EXPERIMENT NO: 4

Aim: Study of Vulnerability Analysis Tools in Kali Linu

Fuzzing Tools: BED

BED Package Description:

BED stands for Bruteforce Exploit Detector. It is designed to check daemons for potential buffer overflows, format strings et. al.

root@kali:~# bed

BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )

Usage:

./bed.pl -s <plugin> -t <target> -p <port> -o <timeout> [ depends on the plugin ]

<plugin> = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5

<target> = Host to check (default: localhost)

<port> = Port to connect to (default: standard port)

<timeout> = seconds to wait after each test (default: 2 seconds)

use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.

Only -s is a mandatory switch.

BED Usage Example:

Use the HTTP plugin (-s HTTP) to fuzz the target server (-t 192.168.1.15):

root@kali:~# bed -s HTTP -t 192.168.1.15

BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )

+ Buffer overflow testing:

testing: 1 HEAD XAXAX HTTP/1.0

References:

1. https://tools.kali.org/vulnerability-analysis/bed

2. https://www.youtube.com/watch?v=2Q4QJYMZptc

3. https://www.youtube.com/watch?v=WDtaRfpKJ-s

4. https://www.tutorialspoint.com/kali_linux/index.htm

Submitted By: Anup Sanjay Patil Guided by: Prof.Girish K. Patnaik