2007-08-09 21:09:21
By Tim Brown
I've been evaluating Parallel::ForkManager recently as a replacement for the convoluted producer/consumer model within Fuzzled and I wanted to see what it could do. Anyway, a couple of hours later and I have a working PoC for a multi-threaded SSH brute forcer, to be known as SSHatter. Anyway, SSHatter is capable of taking a hostname list, a username list and a password list, and iterating through, reporting on successful attempts. I think I'll be adding Parallel::ForkManager to the grand plan for the next public release of Fuzzled. Incidentally, Fuzzled development hasn't been standing still. I'm taking a look at what other fuzzers can do, and figuring out whether I want to implement similar features in mine. I've also been tweaking some of the existing features, fixing bugs and toning the beast, for example Fuzzled's pattern generator now supports a character black list, for overflow testing. The major feature of the next release, aside from this, is the introduction of a rudimentory HTTP injection fuzzer, which takes WebScarab logs and attacks the requests in a systematic manner. It should be out of the door, real soon now.
Mood: Proud
Music: Nothing playing right now
You are unknown, comment