README for the webserver bomber audit tool by Stef Caunter
Please note that I wrote this for educational purposes to test my own systems.
I am NOT RESPONSIBLE for any use, misuse, abuse or misconfiguration of this
software. Enjoy in moderation.

bomber is just a perl script. If you want to change it go ahead.
It is designed to fire large and/or weird requests repeatedly at http
servers running cgi asp or whatever programs. It is possible to quickly
build a request from the linux command line, bomb the server, and read
the results from the output file to confirm server configuration problems
or successes. Input validation, method limitations, request size limitations,
error pages and operating system and server configuration fingerprinting 
are all possible audit targets.

The foundation of this program is the hash array of all ASCII characters and
their hexadecimal equivalents. Any character input as something to be sent
to a webserver is processed through this hash and turned into a %sign and 
hex code -- browser encoding. This is done by writing and reading temp files.
I know that this is probably a horrible way to do this, but I couldn't come
up with another way of guaranteeing that everything and anything 
would get encoded.

At this point, if you want to encode a prepared file to send as form data, 
you have to prepare files for all of the name/value pairs. It would be
nice to be able to input mostly at the command line and then be able
to choose to send one or two prepared files full o' weirdness. I'd like to 
change that in the future. You can switch between the non-printing and 
printable ascii set, although you can't combine them (yet).

The repeat request number can be anything in case you would like to 
simulate a denial of service attack, especially with several simultaneous
instances running.
