Skip to content

ProjectMayhem/PySlowLoris

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
.github
.github
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pylintrc
pylintrc
 
 

Repository files navigation

PySlowLoris

Python Implementation of a SlowLoris DoS Tool

The Slow Loris Attack

The SlowLoris attack takes advantage of the way some versions of Apache and other smaller webservers were written. These servers have a connection pool with a maximum amount of connections that can be held simultaneously. In addition, many of these servers have either very long or nonexistent timeouts for web requests. SlowLoris fills up this connection pool with fake requests and appends useless data to these requests, while never terminating them. This prevents the server from accepting any new legitimate requests from actual users.

The advantages of this style of attack are that it requires virtually no computing effort to be effective. These servers can only handle 100-200 connections at one time, and requests only need to be appended to about once every 10 seconds. This means that this attack can be routed through Tor for anonymity, as well as launched from a cell phone.

The disadvantages of this attack are primarily that it only works on Apache 1x, 2x, dhpptd, and some other minor servers. Servers like nginx are not vulnerable to this form of attack.

Usage

Mode Syntax
Single target main.py HOST[:PORT] [--ssl]
Multiple targets main.py -f <FILE>
File format (one per line) HOST[:PORT]

The default port is 80. Port 443 automatically enables SSL.
Force SSL by using the --ssl command-line switch.

Examples:

$ main.py foo.bar           # Port 80,  SSL disabled
$ main.py foo.bar:80        # Port 80,  SSL disabled
$ main.py foo.bar:81 --ssl  # Port 81,  SSL enabled
$ main.py foo.bar:443       # Port 443, SSL enabled

Running

For Linux/macOS/WSL users:

  1. $ git clone https://github.com/ProjectMayhem/PySlowLoris.git
  2. $ cd PySlowLoris
  3. $ python src/main.py HOST[:PORT]

For Windows users:

  1. Open an instance of the command-line processor (cmd.exe)
  2. > git clone https://github.com/ProjectMayhem/PySlowLoris.git
  3. > cd PySlowLoris
  4. > python src\main.py HOST[:PORT]

Extra

Installing Git and Python on Windows:

  1. Download and install Git for Windows
  2. Download and install Python 2 or Python 3
  3. Restart or log out and in again to apply PATH changes

About

Python implementation of the SlowLoris DoS attack.

Topics

attack poc slowloris

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

22 stars

Watchers

5 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages