## Doona簡介 Doona是Bruteforce Detector Tool(BED)的開源實現。BED是用來檢測潛在緩沖區溢出，字符串處理異常等問題的工具。 Doona在澳大利亞是棉被的意思。他為BED加入了很多非常有用的功能，并改進了BED功能。 源代碼: [https://github.com/wireghoul/doona](https://github.com/wireghoul/doona "") [Doona主頁](https://github.com/wireghoul/doona "") | [Kali Doona倉庫](http://git.kali.org/gitweb/?p=packages/doona.git;a=summary "") 作者: Eldar Marcussen aka wireghoul 開源協議: GPLv2 Doona包中的工具 doona – BED的開源版本 ``` root@kali:~# doona -h Doona 1.0 by Wireghoul (www.justanotherhacker.com) Usage: ./doona.pl -m [module] <options> -m <module> = DICT/FINGER/FTP/HTTP/IMAP/IRC/LPD/NNTP/PJL/POP/PROXY/RTSP/SMTP/SOCKS4/SOCKS5/TFTP/WHOIS -c <int> = Execute a health check after every <int> fuzz cases -t <target> = Host to check (default: localhost) -p <port> = Port to connect to (default: module specific standard port) -o <timeout> = seconds to wait after each test (default: 2 seconds) -r <index> = Resumes fuzzing at test case index -k = Keep trying until server passes a health check -d = Dump test case to stdout (use in combination with -r) -M <num> = Exit after executing <num> number of fuzz cases -h = Help (this text) use "./doona.pl -m [module] -h" for module specific option. Only -m is a mandatory switch. ``` ### doona使用范例 使用HTTP工具 (-m HTTP)對(-t 192.168.1.15)進行模糊測試, 每5個目標(-M 5)暫停一次: ``` root@kali:~# doona -m HTTP -t 192.168.1.15 -M 5 Doona 1.0 by Wireghoul (www.justanotherhacker.com) + Buffer overflow testing 1/37 [XAXAX] ...... Max requests (5) completed, index: 5 ```