Backfuzz

Description

Backfuzz is a fuzzing tool for different protocols (FTP, HTTP, IMAP, etc) written in Python. The general idea is that this script has several predefined functions, so whoever wants to write their own plugin’s (for another protocol) can do that in few lines.

Usage

Options

-h   [IP] [Required]
-p   [PORT] [Required] 
-min [START LENGTH] [Required] 
-max [END LENGTH] [Required] 
-s   [SALT BETWEEN FUZZ STRINGS] [Required] 
-pl  [PLUGIN TO USE] [Required] 
-pf  [PATTERN-FLAVOUR TO USE (default: Cyclic)] [Optional] 
-t   [TIMEOUT (Seconds) (default: 0.8)] [Optional] 
-S   [SHOW PATTERN ON CRASH (default: False)] [Optional] 

Backfuzz  Arguments (Special Plugins):
============================

-SPECIAL [Required] 
-pl      [SPECIAL PLUGIN TO USE] [Required] 
-min     [START LENGTH] [Required] 
-max     [END LENGTH] [Required] 
-s       [SALT BETWEEN FUZZ STRINGS] [Required] 
-pf      [PATTERN-FLAVOUR TO USE (default: Cyclic)] [Optional] 

Backfuzz  Pattern Flavours are:
=====================

Cyclic          : Aa0Aa1Aa2Aa3Aa4Aa [...]
Cyclic Extended : Aa.Aa;Aa+Aa=Aa-Aa [...]
Single          : AAAAAAAAAAAAAAAAA [...]
FormatString    : %n%x%n%x%s%x%s%n  [...]

Backfuzz  Available plugins:
==================

FTP  : FTP Fuzzer  | Fuzz an FTP server  | Author: localh0t
HTTP : HTTP Fuzzer | Fuzz an HTTP server | Author: localh0t
IMAP : IMAP Fuzzer | Fuzz an IMAP server | Author: localh0t
IRC  : IRC Fuzzer  | Fuzz an IRC server  | Author: localh0t
POP3 : POP3 Fuzzer | Fuzz an POP3 server | Author: localh0t
SMTP : SMTP Fuzzer | Fuzz an SMTP server | Author: localh0t
SSH  : SSH Fuzzer  | Fuzz an SSH server  | Author: localh0t
TCP  : TCP Fuzzer  | Send garbage to a TCP connection  | Author: localh0t
TFTP : TFTP Fuzzer | Fuzz an TFTP Server  | Author: localh0t
TNET : Telnet Fuzzer | Fuzz a Telnet server | Author: localh0t
UDP  : UDP Fuzzer  | Send garbage to a UDP connection  | Author: localh0t




Example

cyborg@cyborg:~$ sudo backfuzz -h ********.com -p 22 -min 100 -max 1000 -s 100  -pl FTP -pf CyclicExtended
[!] Insert username (default: anonymous)> *****
[!] Insert password (default: [email protected])> ******

[!] TCP Socket fuzzing ...

MIN: 100 MAX: 1000 Giving it with: 100
MIN: 100 MAX: 1000 Giving it with: 200
MIN: 100 MAX: 1000 Giving it with: 300
MIN: 100 MAX: 1000 Giving it with: 400
MIN: 100 MAX: 1000 Giving it with: 500
MIN: 100 MAX: 1000 Giving it with: 600
MIN: 100 MAX: 1000 Giving it with: 700
MIN: 100 MAX: 1000 Giving it with: 800
MIN: 100 MAX: 1000 Giving it with: 900
MIN: 100 MAX: 1000 Giving it with: 1000

[!] USER fuzzing ...

MIN: 100 MAX: 1000 Giving it with: 100
MIN: 100 MAX: 1000 Giving it with: 200
MIN: 100 MAX: 1000 Giving it with: 300
MIN: 100 MAX: 1000 Giving it with: 400
MIN: 100 MAX: 1000 Giving it with: 500
MIN: 100 MAX: 1000 Giving it with: 600
MIN: 100 MAX: 1000 Giving it with: 700
MIN: 100 MAX: 1000 Giving it with: 800
MIN: 100 MAX: 1000 Giving it with: 900
MIN: 100 MAX: 1000 Giving it with: 1000

[!] PASS fuzzing ...

MIN: 100 MAX: 1000 Giving it with: 100
MIN: 100 MAX: 1000 Giving it with: 200
MIN: 100 MAX: 1000 Giving it with: 300
MIN: 100 MAX: 1000 Giving it with: 400
MIN: 100 MAX: 1000 Giving it with: 500
MIN: 100 MAX: 1000 Giving it with: 600
MIN: 100 MAX: 1000 Giving it with: 700
MIN: 100 MAX: 1000 Giving it with: 800
MIN: 100 MAX: 1000 Giving it with: 900
MIN: 100 MAX: 1000 Giving it with: 1000

[!] ABOR fuzzing ...

 

0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?