BED

BED is a program which is designed to check daemons for potential buffer overflows, format strings et. al. It fuzzes network protocols by sending malformed inputs to target hosts and ports, monitoring for crashes or abnormal responses that indicate vulnerabilities.

Use cases include testing servers for security weaknesses in services like FTP, SMTP, POP, HTTP, IRC, IMAP, PJL, LPD, FINGER, SOCKS4, and SOCKS5. It is particularly useful for identifying buffer overflow conditions in network daemons during security assessments.

The tool operates from Kali Linux, requiring Perl as a dependency, and is lightweight with an installed size of 73 KB.

BED uses plugins for specific protocols (e.g., HTTP, FTP) to generate fuzzing payloads like buffer overflows (e.g., 'XAXAX' patterns) and sends them to the target host and port. It waits for a configurable timeout after each test to observe responses, testing for daemon crashes or overflows. Plugins define additional parameters, and help for each is available via 'bed -s <plugin>'.