Spike Package – SPIKE is actually a fuzzer creation kit, providing an API that allows a user to create their own fuzzers for network based protocols using the C programming language. SPIKE defines a number of primitives that it makes available to C coders, which allows it to construct fuzzed messages called “SPIKES” that can be sent to a network service to hopefully induce errors. SPIKE was specifically designed to focus on finding exploitable bugs, so it’s an excellent choice for our purposes.
SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and sample code that parses web applications and DCE-RPC (MSRPC).
Options – Generic-Send_TCP
spike-generic-send_tcp host port spike_script SKIPVAR SKIPSTR Spike Package
cyborg@cyborg:~$ spike-generic-send_tcp 192.168.1.7 9999 test.spk 0 0 Total Number of Strings is 681 Fuzzing Fuzzing Variable 0:0
Options – Generic-Send_UDP
spike-generic_send_udp target port file.spk startvariable startfuzzstring startvariable startstring totaltosend Spike Package
cyborg@cyborg:~$ spike-generic-send_udp 192.168.1.7 80 abc.spk 0 0 500 Target is 192.168.1.7 Total Number of Strings is 681 fd=3 Fuzzing Variable 0:0 Fuzzing Variable 0:1( Fuzzing Variable 0:2 Fuzzing Variable 0:3
Options – Generic-Listen_TCP
spike-generic-listen_tcp port spike_script Spike Package
cyborg@cyborg:~$ spike-generic-listen_tcp 9999 test.spk Total Number of Strings is 681
Options – Generic-Chunked
generic_web_server_fuzz target port file.spk skipvariables skipfuzzstring Spike Package
cyborg@cyborg:~$ spike-generic-chunked www.ztrela.com 80 tst.spk 0 0 Target is www.ztrela.com Total Number of Strings is 681 Fuzzing Variable 0:0 parsing tst.spk sending Sent 4 sending Sent 8 sending Sent c