Module 1: Doona (BSWR)
Doona supports these modules/protocols: DICT, FINGER. FTP, HTTP, IMAP, IRC, LPD, NNTP, PJL, POP, PROXY, RTSP, SMTP, SOCKS4, SOCKS5, TFTP, and WHOIS. BED checks daemons for potential buffer overflows, format string bugs, integer overflows..etc. BED simply sends the commands to the server and checks whether it is still alive afterwards, This is done by sending a many different combinations of the known to be problematic strings to a server.
Teaching Assistant Vikramajeet Khatri and Tahir Ibrahim
(Disclaimer: Breaking Stuff with Robert is a Cybrary series that will be running indefinitely. You will not earn CEU/CPE hours by watching any individual 'Breaking Stuff with Robert' episode. However, you can still earn a certificate of completion for each episode completed.)
Using the Doona Fuzzing Tool
Doona is one of the many hacking tools that are available with the Kali Linux operating system. Doona, which is a fork of the Bruteforce Exploit Detector (BED) too, is a network protocol fuzzing tool that provides a significant number of additional features to the BED tool.
Fuzzing tools, like Doona, are designed to help find bugs in programs. These bugs may be in the form of coding errors, but more importantly, they may cause vuerabilities in software that hackers are able to exploit. Fuzzing works through a refined version of trial and error. It consists of imputing substantial amounts of random data (called fuzz) into a target program until one of the imputed permutations results in identifying a vulnerability. When a vulnerability is found, a fuzzing tool, like Doona, is used to identify the potential causes.
Why Use the Doona Fuzzing Tool?
Doona is a fuzz testing tool that many information security professionals – especially penetration testers – use to help protect the networks and systems of the organizations they work for. Doona is able to discover vulnerabilities that can potentially be exploited by buffer overflow, cross-site scripting, denial of service (DOS), and SQL injection. These are some of the most common methods used by malicious hackers who are determined to cause the most damage to an organization in the shortest amount of time.
In addition to helping information security professionals protect organizations’ networks and systems, Doona offers users the following benefits:
- It’s a low budget, easy to use, method that reveals serious defects that may otherwise be overlooked. It’s effective for debugging, Black Box testing and even beta testing.
- The approach that Doona takes (systematical/random) with fuzzing allows users to find issues that are typically missed with the human eye. Doona supports various modules and protocols including: DICT, FTP, IMAP, FINGER, HTTP, IRC, NNTP, POP, LPD, PJL, PROXY, SMTP, TFTP, WHOIS, SOCKS4, and SOCKS5.
To find out more about using the Doona network protocol fuzzing tool, please consider the How to Use Doona tutorial. In the short tutorial, you will learn the basics of Doona and how to use it. There’s no doubt that Doona a widely used and essential fuzzing tool that helps information security professionals battle criminal hackers. Learn it today with our tutorial. Enrolling is easy, just click on the Register button at the top right corner of this screen.
Certificate of Completion
Complete this entire course to earn a How to Use Doona (BSWR) Certificate of Completion