Infigo FTPStress Fuzzer v1.0
============================
First of all, thank you for downloading this software, we hope that you will
find it useful and enjoy it.
Infigo FTPStress Fuzzer is free software, released under Software Product
License (see License.txt for details)
1) Introduction
---------------
Fuzzing is a special process used for discovering security vulnerabilities in
software products. The process is performed by sending specially crafted data
of various types and sizes to the applications standard input, trying to
reach incorrect processing state which will reveal the vulnerability. During
the fuzzing process, target application is usually monitored with additional
tools (e.g. debuggers) which can be helpful for analysis of anomalies and
applications unexpected behaviour.
There is a variety of fuzzing tools, depending on the nature of the target
application. Generic fuzzing tools could be used for analysis of different
protocols and applications, while specific are designed for the particular
protocols (SMTP, HTTP, POP3, FTP etc.).
Infigo FTPStress Fuzzer is a specific fuzzer for finding vulnerabilities in
FTP server products. Although it is a simple tool, it proved its efficiency
by the number of vulnerabilities discovered in different FTP server software
tested with this tool.
The parameters used for the fuzzing process are highly configurable. User can
precisely define which FTP commands will be fuzzed along with the size and
type of the fuzzing data.
2) Installation
-------------
Unzip the package into the directory of your choice and run ftpfuzz.exe,
Infigo FTPStress Fuzzer starts immediately.
3) Configuration
----------------
3.1) Setting up fuzz commands
-----------------------------
"FTP commands" window shows all available FTP commands. Checkbox by each
command checks the command for execution. Drop down menu enables quick
checking or clearing specific groups of commands:
- Default - selects default ftp commands,
- All commands - selects all commands,
- Basic commands (RFC 959) - selects commands defined in RFC 959,
- Deselect all - clears all checkboxes,
- File transfer commands - selects commands used for file transfer,
- File commands - selects commands used for file handling,
- SITE commands - selects only SITE commands.
By pressing the "Discover" button it is possible to automatically select only
commands that target FTP server supports. By pressing the Discover button
Infigo FTP Fuzzer sends "Help" command to the target FTP server and upon
servers response checks only supported commands.
By highlighting one of the FTP commands, it becomes available in the upper
section of the main window. This enables the user to change the command by
entering a new value and pressing "Update Change". With this option the
existing command is replaced by new one.
In this section it is also possible to enter argument which will be sent to
the FTP server. Checkbox "Fuzz this FTP command" checks the command for
fuzzing. In this case, user provided argument will be ignored, and instead,
selected fuzzing data strings will be used as arguments. Fuzzing strings are
described in section 3.2.
3.2) Fuzzing parameters
-----------------------
Fuzzing parameters are configured either by selecting "Config" option from
the toolbar, or by pressing "Config" button. This opens a new window which
offers three tabs.
==[ Fuzzing data
This tab lists data strings which will be used for fuzzing. It is possible to
change the string by selecting it and entering new value. "Update Change"
button must be pressed for change to take an effect.
==[ Fuzzing sizes
This tab lists available lengths of the strings that will be sent to the target
FTP server. It is possible to change them the same way as described in "Fuzzing
data" tab.
==[ Fuzzing options
This tab allows user to determine whether the commands will be fuzzed one at
the time (with all selected data and sizes), or will the selected commands be
executed consecutively with the same fuzzing data and size before changing
the argument.
"Retrieve files (data connections) from FTP server" option enables saving
data retrieved from the target FTP server. Local data port must be defined so
Infigo FTPStress Fuzzer can bind to it. Retrieved data can be revised by
Selecting "Data" button. By default, local data port is set to 31339 what can
be changed manually.
4) Using Infigo FTPStress Fuzzer
--------------------------------
Using Infigo FTPStress Fuzzer is straightforward and simple.
4.1) Starting the fuzzing process
-------------
Before starting the Fuzzer, "Connection" section of the main window must be
filled. Host IP address is empty by default and should be entered. By
default, target servers FTP port is set to 21, while local data port is set
to 31339. This can be changed as necessary.
Timeout value defines how long the Fuzzer waits for the response from the
target FTP server. By default, this value is set to 12 seconds. This value
should be carefully selected since it can seriously affect the results.
The fuzzing process is started by pressing "Start" button. The process can be
paused or stopped before completion by pressing Pause or Stop buttons.
4.2) Output
-----------
Sent and received data is being displayed in the real time in the Fuzzers
central frame. The output is highlited in three colors which represent
different actions:
- Black - requests sent by the Fuzzer,
- Blue - answers received from the FTP server,
- Red - indicates the FTP server being down.
"Data" button opens new window which displays retrieved data from the FTP
server. Retrieved data is available only if "Retrieve files (data
connections) from FTP server" option is enabled.
The progress bar in the bottom of the main window displays the progress and the
command, data string and size currently being fuzzed.
5) Contact
----------
All bug reports and requests for new features can be sent to:
infocus@infigo.hr
Infigo FTPStress Fuzzer URL:
http://www.infigo.hr/in_focus/tools
ftpfuzz(infigo ftpstress fuzzer)
5星 · 超过95%的资源 需积分: 21 56 浏览量
2012-09-14
12:35:52
上传
评论 2
收藏 403KB ZIP 举报
Walter_Jia
- 粉丝: 352
- 资源: 26
最新资源
- 论文(最终)_20240430235101.pdf
- 基于python编写的Keras深度学习框架开发,利用卷积神经网络CNN,快速识别图片并进行分类
- 最全空间计量实证方法(空间杜宾模型和检验以及结果解释文档).txt
- 5uonly.apk
- 蓝桥杯Python组的历年真题
- 2023-04-06-项目笔记 - 第一百十九阶段 - 4.4.2.117全局变量的作用域-117 -2024.04.30
- 2023-04-06-项目笔记 - 第一百十九阶段 - 4.4.2.117全局变量的作用域-117 -2024.04.30
- 前端开发技术实验报告:内含4四实验&实验报告
- Highlight Plus v20.0.1
- 林周瑜-论文.docx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