ilusm.dev

dos

DoS attack patterns, amplification, slowloris, stress testing.

Load with: use dos

Quick example

use dos

result = dossl("value", 8080, 10, 10)
prn(result)

Functions

Slowloris (slow HTTP headers)

dossl(target_host, target_port, connections, interval_ms)

Performs the operation. Takes target_host, target_port, connections, interval_ms.

dossl(url, connections)

Performs the operation. Takes url, connections.

RUDY (POST body slowly)

dosru(target_url, connections, chunk_size)

Runs. Takes target_url, connections, chunk_size.

HTTP flood

dosht(url, requests, concurrency)

Performs the operation. Takes url, requests, concurrency.

TCP SYN flood

dossy(target_host, target_port, count)

Performs the operation. Takes target_host, target_port, count.

UDP amplification

dosud(target_host, target_port, payload_size, count)

Performs the operation. Takes target_host, target_port, payload_size, count.

DNS amplification

dosdn(resolver, query_name, count)

Performs the operation. Takes resolver, query_name, count.

NTP amplification

dosnt(resolver, count)

Performs the operation. Takes resolver, count.

SSDP amplification

dosss(targets, count)

Performs the operation. Takes targets, count.

Memcached amplification

dosme(servers, count)

Performs the operation. Takes servers, count.

Ping of death

dospi(target)

Performs the operation. Takes target.

Application layer attacks

doslo(url, username, max_attempts)

Performs the operation. Takes url, username, max_attempts.

ReDoS (regex DoS) detection

dosre(pattern, input_len)

Performs the operation. Takes pattern, input_len.

Hash collision DoS

dosha(hasher, bucket_count)

Performs the operation. Takes hasher, bucket_count.

XML bomb (billion laughs)

dosxm()

Performs the operation.

ZIP bomb

doszi(levels)

Performs the operation. Takes levels.

Fork bomb (warning: dangerous)

dosfo()

Formats.

Connection exhaustion

dosco(host, port, timeout_secs)

Connects. Takes host, port, timeout_secs.

Stress test utilities

doslo(url, duration_secs, concurrency)

Performs the operation. Takes url, duration_secs, concurrency.

Notes

  • DoS/stress-testing primitives. Use only on systems you own.