Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Simple script: random (garbage) fuzzer
From: Ron <ron () skullsecurity net>
Date: Fri, 06 Nov 2009 10:13:46 -0500
Hey,

Somebody requested a NSE script to fuzz with random garbage on all
ports. It isn't *terribly* useful, but it could be a good way to exhaust
bandwidth/test for really bad services.

I may do more fuzzer scripts later, but I've attached this one.

I realize this doesn't do a whole heck of a lot, but anybody mind if I
check this in?

Thanks
Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

description = [[
A very simple fuzzer -- this will send garbage (random) junk on every open port. Runs until the server closes the 
connection, and never receives any data. 
]]
---
-- () usage
-- nmap --script fuzz-garbage <host>
--
-- () output
-- n/a
--
-- @args chunksize The size of the chunks to send (default: 1024). 
-- @args stopafter Stop after sending this many bytes. This will be rounded up to the next
--       chunksize. 
-----------------------------------------------------------------------

author = "Ron Bowes"
copyright = "Ron Bowes"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html";
categories = {"intrusive","dos"}

-- Set the runlevel to >2 so this runs last (so if it DOES crash something, it doesn't
-- till other scans have had a chance to run)
runlevel = 2

portrule = function(host)
        return true
end

function get_data(size)
        local data = ""

        for i=1, size, 1 do
                data = data .. string.char(math.random(0xFF))
        end

        return data
end

function go(host, port)
        local status, err
        local chunksize = nmap.registry.args.chunksize or 1024
        local stopafter = tonumber(nmap.registry.args.stopafter)
        local socket = nmap.new_socket()
        local amt = 0

        -- Set the random seed
        math.randomseed(os.time())

        status, err = socket:connect(host.ip, port.number)
        if(not(status)) then
                return false, "Couldn't connect: " .. err
        end

        while true do
                local data = get_data(chunksize)
                status, err = socket:send(data)
                if(not(status)) then
                        return false, string.format("Finished sending data: %s (%d bytes already sent)", err, amt)
                end
                amt = amt + chunksize

                if(stopafter and amt >= stopafter) then
                        return true, string.format("Finished sending %d bytes\n", stopafter)
                end
        end

        return true, "Working!"
end

action = function(host, port)
        local status, result = go(host, port)

        if(not(status)) then
                if(nmap.debugging() > 0) then
                        return "ERROR: "  .. result
                end
        else
                return result
        end
end


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]