{"id":13826998,"url":"https://github.com/avantasia/inventedattack","last_synced_at":"2025-07-09T02:33:07.482Z","repository":{"id":73568062,"uuid":"174727291","full_name":"avantasia/inventedAttack","owner":"avantasia","description":"A POC attack combining IP SPoofing, SYN Flood and IP Fragmentation","archived":false,"fork":false,"pushed_at":"2019-03-12T10:03:02.000Z","size":17,"stargazers_count":8,"open_issues_count":1,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-10-26T11:33:23.965Z","etag":null,"topics":["poc","security","wip"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avantasia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-03-09T17:49:58.000Z","updated_at":"2021-07-06T03:47:28.000Z","dependencies_parsed_at":null,"dependency_job_id":"f4523afb-85f6-46be-9eb8-433b8417db51","html_url":"https://github.com/avantasia/inventedAttack","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avantasia%2FinventedAttack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avantasia%2FinventedAttack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avantasia%2FinventedAttack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avantasia%2FinventedAttack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avantasia","download_url":"https://codeload.github.com/avantasia/inventedAttack/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225481138,"owners_count":17481159,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["poc","security","wip"],"created_at":"2024-08-04T09:01:48.186Z","updated_at":"2024-11-20T06:30:41.927Z","avatar_url":"https://github.com/avantasia.png","language":"Python","funding_links":[],"categories":["\u003ca id=\"295e14c39bf33cd5136be8ced9383746\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"f855508acfc870b1f0d90ff316f1dd75\"\u003e\u003c/a\u003e伪造\u0026\u0026Spoof"],"readme":"###\n# inventedAttack.py - A POC attack combining IP SPoofing, SYN Flood and IP Fragmentation\n##\nI only made this to feed my own curiosity (and for a classroom homework too tbh) since it's not very effective nowadays, but feel free to use it!\nPython 3 required (if you want to use python2 change the print near the end of the script)\n\nTo use it run\n```\npip install -r requirements.txt \n```\nto install the required dependencies\n```\nUsage: inventedAttack.py [OPTIONS]\n\nOptions:\n  -i, --ip TEXT          IP address of the target machine\n  -p, --port INTEGER     Port of the service to attack with SYN Flood\n  -t, --threads INTEGER  Number of concurrent threads\n  -s, --size INTEGER     Fragment size\n  --help                 Show this message and exit.\n\n```\n\nIf you don't pass any of the parameters, the script will ask for them with an interactive prompt\n\nI actually tried it on some machines and it had 0 impact, probably because\nthe base of the attack (SYN Flood) was effective when resources were scarcer \nand the was no SYN Flood protection builtin in the kernel.\nIf you want to play around the idea anyways take a look at\n\n```\n/proc/sys/net/ipv4/tcp_syncookies\n\n/proc/sys/net/ipv4/tcp_max_syn_backlog\n\n/proc/sys/net/ipv4/tcp_synack_retries\n```\n\nIf you want to monitor the half-open connections on the server you can try\n```\nnetstat -tuna | grep :443 | grep SYN_RECV\n```\n\nChange 443 for whatever port you are using, also you can pipe again | wc -l to count the number of connections made, in my tests they stay in the range of 50-100.\n\nThe fragmentation part makes no difference either.\n\nAbout the source IP spoofing I found it was the most effective part since \nthe web server was making DNS PTR requests for each random source IP, so it\nkind flooded the DNS with them. \n\nLessons learned : turn off reverse DNS resolution in your services. \n\nThings I might improve:\n- [x] ~~Write this in Python 3 (I actually don't know why I was sing python 2, the only incompatible function was a print!)~~\n- [x] ~~Use Python 3 async, see how performance improves~~ Asyncio makes no difference at all, but I'm leaving anyways a branch here https://github.com/avantasia/inventedAttack/tree/async for testing purposes (and to remind me the next time)\n- [x] ~~More configurable parameters (fragment size, threads)~~\n- [ ] Tests with WAF/IDS and fragmentation on target machine\n- [ ] Performance graphs on target machine\n- [ ] Maybe dockerize both this and target machine\n\n\nDavid Carracedo Martinez - dcarracedom@uoc.edu 2019\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favantasia%2Finventedattack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favantasia%2Finventedattack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favantasia%2Finventedattack/lists"}