Vulnerability Analysisfuzzerbuffer-overflowformat-stringnetworkdaemon

Doona

Doona is a network fuzzer forked from the Bruteforce Exploit Detector Tool (BED), designed to check daemons for potential buffer overflows, format string bugs, and similar vulnerabilities. It supports fuzzing multiple network protocols using various modules.

Description

Doona is a fork of BED, a program which detects potential buffer overflows, format string bugs, and other vulnerabilities in network daemons. It operates by sending malformed or oversized inputs to targeted services across supported protocols, monitoring for crashes or anomalous behavior that indicates exploitable conditions.

Use cases include vulnerability assessment of network services like HTTP, FTP, SMTP, and others listed in its modules. Security researchers and penetration testers can use it to identify weaknesses in daemons running on localhost or remote hosts, helping prioritize further exploitation or patching efforts.

The tool is lightweight, with an installed size of 128 KB, and requires only Perl as a dependency. It provides options for health checks, timeouts, resuming sessions, and module-specific configurations to fine-tune fuzzing campaigns.

How It Works

Doona uses protocol-specific modules (e.g., HTTP, FTP, SMTP) to send fuzzing payloads such as buffer overflow patterns (e.g., XAXAX) to the target host and port. It progresses through test cases sequentially, with options to perform health checks after specified intervals, timeouts between tests, and resuming from a given index. Modules connect to standard or custom ports, sending crafted inputs to provoke crashes or errors indicative of vulnerabilities like buffer overflows or format string issues. Output includes progress indicators and completion status.

Installation

bash

sudo apt install doona

Flags

-m <module>Specify the module to use, e.g., DICT/FINGER/FTP/HTTP/HTTP_MORE/HTTP_SP/HTTP_WEBDAV/IMAP/IRC/LPD/NNTP/PJL/POP/PROXY/RTSP/SMTP/SOCKS4/SOCKS5/TFTP/WHOIS. Mandatory switch.

-c <int>Execute a health check after every <int> fuzz cases

-t <target>Host to check (default: localhost)

-p <port>Port to connect to (default: module specific standard port)

-o <timeout>seconds to wait after each test (default: 2 seconds)

-r <index>Resumes fuzzing at test case index

-kKeep trying until server passes a health check

-dDump test case to stdout (use in combination with -r)

-M <int>Stop after specified number of cases (inferred from usage example)

-hShow usage help; use with -m [module] for module-specific options

Examples

Use the HTTP plugin to fuzz the target 192.168.1.15, stopping after 5 cases.

doona -m HTTP -t 192.168.1.15 -M 5

Display general usage help for doona.

doona -h

Show module-specific options for the HTTP module.

doona.pl -m HTTP -h

Fuzz the FTP service on localhost using default port.

doona -m FTP -t localhost

Fuzz SMTP on example.com port 25, with health check every 10 cases.

doona -m SMTP -t example.com -p 25 -c 10

Resume HTTP fuzzing at test case index 20 and keep trying until health check passes.

doona -m HTTP -t 192.168.1.15 -r 20 -k

Dump test case 5 to stdout for the HTTP module on target.

doona -m HTTP -t target -d -r 5

Updated 2026-04-16kali.org ↗