Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/noracodes/rloris

A Rust implementation of slow HTTP DoS techniques
https://github.com/noracodes/rloris

denial-of-service hacking http security slowloris

Last synced: 23 days ago
JSON representation

A Rust implementation of slow HTTP DoS techniques

Host: GitHub
URL: https://github.com/noracodes/rloris
Owner: NoraCodes
Created: 2017-02-20T04:22:33.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2019-10-17T11:51:49.000Z (about 5 years ago)
Last Synced: 2024-10-04T12:25:59.467Z (about 1 month ago)
Topics: denial-of-service, hacking, http, security, slowloris
Language: Rust
Size: 23.4 KB
Stars: 32
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# rloris

`rloris` is an implementation of RSnake's SlowLoris attack in Rust, with other attacks on the way.

You can either build `rloris` yourself with `cargo` or download a working binary for Linux x64 from the [releases directory](https://github.com/SilverWingedSeraph/rloris/releases). As of `0.6.0`, `rloris` no longer requires native SSL libraries and uses `rustls` to perform all TLS connection in pure Rust.

## Attacks

* SlowLoris GET, based on [RSnake's original attack](https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/), simply opens a lot of connections
asking to GET resources and then takes its time sending the other headers and the final double `\r\n`.
* SlowLoris POST, similar to the above but using POST requests. Activate with `rloris post --post`.

## Functionality

Optional functionality is available by giving flags to the `rloris` binary. Currently, `rloris` supports SSL (`-ssl`),
setting custom timeouts for SlowLoris (`--timeout=`) and SlowLoris cycle counts (`--cycle=`),
multithreading (`--thread=`), and infinite repetition (`--repeat`).

WARNING: using `--repeat` can create a real honest to goodness DoS condition on the target!

## Advice

The more threads you can get away with, the higher the impact on the target. To see what your server can handle,
keep raising the number of threads until you get "Connection reset by peer" errors; at that point, your server is dropping connections due to over-load.
Note that a DoS condition probably will arise before this happens.

`rloris` uses `env_logger` to log messages to the console; set the environment variable `RUST_LOG` to `info` for additional data about your attacks, or `debug` if you're
hacking on the code.

### Examples

* Perform an attack against localhost, port 8000, using the POST verb: `rloris post localhost --port=8000`
* Perform an SSL attack against example.com, port 443: `rloris get example.com --ssl`
* Perform an SSL attack against 127.0.0.1, with domain name example.com: `rloris get 127.0.0.1 --ssl --domain=example.com --repeat`