## Doona简介 Doona是Bruteforce Detector Tool(BED)的开源实现。BED是用来检测潜在缓冲区溢出，字符串处理异常等问题的工具。 Doona在澳大利亚是棉被的意思。他为BED加入了很多非常有用的功能，并改进了BED功能。 源代码: [https://github.com/wireghoul/doona](https://github.com/wireghoul/doona "") [Doona主页](https://github.com/wireghoul/doona "") | [Kali Doona仓库](http://git.kali.org/gitweb/?p=packages/doona.git;a=summary "") 作者: Eldar Marcussen aka wireghoul 开源协议: GPLv2 Doona包中的工具 doona – BED的开源版本 ``` root@kali:~# doona -h Doona 1.0 by Wireghoul (www.justanotherhacker.com) Usage: ./doona.pl -m [module] <options> -m <module> = DICT/FINGER/FTP/HTTP/IMAP/IRC/LPD/NNTP/PJL/POP/PROXY/RTSP/SMTP/SOCKS4/SOCKS5/TFTP/WHOIS -c <int> = Execute a health check after every <int> fuzz cases -t <target> = Host to check (default: localhost) -p <port> = Port to connect to (default: module specific standard port) -o <timeout> = seconds to wait after each test (default: 2 seconds) -r <index> = Resumes fuzzing at test case index -k = Keep trying until server passes a health check -d = Dump test case to stdout (use in combination with -r) -M <num> = Exit after executing <num> number of fuzz cases -h = Help (this text) use "./doona.pl -m [module] -h" for module specific option. Only -m is a mandatory switch. ``` ### doona使用范例 使用HTTP工具 (-m HTTP)对(-t 192.168.1.15)进行模糊测试, 每5个目标(-M 5)暂停一次: ``` root@kali:~# doona -m HTTP -t 192.168.1.15 -M 5 Doona 1.0 by Wireghoul (www.justanotherhacker.com) + Buffer overflow testing 1/37 [XAXAX] ...... Max requests (5) completed, index: 5 ```