This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label DoS. Show all posts
Showing posts with label DoS. Show all posts

WarChild - Denial of Service Testing Suite

May 10, 2017  , , , , , , , , , , , , ,  


Warchild is a denial of service testing suite made for analysing the strength of your website against different kinds of denial of service attacks you will be facing which are mainly organised by crooks to cause damage to your website.


Installation
For Installing the required modules just run the following command in your terminal :) 

                 pip install -r requirements.txt

Use
python warchild.py

Overview
This Denial Of Service suite comprises of the following features :
  1. CloudBust :- Cloudbust a.k.a AETHON is a cloudflare resolver that looks into the cloudflare protected website for misconfigured DNS configuration basically uses dnsdumpster.com as its resolver :)and identifies the backend IP of the website. We will add more updates in upcoming time.

  2. HTTP Flood :- HTTP Flood is a type of Denial of Service attack in which the attacker manipulates HTTP and POST unwanted requests in order to attack a web server or application. In an HTTP flood, the HTTP clients such as web browser interact with an application
    or server to send HTTP requests. The aim of the attack is when to compel the server to allocate as many resources as possible to serving the attack thus denying legitimate users access to the server's resources. ALISA is a http d.o.s tool written in such a way to suck all of the website's resources and is a layer 7 D.O.S tool.


  3. TCP SYN Flood :- A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in
    an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

  4. UDP Flood :- A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.

Author
Souhardya Sardar is an independent security analyst and programmer who loves to break things in order to secure them. Github :- github.com/Souhardya


Read More

LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application

December 13, 2014  , , , , , , ,  


Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.

LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets. The software inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.


Read More

Zarp - Local Network Attack Framework

October 27, 2014  , , , , , , , ,  


Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.

Tool Overview 
Broad categories are (see wiki for more information on these):
  • Poisoners
  • Denial of Service
  • Sniffers
  • Scanners
  • Services
  • Parameter
  • Attacks

List of modules accessible from the command line:
bryan@debdev:~/tools/zarp$ sudo ./zarp.py --help
[!] Loaded 34 modules.
     ____   __   ____  ____
    (__  ) / _\ (  _ \(  _ '
     / _/ /    \ )   / ) __/
    (____)\_/\_/(__\_)(__)  [Version: 0.1.5]

usage: zarp.py [-h] [-q FILTER] [--update] [--wap] [--ftp] [--http] [--smb]
               [--ssh] [--telnet] [-w] [-s] [--service-scan]

optional arguments:
  -h, --help      show this help message and exit
  -q FILTER       Generic network sniff
  --update        Update Zarp

Services:
  --wap           Wireless access point
  --ftp           FTP server
  --http          HTTP Server
  --smb           SMB Service
  --ssh           SSH Server
  --telnet        Telnet server

Scanners:
  -w              Wireless AP Scan
  -s              Network scanner
  --service-scan  Service scanner
bryan@debdev:~/tools/zarp$

Read More

HULK - Web Server DoS Tool

April 13, 2014  , , , , , , ,  


HULK is a web server denial of service tool (DDoS Tool) written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

The Hulk Web server is a brainchild of Barry Shteiman. This DDoS attack tool distinguishes itself from many of the other tools out in the wild. According to its creator, the Hulk Web server was born of his conclusion that most available DDoS attack tools produced predictable repeated patterns that could easily be mitigated. The principle behind the Hulk Web server is that a unique pattern is generated at each and every request, with the intention of increasing the load on the servers as well as evading any intrusion detection and prevention systems.

Some Techniques

  • Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
  • Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
  • Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
  • no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
  • Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.

Read More

[GoldenEye v2.1] DoS Tool

March 07, 2014  , , , , , , ,  


GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Changelog v2.1

  • 2014-02-20 Added randomly created user agents (still RFC compliant).
  • 2014-02-19 Removed silly referers and user agents. Improved randomness of referers. Added external user-agent list support.
Usage
USAGE: ./goldeneye.py <url> [OPTIONS]

OPTIONS:
 Flag Description Default
 -u, --useragents File with user-agents to use (default: randomly generated)
 -w, --workers Number of concurrent workers (default: 50)
 -s, --sockets Number of concurrent sockets (default: 30)
 -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get)
 -d, --debug Enable Debug Mode [more verbose output] (default: False)
 -h, --help Shows this help

Read More

[GoldenEye v2.0] DoS Tool

January 23, 2014  , , , , , , ,  



GoldenEye is a HTTP/S Layer 7 Denial-of-Service Testing Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets on the HTTP/S server.

