Fuzzing with Metasploit

Fuzzing or fuzz testing is an automated or semi-automated black box software testing technique
that automates the process of data generation and injection to discover bugs, crashes,
maximum overflow capacities and memory leaks in software applications, protocols, file formats
and computer systems by providing invalid, unexpected and random data to the inputs of the
system.

Metasploit contains numerous fuzzer modules that can be used to test software applications,
computer systems and protocols. To quickly see a list of available fuzzers

run msfconsole

type

info auxiliary/fuzzers/

and hit tab button.

msf > info auxiliary/fuzzers/
info auxiliary/fuzzers/dns/dns_fuzzer
info auxiliary/fuzzers/ftp/client_ftp
info auxiliary/fuzzers/ftp/ftp_pre_post
info auxiliary/fuzzers/http/http_form_field
info auxiliary/fuzzers/http/http_get_uri_long
info auxiliary/fuzzers/http/http_get_uri_strings
info auxiliary/fuzzers/smb/smb2_negotiate_corrupt
info auxiliary/fuzzers/smb/smb_create_pipe
info auxiliary/fuzzers/smb/smb_create_pipe_corrupt
info auxiliary/fuzzers/smb/smb_negotiate_corrupt
info auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
info auxiliary/fuzzers/smb/smb_tree_connect
info auxiliary/fuzzers/smb/smb_tree_connect_corrupt
info auxiliary/fuzzers/smtp/smtp_fuzzer
info auxiliary/fuzzers/ssh/ssh_kexinit_corrupt
info auxiliary/fuzzers/ssh/ssh_version_15
info auxiliary/fuzzers/ssh/ssh_version_2
info auxiliary/fuzzers/ssh/ssh_version_corrupt
info auxiliary/fuzzers/tds/tds_login_corrupt
info auxiliary/fuzzers/tds/tds_login_username
info auxiliary/fuzzers/wifi/fuzz_beacon
info auxiliary/fuzzers/wifi/fuzz_proberesp

FTP Pre- authentication and post-authentication fuzzing
ftp_pre_post fuzzer module will connect to a FTP server and perform pre-authentication and
post-authentication fuzzing. To select this fuzzer module, execute

use auxiliary/fuzzers/ftp/ftp_pre_post

Set rhosts and run the module or type

show options

first to configure the module.

HTTP Form Field Fuzzer
Metasploit provides us with http_form_field fuzzer module. This module will grab all fields from a
form, and launch a series of POST actions, fuzzing the contents of the form fields and headers.
To use this module type

use auxiliary/fuzzers/http/http_form_field

 
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

Categories: Fuzzing, Metasploit Tags: ,
%d bloggers like this: