Practical 4
Name : Premsagar Manoj Pawar
Subject : Cyber Security Lab
Class : BE Computer
Section : B
Roll No : 30
Aim: Study of Vulnerability Analysis Tools in Kali Linux
Fuzzing Tools: BED
BED is a program designed to check daemons for potential buffer overflows, format strings, et. al.
bed -s HTTP -t 172.16.0.7
BED simply sends the commands to the server and checks whether it is still alive afterwards.
Of course this will not detect all bugs of the specified daemon but it will (at least it should) help you to check your software for common vulnerabilities.
BED Package Description
BED stands for Bruteforce Exploit Detector. It is designed to check daemons for potential buffer overflows, format strings et. al.
Author: mjm, eric
License: GPLv2
Tools included in the bed package
bed – A network protocol fuzzer
root@kali:~# bed
BED 0.5 by mjm ( www.codito.de )
eric ( www.snake-basket.de )
Usage:
./bed.pl -s <plugin> -t <target> -p <port> -o <timeout> [ depends on the plugin ]
<plugin> = FTP/SMTP/POP/HTTP/IRC/IMAP/PJL/LPD/FINGER/SOCKS4/SOCKS5
<target> = Host to check (default: localhost)
<port> = Port to connect to (default: standard port)
<timeout> = seconds to wait after each test (default: 2 seconds)
use "./bed.pl -s <plugin>" to obtain the parameters you need for the plugin.
Only -s is a mandatory switch.
bed Usage Example
Use the HTTP plugin (-s HTTP) to fuzz the target server (-t 192.168.1.15):
root@kali:~# bed -s HTTP -t 192.168.1.15
BED 0.5 by mjm ( www.codito.de ) & eric ( www.snake-basket.de )
+ Buffer overflow testing:
testing: 1 HEAD XAXAX HTTP/1.0
Bed Command :