Usage
USAGE: ./goldeneye.py <url> [OPTIONS]

 OPTIONS:
     Flag           Description                     Default
     -t, --threads      Number of concurrent threads                (default: 500)
     -m, --method       HTTP Method to use 'get' or 'post'  or 'random'         (default: get)
     -d, --debug        Enable Debug Mode [more verbose output]         (default: False)
     -h, --help     Shows this help

Changelog v2.0

  • 2013-03-26 Changed from threading to multiprocessing. Threading is bad because its subject to GIL.
  • 2012-12-09 Initial release

Read More

[(D)DoS Deflate] Script designed to block a denial of service attack

September 08, 2013  , , ,  


(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest and easiest to install solutions at the software level.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

IP addresses with over a pre-configured number of connections are automatically blocked in the server's firewall, which can be direct iptables or Advanced Policy Firewall (APF). (We highly recommend that you use APF on your server in general, but deflate will work without it.)


Notable Features

  • It is possible to whitelist IP addresses, via /usr/local/ddos/ignore.ip.list.
  • Simple configuration file: /usr/local/ddos/ddos.conf
  • IP addresses are automatically unblocked after a preconfigured time limit (default: 600 seconds)
  • The script can run at a chosen frequency via the configuration file (default: 1 minute)
  • You can receive email alerts when IP addresses are blocked.


Read More

[Zarp v0.1.2] The Python Network Attack Tool

July 03, 2013  , , , ,  

Zarp is a network attack tool centered around the exploitation of local networks. This does not include system exploitation, but rather abusing networking protocols and stacks to take over, infiltrate, and knock out. Sessions can be managed to quickly poison and sniff multiple systems at once, dumping sensitive information automatically or to the attacker directly. Various sniffers are included to automatically parse usernames and passwords from various protocols, as well as view HTTP traffic and more. DoS attacks are included to knock out various systems and applications. These tools open up the possibility for very complex attack scenarios on live networks quickly, cleanly, and quietly.

The long-term goal of zarp is to become the master command center of a network; to provide a modular, well-defined framework that provides a powerful overview and in-depth analysis of an entire network. This will come to light with the future inclusion of a web application front-end, which acts as the television screen, whereas the CLI interface will be the remote. This will provide network topology reports, host relationships, and more. zarp aims to be your window into the potential exploitability of a network and its hosts, not an exploitation platform itself; it is the manipulation of relationships and trust felt within local intranets. Look for zeb, the web-app frontend to zarp, sometime in the future.

Tool Overview


Poisoners

These tools work as expected; poisoning hosts for performing MitM, session hijacking, etc. Currently included are ARP, DNS, DHCP, NBNS, ICMP redirect, and LLMNR.
  • DHCP
There are a couple of ways to do DHCP poisoning; zarp implements DHCP poisoning by deploying a ‘rogue’ DHCP server that listens for DHCP-ACK or DHCP-DISCOVER packets. If a DHCP-DISCOVER is detected, an IP address is reserved and assigned to the host and an ARP poisoning session is automatically deployed. If a DHCP-ACK is detected, we attempt to give them the address they’re requesting. This occurs in cases where a returning device would like its IP address back. If we cannot give them the address, we generate a new one and hand it out.
  • DNS
DNS poisoning is performed by matching DNS requests and responding with a malicious packet. zarp (v.10) requires that an ARP poison be active, but this may change. DNS RR poisoning is currently in development.


Denial of Service

Modules used for denial of servicing hosts. Various attacks currently exist for different systems, including Teardrop, IPv6 NDP RA, Nestea, LAND, TCP SYN, and SMB2.


Sniffers

These post-poisoning modules are useful for intercepting interesting traffic. Currently included are HTTP, Password, Traffic, and Database sniffers.


Scanners

Scan networks for victims. Included are Network Scanner, Service Scanner, Access Point Scanner, and Passive Scanner.


Services

Pretend you’re useful; harvest credentials from automatic login tools or unaware users. Spoofed services have been custom written to act as honeypots; none of these services can actually be used to do useful things as intended. Currently included are HTTP, SSH, FTP, SMB, WiFi AP, and telnet.

Read More

[OWASP HTTP Post Tool] DoS Apache Webserver Attack

January 08, 2013  , , , , , , ,  


This Tutorials shows, how you can easily take out an Apache Webserver with one HTTP POST Tool using a std. slow DSL Connection.

This is NO Slowloris Attack!
Limitations of HTTP GET DDOS attack:

- Does not work on IIS web servers or web
servers with timeout limits for HTTP headers.

- Easily defensible using popular load balancers,
such as F5 and Cisco, reverse proxies and
certain Apache modules, such as mod_antiloris.

- Anti-DDOS systems may use "delayed
binding"/"TCP Splicing" to defend against HTTP
GET attacks.

Why HTTP POST DDOS attack works

- This attack can evade Layer 4 detection
techniques as there is no malformed TCP, just
like Slowloris.

- Unlike Slowloris, there is no delay in sending
HTTP Header, hence nullifying IIS built-in
defense, making IIS vulnerable too.

- Size, character sets and time intervals can be
randomised to foil any recognition of Layer 7
traffic patterns by DDOS protection systems.

- Difficult to differentiate from legit connections
which are slow

Download OWASP HTTP Post Tool

Read More
Subscribe to: Posts (Atom)