# KING SABRI | @KINGSABRI
# Simple FTP COMMNDS Fuzzer
puts "#{__FILE__} <host> [port]"
s = TCPSocket.open(@host, @port)
puts "Crash detected after #{payload.size} bytes"
def insertion(point="", buffer=0)
core: "A" * buffer, # Comment this line is it hangs the fuzzer
user: "USER " + "B" * buffer + "\r\n",
pass: "PASS " + "C" * buffer + "\r\n",
accl: "ACCL " + "D" * buffer + "\r\n",
appe: "APPE " + "E" * buffer + "\r\n",
cmd: "CWD " + "F" * buffer + "\r\n",
dele: "DELE " + "G" * buffer + "\r\n",
list: "LIST " + "H" * buffer + "\r\n",
ls: "LS " + "I" * buffer + "\r\n",
mkd: "MKD " + "J" * buffer + "\r\n",
nlst: "NLST " + "K" * buffer + "\r\n",
noop: "NOOP " + "L" * buffer + "\r\n",
retr: "RETR " + "M" * buffer + "\r\n",
rest: "RSET " + "N" * buffer + "\r\n",
stat: "STAT " + "O" * buffer + "\r\n",
stor: "STOR " + "P" * buffer + "\r\n",
top: "TOP " + "Q" * buffer + "\r\n",
uidl: "UIDL " + "R" * buffer + "\r\n"
return points[point] unless point.empty?
puts "[+] Fuzzing #{@host} on port #{@port}..."
insertion.keys.each do |point|
(1..500).each do |buffer|
puts "[+] Fuzzing #{point.to_s}: #{insertion(point, buffer).size} bytes"
fuzz insertion(point, buffer)