{"id":22892396,"url":"https://github.com/b4fun/turtle","last_synced_at":"2025-03-31T22:10:33.486Z","repository":{"id":186924282,"uuid":"675961227","full_name":"b4fun/turtle","owner":"b4fun","description":"šŸ¢ Turtle is a toolkit for simulating and validating application layer denial-of-service attacks in both live and unit testing environments.","archived":false,"fork":false,"pushed_at":"2023-10-16T21:19:02.000Z","size":3754,"stargazers_count":2,"open_issues_count":3,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-05T14:03:20.166Z","etag":null,"topics":["golang-http-attack","security","slowloris","slowloris-attack"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/b4fun.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-08-08T05:57:40.000Z","updated_at":"2024-02-01T01:08:27.000Z","dependencies_parsed_at":"2023-08-08T09:16:35.248Z","dependency_job_id":null,"html_url":"https://github.com/b4fun/turtle","commit_stats":null,"previous_names":["b4fun/turtle"],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b4fun%2Fturtle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b4fun%2Fturtle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b4fun%2Fturtle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/b4fun%2Fturtle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/b4fun","download_url":"https://codeload.github.com/b4fun/turtle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246547366,"owners_count":20794970,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang-http-attack","security","slowloris","slowloris-attack"],"created_at":"2024-12-13T22:59:49.879Z","updated_at":"2025-03-31T22:10:33.467Z","avatar_url":"https://github.com/b4fun.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch3 align=\"center\"\u003e\n \u003ca href=\"https://github.com/b4fun/turtle\"\u003e\n \u003cimg src=\"docs/assets/turtle-logo.png\" width=\"220px\" style=\"inline-block\" /\u003e\n \u003c/a\u003e\n\u003c/h3\u003e\n\nšŸ¢ Turtle is a toolkit for simulating and validating application layer denial-of-service attacks in both live and unit testing environments.\n\n\u003cp align=\"center\"\u003e\n \u003ca href=\"https://github.com/b4fun/turtle/releases\"\u003e\u003cimg src=\"https://img.shields.io/github/release/b4fun/turtle.svg\" alt=\"Github release\"\u003e\u003c/a\u003e\n \u003ca href=\"https://pkg.go.dev/github.com/b4fun/turtle\"\u003e\u003cimg src=\"https://pkg.go.dev/badge/github.com/b4fun/turtle.svg\" alt=\"GoDoc\" /\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## šŸšØ Disclaimer\n\n\u003e **Important**: The use of this program for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to comply with all applicable local, state, and federal laws. The developers assume no liability and are not responsible for any misuse or damage caused by this program.\n\n## šŸŽÆ Why Use Turtle?\n\nExposing an application to the public internet is fraught with risks due to various types of denial-of-service attacks, such as:\n\n- [slowloris][cf_slowloris]\n- [low and slow attack][cf_low_and_slow]\n- [R.U.D.Y][cf_rudy]\n- ... and many more\n\nWhile some applications may have well-configured settings that render them invulnerable to these attacks, others, such as those built with popular languages like Golang, might be [vulnerable by default][gonuts_slowloris].\nTurtle provides an easy way to validate your application against these common threats to identify risks.\n\nFurthermore, an application that is secure today may become vulnerable due to future changes.\nTherefore, integrating these attack simulations into your regular validation process is crucial.\n\n## šŸ›  Features\n\nTurtle provides:\n\n- A Command-Line Interface (CLI) for validating real endpoints\n- A Golang library for easy integration into unit/integration tests\n\n### Supported Scenarios\n\nTurtle current supports the following scenarios:\n\n- [slowloris][cf_slowloris]\n- [slow body read][cf_low_and_slow]\n\n## šŸš€ Getting Started\n\n### Turtle CLI\n\nYou can install the CLI tool via:\n\n```bash\ngo install github.com/b4fun/turtle/cmd/turtle@latest\n```\n\nOr download a release binary from the [GitHub Release page][gh_release].\n\n### Using Turtle CLI\n\nThe turtle CLI embeds supported scenarios as sub-commands. A common way to invoke a scenario test:\n\n```\n$ turtle \u003cscenario-name\u003e \u003ctarget-url\u003e\n```\n\n![](/docs/demo/demo.gif)\n\nFurther details can be obtained by viewing the command's help message:\n\n\n```\n$ turtle -h\n# Scenario specified help\n$ turtle slowloris -h\n```\n\nTo learn more, please checkout one of the following guides:\n\n- [Is my server Slowloris-proofed?](/docs/usage/cli-slowloris.md)\n\n### Turtle Golang Library\n\nFor the Golang library, documentation can be found on [GoDoc][godoc].\n\n## šŸ“œ LICENSE\n\nTurtle is distributed under the [MIT license](/LICENSE)\n\n[cf_slowloris]: https://www.cloudflare.com/learning/ddos/ddos-attack-tools/slowloris/\n[cf_low_and_slow]: https://www.cloudflare.com/learning/ddos/ddos-low-and-slow-attack/\n[cf_rudy]: https://www.cloudflare.com/learning/ddos/ddos-attack-tools/r-u-dead-yet-rudy/\n[gonuts_slowloris]: https://groups.google.com/g/golang-nuts/c/MFZd6b8zQTQ\n[gh_release]: https://github.com/b4fun/turtle/releases\n[godoc]: http://godoc.org/github.com/b4fun/turtle","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb4fun%2Fturtle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fb4fun%2Fturtle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fb4fun%2Fturtle/lists"}