| Network Protocol Fuzzing |
 |
|
N/A |
| DLL / API Fuzzing |
 |
|
N/A |
| ActiveX Fuzzing |
|
|
N/A |
| Client side Network fuzzing |
|
|
N/A |
| File fuzzing |
Partial |
|
N/A |
| 80-20 approach to finding vulnerability: 4 levels of testing on the protocols (known vulnerabilities, simple implementation, full RFC (+extension) implementation, and quirks (Special cases in special products). |
Partial |
|
|
| Development Language independent |
|
|
|
| Does not require source code |
|
|
|
| Linux/Unix and Windows support |
Only Windows |
|
|
Supports predefined protocols
Low-level Network:
- ARP
- ICMP (v4 and v6)
- IEEE 802.1Q (VLAN)
- IP (v4 and v6)
- IGMP (v0, v1, v2 and v3)
- RGMP
- LLDP
Network Clients:
- BVLC (BACnet transport)
- DHCP
- DNP3 (SCADA)
- FTP
- HTTP/1.0
- HTTP/1.1
- HTTPS
- LDAP
- LLC
- Modbus (SCADA)
- POP3
- RSH
- SIP
- SNMP
- SMTP
- STUN
- SYSLOG
- SSH
- TFTP
- Teredo
- Telnet
Network Servers:
Files:
- ANI
- BMP
- GIF
- ICO
- JASC PAL
- PAL
- PCM
- TGA
- UPX
|
|
|
N/A |
| Integrated tests for known vulnerabilities with full information from CVE |
|
|
|
| Reproducible tests |
|
|
|
| Easily export test case to Perl scripts and generate binary data of tests |
|
|
|
| Supports binary protocols |
|
|
|
| Session based protocols |
|
|
|
| Standard encryption support |
|
|
|
| Intelligent module structure (Supporting length/offset dependencies, element counters, duplications, encoders etc.) |
|
|
|
| High throughput and speed. Supports specifying the optimal connection to a specific server. |
|
|
|
| Easily adaptable to a new testing environment |
|
|
|
| Hands free testing (ability to automatically stop and restart the test according to monitored results). |
|
|
|
| Batch mode support (auto-resume testing upon crash) |
|
|
|
| Custom Module support - build your own proprietary modules for in-house protocols, extensions, file formats and API definitions |
|
|
|
| Tailored attack types (sql injection, cross site scripting, format string, add your own) |
|
|
|
| Add External DLL calls to your modules (special encryption, file/net operation, custom libraries) |
|
|
|
| Custom vulnerability detection support |
|
|
|
| Buffer overflow attacks |
|
|
|
| Integer overflows / underflows attacks |
|
|
N/A |
| Format string attacks |
|
|
N/A |
| Null byte attacks |
|
|
N/A |
| Buffer poisoning attacks |
|
|
|
| Off-by-one attacks |
|
|
N/A |
| Malformed encoding attacks |
|
|
|
| Extended functionality to modules through standard win32 api, openssl, Unix |
|
|
|
| Bookmarks - allows to go back in time to previous tests and regenerate scenarios |
|
|
|
| Advanced optimization - allowing faster results by focusing tests on prime subset of tests |
|
|
|
| Supports IPv6, IPv4 |
IPv4 only |
|
|
| Auto Learn - Wizard to build new modules (of any type) |
|
|
|
| "Packet capture to beSTORM module" converter (to easily create a beSTORM custom module) |
|
|
|
| Graphical representation of module and attack vectors |
|
|
|
| Automatically control speed testing settings from monitor |
|
|
|
| Change test cases/order depending on result |
|
|
|
| Monitoring tool to examine tested application |
|
|
|
| Ability to implement your own monitor and integrate with beSTORM Client |
|
|
|
| gdb integration |
|
|
|
| Ollydbg integration |
|
|
|
beSTORM Monitor |
| Linux/Unix and Windows support |
|
|
|
| Both console and Windows GUI versions |
|
|
|
| Auto-starts tested application in case of crash |
|
|
|
| Catches exceptions |
|
|
|
| Catches buffer overflows |
|
|
|
| Catches buffer overruns |
|
|
|
| Reports on cpu/memory usage |
|
|
|
| Parses log files |
|
|
|
beSTORM
