9 Authorization: XAXAX ........... testing: 10 From: XAXAX ........... testing: 11 Charge-To: XAXAX ........... testing: 12 Authorization: XAXAX ........... testing: 13 Authorization: XAXAX : foo ........... testing: 14 Authorization: foo : XAXAX ........... testing: 15 If-Modified-Since: XAXAX ........... testing: 16 ChargeTo: XAXAX ........... testing: 17 Pragma: XAXAX ........... + Formatstring testing: testing: 1 User-Agent: XAXAX ....... testing: 2 Host: XAXAX ....... testing: 3 Accept: XAXAX ....... testing: 4 Accept-Encoding: XAXAX ....... testing: 5 Accept-Language: XAXAX ....... testing: 6 Accept-Charset: XAXAX ....... testing: 7 Connection: XAXAX ....... testing: 8 Referer: XAXAX ....... testing: 9 Authorization: XAXAX ....... testing: 10 From: XAXAX ....... testing: 11 Charge-To: XAXAX ....... testing: 12 Authorization: XAXAX ....... testing: 13 Authorization: XAXAX : foo ....... testing: 14 Authorization: foo : XAXAX ....... testing: 15 If-Modified-Since: XAXAX ....... testing: 16 ChargeTo: XAXAX ....... testing: 17 Pragma: XAXAX ....... + Unicode testing: testing: 1 User-Agent: XAXAX ....... testing: 2 Host: XAXAX ....... testing: 3 Accept: XAXAX ....... testing: 4 Accept-Encoding: XAXAX ....... testing: 5 Accept-Language: XAXAX ....... testing: 6 Accept-Charset: XAXAX ....... testing: 7 Connection: XAXAX ....... testing: 8 Referer: XAXAX ....... testing: 9 Authorization: XAXAX ....... testing: 10 From: XAXAX ....... testing: 11 Charge-To: XAXAX ....... testing: 12 Authorization: XAXAX ....... testing: 13 Authorization: XAXAX : foo ....... testing: 14 Authorization: foo : XAXAX ....... testing: 15 If-Modified-Since: XAXAX ....... testing: 16 ChargeTo: XAXAX ....... testing: 17 Pragma: XAXAX ....... + random number testing: testing: 1 User-Agent: XAXAX ............. testing: 2 Host: XAXAX ............. testing: 3 Accept: XAXAX ............. testing: 4 Accept-Encoding: XAXAX ............. testing: 5 Accept-Language: XAXAX ............. testing: 6 Accept-Charset: XAXAX ............. testing: 7 Connection: XAXAX ............. testing: 8 Referer: XAXAX ............. testing: 9 Authorization: XAXAX ............. testing: 10 From: XAXAX ............. testing: 11 Charge-To: XAXAX ............. testing: 12 Authorization: XAXAX ............. testing: 13 Authorization: XAXAX : foo ............. testing: 14 Authorization: foo : XAXAX ............. testing: 15 If-Modified-Since: XAXAX ............. testing: 16 ChargeTo: XAXAX ............. testing: 17 Pragma: XAXAX ............. + testing misc strings 1: testing: 1 User-Agent: XAXAX ............... testing: 2 Host: XAXAX ............... testing: 3 Accept: XAXAX ............... testing: 4 Accept-Encoding: XAXAX ............... testing: 5 Accept-Language: XAXAX ............... testing: 6 Accept-Charset: XAXAX ............... testing: 7 Connection: XAXAX ............... testing: 8 Referer: XAXAX ............... testing: 9 Authorization: XAXAX ............... testing: 10 From: XAXAX ............... testing: 11 Charge-To: XAXAX ............... testing: 12 Authorization: XAXAX ............... testing: 13 Authorization: XAXAX : foo ............... testing: 14 Authorization: foo : XAXAX ............... testing: 15 If-Modified-Since: XAXAX ............... testing: 16 ChargeTo: XAXAX ............... testing: 17 Pragma: XAXAX ............... + testing misc strings 2: testing: 1 User-Agent: XAXAX ............... testing: 2 Host: XAXAX ............... testing: 3 Accept: XAXAX ............... testing: 4 Accept-Encoding: XAXAX ............... testing: 5 Accept-Language: XAXAX ............... testing: 6 Accept-Charset: XAXAX ............... testing: 7 Connection: XAXAX ............... testing: 8 Referer: XAXAX ............... testing: 9 Authorization: XAXAX ............... testing: 10 From: XAXAX ............... testing: 11 Charge-To: XAXAX ............... testing: 12 Authorization: XAXAX ............... testing: 13 Authorization: XAXAX : foo ............... testing: 14 Authorization: foo : XAXAX ............... testing: 15 If-Modified-Since: XAXAX ............... testing: 16 ChargeTo: XAXAX ............... testing: 17 Pragma: XAXAX ............... + testing misc strings 3: testing: 1 User-Agent: XAXAX ............... testing: 2 Host: XAXAX ............... testing: 3 Accept: XAXAX ............... testing: 4 Accept-Encoding: XAXAX ............... testing: 5 Accept-Language: XAXAX ............... testing: 6 Accept-Charset: XAXAX ............... testing: 7 Connection: XAXAX ............... testing: 8 Referer: XAXAX ............... testing: 9 Authorization: XAXAX ............... testing: 10 From: XAXAX ............... testing: 11 Charge-To: XAXAX ............... testing: 12 Authorization: XAXAX ............... testing: 13 Authorization: XAXAX : foo ............... testing: 14 Authorization: foo : XAXAX ............... testing: 15 If-Modified-Since: XAXAX ............... testing: 16 ChargeTo: XAXAX ............... testing: 17 Pragma: XAXAX ............... [...TRUNCATED...] + testing misc strings 19: testing: 1 User-Agent: XAXAX ............... testing: 2 Host: XAXAX ............... testing: 3 Accept: XAXAX ............... testing: 4 Accept-Encoding: XAXAX ............... testing: 5 Accept-Language: XAXAX ............... testing: 6 Accept-Charset: XAXAX ............... testing: 7 Connection: XAXAX ............... testing: 8 Referer: XAXAX ............... testing: 9 Authorization: XAXAX ............... testing: 10 From: XAXAX ............... testing: 11 Charge-To: XAXAX ............... testing: 12 Authorization: XAXAX ............... testing: 13 Authorization: XAXAX : foo ............... testing: 14 Authorization: foo : XAXAX ............... testing: 15 If-Modified-Since: XAXAX ............... testing: 16 ChargeTo: XAXAX ............... testing: 17 Pragma: XAXAX ............... * Other tests: * All tests done.
No comments