Awesome
DoS over TOR
Proof of concept denial of service over TOR stress test tool. Is multi-threaded and supports multiple attack vectors.
Usage
$ ./main.py <mode> <target URL> [--options]
There are three modes:
singleshot
- Naively hit a single URLfullauto
- Scrape the site for links and hits as many as possibleslowloris
- Slow Loris low bandwidth DoS
Options:
--tor-address
- TOR proxy IP to connect via (default = 127.0.0.1)--tor-proxy-port
- TOR proxy port to connect via (default = 9050)--tor-ctrl-port
- TOR control port to connect to for requesting new idents etc. (default = 9051)--num-soldiers
- The number of soldier threads to spawn (default = 10)--http-method
- The HTTP method to use for requests, e.g. GET, HEAD, POST, etc. (default = GET)--cache-buster
- Add a cache busting query string to all requests (default = False)--num-sockets
- Number of sockets to open per thread for Slow Loris attacks (default = 100)
Example
Running a slow loris attack:
$ ./main.py slowloris http://target_url --num-soldiers=25 --cache-buster --num-sockets=200
Running a full auto attack:
$ ./main.py fullauto http://target_url --num-soldiers=50 --http-method=POST --cache-buster
TODO
- Travis CI set up
- Monitor to work out bytes sent / received
- Application specific attacks - e.g. https://www.exploit-db.com/exploits/43968/