Feature #3289
DNS(SEC) fuzzer
| Status: | Closed | Start date: | 12/04/2010 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | James Lee | % Done: | 100% |
|
| Category: | modules - auxiliary | |||
| Target version: | Metasploit 4.2.0 | |||
| Resolution: | How To Use: | |||
| Release Note: |
Description
Hi,
Please find a DNS and DNSSEC fuzzer in attachment.
It use a generation-based fuzzing method (intelligent brute force) and supports multiple modes of operation.
msf > use auxiliary/fuzzers/dns/dns_fuzzer
msf auxiliary(dns_fuzzer) > info
Name: DNS server fuzzer.
Version: $
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
pello
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
CLASS no Comma separated list of classes to fuzz. Leave empty to fuzz all fields.
CYCLIC true no Use Cyclic pattern instead of A's (fuzzing payload).
DNSSEC false no Add DNSsec to each question (UDP payload size, EDNS0, ...)
DOMAIN no Force DNS zone domain name.
ENDSIZE 500 no Max Fuzzing string size. (L2 Frame size)
ERRORHDR 0 no Introduces byte error in the DNS header.
IMPORTENUM no Import dns_enum database output and automatically use existing RR.
ITERATIONS 5 yes Number of iterations to run by test case
METHOD UDP no Underlayer protocole to use (UDP, TCP or AUTO).
OPCODE no Comma separated list of opcodes to fuzz. Leave empty to fuzz all fields.
RAWPADDING false no Generate totally random data from STARTSIZE to ENDSIZE
RHOSTS yes The target address range or CIDR identifier
RPORT 53 yes The target port
RR no Comma separated list of requests to fuzz. Leave empty to fuzz all fields.
STARTSIZE 0 no Fuzzing string startsize.
STEPSIZE 100 no Increment fuzzing string each attempt.
THREADS 1 yes The number of concurrent threads
TRAILINGNUL true no NUL byte terminate DNS names
Description:
This module perform DNS and DNSSEC server fuzzing.
Note: the importenum feature read a text file using the following syntax:
www,A,IN
www6,AAAA,IN
blog,CNAME,IN
ns0,NS,IN
Cheers,
pello
dns_fuzzer.rb
(19.4 kB)
Associated revisions
Adding back bitstruct (current upstream) and dns_fuzzer module
Fixes #3289.
This commit adds back the bit-struct library because in the end,
it is useful for some modules, especially pello's. It's small
and it has a nice license, so why not. After all, it /is/
useful for quicky application headers. Eventually, should
be replaced by StructFu, but that requires some doc work
on my part to get that transition in place.
This also adds pello's DNS fuzzer module which makes use of
BitStruct to create sometimes malformed-on-purpose DNS headers.
Tested against 3 different DNS servers, caused one to reboot,
so I'd say it works.
History
#1 Updated by Joshua J. Drake over 1 year ago
- Status changed from New to HavePatch
#2 Updated by HD Moore about 1 year ago
- Target version set to Metasploit 3.7
#3 Updated by HD Moore about 1 year ago
- Assignee set to James Lee
#4 Updated by James Lee about 1 year ago
- Target version changed from Metasploit 3.7 to Metasploit 4.0.0
Didn't make 3.7.0, pushing to 3.8.
#5 Updated by James Lee 10 months ago
- Target version changed from Metasploit 4.0.0 to Metasploit 4.1.0
Didn't make it, pushing to 4.1.0
#6 Updated by Tod Beardsley 7 months ago
- Target version changed from Metasploit 4.1.0 to Metasploit 4.2.0
#7 Updated by Tod Beardsley 6 months ago
- Status changed from HavePatch to Resolved
Applied in changeset f1950c2fe1954a41759456d35944cf2473920cc1.
#8 Updated by Tod Beardsley 6 months ago
- 10 set to 0
Note that this came with some minor cosmetic changes, as well as the addition of the current upstream version of Bit-Struct. It's a fun library, may as well include it until the doc work for StructFu gets done.
#9 Updated by Jonathan Cran 5 months ago
- Status changed from Resolved to Closed