A script written by Bar Hofesh to help you fuzz those services 
#!/usr/bin/python
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# .__.................__......................_._.........
# / _\.___..___....../ _\.___..___._..._._.__(_) |_._..._.
# \ \./ _ \/ _ \_____\ \./ _ \/ __| |.| | '__| | __| |.| |
# _\ \ __/ __/_____|\ \ __/ (__| |_| | |..| | |_| |_| |
# \__/\___|\___|.....\__/\___|\___|\__,_|_|..|_|\__|\__, |
# ..................................................|___/.
#
# Simple Port Fuzzer
#
# This script will create threading connections to a host
# at a port given with a specific header to test and which
# strings can be used. It is a simple fuzzer for you to
# use for your research.
#
#
# Created By Bar Hofesh (ba7a7chy)
# and
# Yuval (tisf) Nativ from See-Security
# yuval@see-security.com
# http://www.see-security.com
# https://avtacha.wordpress.com
#
#
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
import sys
import getopt
import os
import socket
from time import sleep
import threading
def printhelp():
print ''
print ' .__.................__......................_._.........'
print ' / _\.___..___....../ _\.___..___._..._._.__(_) |_._..._.'
print ' \ \./ _ \/ _ \_____\ \./ _ \/ __| |.| | .__| | __| |.| |'
print ' _\ \ __/ __/_____|\ \ __/ (__| |_| | |..| | |_| |_| |'
print ' \__/\___|\___|.....\__/\___|\___|\__,_|_|..|_|\__|\__, |'
print ' ..................................................|___/.'
print ''
print ' Created By Bar Hofesh (ba7a7chy)'
print ' And '
print ' Yuval Nativ (tisf) of See-Security'
print ' http://www.see-security.org'
print ' https://avtacha.wordpress.com'
print ''
print 'Syntax not used properly.'
print ''
print 'Use the -p or --port for the target port to fuzz.'
print 'Use the -t or --target for the target IP address.'
print 'Use the -r or --header to type the header to fuzz. Type & where you wish the fuzzing to occur.'
print 'Use the -s or --string for the fuzzing content.'
print 'Use the -j or --jumps for the multiplying of the string.'
print ''
print ' ex.: ./fuzzy.py -t localhost -p 139 -r "hello &" -s A -j 4'
print ''
def main(argv):
TargetPort = ''
TargetIP = ''
StringFuzz = ''
TarHeader = ''
TarJumps = ''
try:
opts, args = getopt.getopt(argv,"hp:t:r:s:j:h",["port=","help=","target=","header=","string=","jumps="])
except getopt.GetoptError:
printhelp()
sys.exit(2)
for opt, arg in opts:
if opt == ('-h', '--help'):
printhelp()
sys.exit()
elif opt in ('-p', '--port'):
TargetPort = arg
elif opt in ('-t', '--target'):
TargetIP = arg
elif opt in ('-r', '--header'):
TarHeader = arg
elif opt in ('-s', '--string'):
StringFuzz = arg
elif opt in ('-j', '--jumps'):
TarJumps = arg
if TargetPort=='':
printhelp()
sys.exit()
if TargetIP=='':
printhelp()
sys.exit()
if TarHeader=='':
printhelp()
sys.exit()
if StringFuzz=='':
printhelp()
sys.exit()
if TarJumps=='':
printhelp()
sys.exit()
a=1
host = TargetIP,int(TargetPort)
char = StringFuzz * int(TarJumps)
while a > 0:
s = socket.socket( socket.AF_INET, socket.SOCK_STREAM)
s.connect((host))
TarHeader = TarHeader.replace("&", StringFuzz)
s.send(TarHeader)
s.settimeout(7)
data = s.recv(4)
if data > 0:
print "Got awnser"
else:
print "No awnser"
sleep(0.1)
print "Fuzzing With:", TarHeader
TarHeader = TarHeader.replace (StringFuzz, "&")
StringFuzz = char + StringFuzz
s.close()
if __name__ == "__main__":
main(sys.argv[1:])