Kali Linux Tutorials : How To Use SFUZZ (Vulnerability Analysis)
Today on K4linux we are going to point out sfuzz (simple fuzzer) and the way to use it on Kali Linux!
Simple fuzz specifically is what’s exactly what it looks like – a straightforward fuzzer. Do not mistake simple with a scarcity of fuzz capability. This fuzzer has 2 network modes of operation, associate in Nursing output mode for developing statement fuzzing scripts, additionally as taking fuzzing strings from literals and buildings strings from sequences.
Simple fuzz is constructed to fill a necessity – The requirement for a quickly configurable recording equipment testing utility that dosen’t require intimate information of the inner workings of C or require specialised package rigs. The aim is to just provide a simple interface, clear inputs/outputs, and reusability.
Simple Fuzz by Aaron Conole
Why’d i write this? I used to be getting to use spike for recording machine testing at work, but the matter thereupon is – However do i buy the folks in SQA to be ready to really hammer away at my stuff? They are not software system engineers and in several cases area unit barely competent programmers. giving them a large computer program, based on SPIKE that may need serious modification sounded like i’d be setting myself up for maintenance nightmares, and meagerly code coverage. However – SPIKE is extremely powerful, terribly versatile, and really documented. This is
true however has one caveat: All the ability and suppleness and pie of SPIKE comes at the price of a steep learning curve. It needs time to find out, and when a bug may surface, would need time delving into internals that I don’t want to be ‘the guy’ for at work.
Kali Linux – SFUZZ Features
- Simple script language for creating test cases
- Support for repeating strings as well as fixed strings (‘sequences‘ vs. ‘literals‘)
- Variables within test cases (ex: strings to be replaced with different strings)
- TCP and UDP Payload transport (icmp support tdb)
- Binary substitution support (see basic.a11 for more information)
- Plugin support (NEW!) see plugin.txt fore more information.
- Previous packet contents inclusion
- Tools included in the sfuzz package
Kali Linux SFUZZ – Black Box testing utilities
To see all commands and help about sfuzz :
[email protected]:~# sfuzz -h
By: Aaron Conole
EMAIL: [email protected]
-h This message.
-V Version information.
networking / output:
-v Verbose output
-q Silent output mode (generally for CLI fuzzing)
-X prints the output in hex
-b Begin fuzzing at the test specified.
-e End testing on failure.
-t Wait time for reading the socket
-S Remote host
-T|-U|-O TCP|UDP|Output mode
-R Refrain from closing connections (ie: “leak” them)
-f Config File
-L Log file
-n Create a new logfile after each fuzz
-r Trim the tailing newline
-D Define a symbol and value (X=y).
-l Only perform literal fuzzing
-s Only perform sequence fuzzing
Kali Linux – SFUZZ Usage Example
[email protected]:~# sfuzz -S 192.168.1.1 -p 10443 -T -f /usr/share/sfuzz/sfuzz-sample/basic.http
[12:53:47] dumping options:
literal = [AREALLYBADSTRING]
Kali Linux Tutorials : How To Use SFUZZ
All the steps for this tutorial are explained on a Video on our Youtube Channel you can subscribe to it by this link they are many other tutorials that you can learn about bypassing and hacking and others basics tutorials about kali linux 2.0 (Kali Sana).
Disclaimer: This tutorial is for educational purposes only and we are NOT responsible in any way for how this information is used, use it at your own risk.
If you have encountered a problem or you have any questions or remarks please feel free to set a comment.
If this article helped you to solve your problem please feel free to Share it with your friends. with Love and Prosperity K4LINUX-TEAM.