Simple Port Fuzzer

A script written by Bar Hofesh to help you fuzz those services :)

#!/usr/bin/python
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#     .__.................__......................_._.........
#     / _\.___..___....../ _\.___..___._..._._.__(_) |_._..._.
#     \ \./ _ \/ _ \_____\ \./ _ \/ __| |.| | '__| | __| |.| |
#     _\ \  __/  __/_____|\ \  __/ (__| |_| | |..| | |_| |_| |
#     \__/\___|\___|.....\__/\___|\___|\__,_|_|..|_|\__|\__, |
#     ..................................................|___/.
#
#                       Simple Port Fuzzer
#
#     This script will create threading connections to a host
#   at a port given with a specific header to test and which 
#    strings can be used. It is a simple fuzzer for you to
#     use for your research. 
#           
#
#                 Created By Bar Hofesh (ba7a7chy)
#                                and
#              Yuval (tisf) Nativ from See-Security
#                     yuval@see-security.com
#                  http://www.see-security.com
#                 https://avtacha.wordpress.com
#
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

import sys
import getopt
import os
import socket
from time import sleep
import threading

def printhelp():
   print ''
   print '     .__.................__......................_._.........'
   print '     / _\.___..___....../ _\.___..___._..._._.__(_) |_._..._.'
   print '     \ \./ _ \/ _ \_____\ \./ _ \/ __| |.| | .__| | __| |.| |'
   print '     _\ \  __/  __/_____|\ \  __/ (__| |_| | |..| | |_| |_| |'
   print '     \__/\___|\___|.....\__/\___|\___|\__,_|_|..|_|\__|\__, |'
   print '     ..................................................|___/.'
   print ''
   print '                Created By Bar Hofesh (ba7a7chy)'
   print '                             And '
   print '               Yuval Nativ (tisf) of See-Security'
   print '                   http://www.see-security.org'
   print '                  https://avtacha.wordpress.com'
   print ''
   print 'Syntax not used properly.'
   print ''
   print 'Use the -p or --port for the target port to fuzz.'
   print 'Use the -t or --target for the target IP address.'
   print 'Use the -r or --header to type the header to fuzz. Type & where you wish the fuzzing to occur.'
   print 'Use the -s or --string for the fuzzing content.'
   print 'Use the -j or --jumps for the multiplying of the string.'
   print ''
   print '      ex.:  ./fuzzy.py -t localhost -p 139 -r "hello &" -s A -j 4'
   print ''

def main(argv):
   TargetPort = ''
   TargetIP = ''
   StringFuzz = ''
   TarHeader = ''
   TarJumps = ''

   try:
      opts, args = getopt.getopt(argv,"hp:t:r:s:j:h",["port=","help=","target=","header=","string=","jumps="])
   except getopt.GetoptError:
      printhelp()
      sys.exit(2)
   for opt, arg in opts:
      if opt == ('-h', '--help'):
         printhelp()
         sys.exit()
      elif opt in ('-p', '--port'):
         TargetPort = arg
      elif opt in ('-t', '--target'):
         TargetIP = arg
      elif opt in ('-r', '--header'):
         TarHeader = arg
      elif opt in ('-s', '--string'):
         StringFuzz = arg
      elif opt in ('-j', '--jumps'):
         TarJumps = arg
   if TargetPort=='':
      printhelp()
      sys.exit()
   if TargetIP=='':
      printhelp()
      sys.exit()
   if TarHeader=='':
      printhelp()
      sys.exit()
   if StringFuzz=='':
      printhelp()
      sys.exit()
   if TarJumps=='':
      printhelp()
      sys.exit()

   a=1
   host = TargetIP,int(TargetPort)
   char = StringFuzz * int(TarJumps)
   while a > 0:
        s = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
        s.connect((host))
        TarHeader = TarHeader.replace("&", StringFuzz)
        s.send(TarHeader)
        s.settimeout(7)
        data = s.recv(4)
        if data > 0:
                print "Got awnser"
        else:
                print "No awnser"       
        sleep(0.1) 
        print "Fuzzing With:", TarHeader
        TarHeader = TarHeader.replace (StringFuzz, "&")
        StringFuzz = char + StringFuzz 
        s.close()

if __name__ == "__main__":
   main(sys.argv[1:])

Leave a Reply

Your email address will not be published. Required fields are marked *

Please type the characters of this captcha image in the input box

Please type the characters of this captcha image in the input box

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>