thesp0nge/vulnserver_fuzzer.py

## vulnserver_fuzzer.py
#/usr/bin/env python

import socket
import os
import sys
import select
import string
import random

COMMANDS = ["STATS", "RTIME", "LTIME", "SRUN", "TRUN", "GMON", "GDOG", "KSTET", "GTER", "HTER", "LTER", "KSTAN"]

def is_vulnerable_command(command):

    print "[*] fuzzin command", command
    for i in range(100, 7000, 100):

        payload = command + " " + ''.join(random.choice(string.ascii_uppercase + string.digits + string.punctuation) for _ in range(i))
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        try:
            s.connect(("192.168.56.101", 9999))
        except socket.error, msg:
            print "[!] can't connect: ", msg
            return i

        s.setblocking(0)
        ready = select.select([s], [], [], 5)

        if ready[0]:
            data = s.recv(1024)
            print "[*] received server banner: ", data
        else:
            print "[!] can't read from socket"
            return i

        print "[*] sending evil request with", len(payload), "bytes"
        s.send(payload)

        s.setblocking(0)
        ready = select.select([s], [], [], 5)

        if ready[0]:
            data = s.recv(1024)
            print "[*] answer is", data
        else:
            print "[!] can't read from socket"
            return i
    return 0

if __name__ == "__main__":
    crashes = []
    for i in COMMANDS:
        l = is_vulnerable_command(i)
        if l != 0:
            print "[!] ", i, " command seems to be vulnerable"
            crashes.append({"command":i,"size":l})
            try:
                input("Please restart the server than press a key to continue")
            except SyntaxError:
                pass
        else:
            print "[*] ", i, " is safe"
    for i in crashes:
        print "[+] ", i["command"], " - ", i["size"]
	#/usr/bin/env python

	import socket
	import os
	import sys
	import select
	import string
	import random

	COMMANDS = ["STATS", "RTIME", "LTIME", "SRUN", "TRUN", "GMON", "GDOG", "KSTET", "GTER", "HTER", "LTER", "KSTAN"]

	def is_vulnerable_command(command):

	print "[*] fuzzin command", command
	for i in range(100, 7000, 100):

	payload = command + " " + ''.join(random.choice(string.ascii_uppercase + string.digits + string.punctuation) for _ in range(i))
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	try:
	s.connect(("192.168.56.101", 9999))
	except socket.error, msg:
	print "[!] can't connect: ", msg
	return i

	s.setblocking(0)
	ready = select.select([s], [], [], 5)

	if ready[0]:
	data = s.recv(1024)
	print "[*] received server banner: ", data
	else:
	print "[!] can't read from socket"
	return i

	print "[*] sending evil request with", len(payload), "bytes"
	s.send(payload)

	s.setblocking(0)
	ready = select.select([s], [], [], 5)

	if ready[0]:
	data = s.recv(1024)
	print "[*] answer is", data
	else:
	print "[!] can't read from socket"
	return i
	return 0

	if __name__ == "__main__":
	crashes = []
	for i in COMMANDS:
	l = is_vulnerable_command(i)
	if l != 0:
	print "[!] ", i, " command seems to be vulnerable"
	crashes.append({"command":i,"size":l})
	try:
	input("Please restart the server than press a key to continue")
	except SyntaxError:
	pass
	else:
	print "[*] ", i, " is safe"
	for i in crashes:
	print "[+] ", i["command"], " - ", i["size"]