This Repo contains a small Console App made in C#. I will illustrate the usage of the App in this readme. But if you want to check how I used it to simulate a DDoS in my experiment check this other repo -> Link to Azure AKS DDoS Project
A Docker Image is also published on the DockerHub, it could be used to execute the App in CLI mode. Link to DockerHub
This application is done for educational purpose only. I'm not responsible for any harmful usage of this App.
I developed this App in my free time! it definitly has a lot of room for improvmenets :) Be kind! ;)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The App supports the following actions:
- Scrape a root url for specific depth and generates a .csv file with all the url, their loading time and DNS info (Only in interactive mode, using the menu).
- Bulk download the same file to attempt a bandwith starvation attack. (Both interactive mode and CLI mode. Using the menu or calling the exe with a shell).
- Bulk call an url with or without a proxy using multiple threads like DoS attack. (Both interactive mode and CLI mode. Using the menu or calling the exe with a shell).
This command will scrape a URL starting from a root URL. It will be possible to include/exclude certain keywords and specify the depth for the scan. For each one of the URLs founds - the tool will try to calculate the loading time of the page and get some DNS informations.
This can be helpfull in finding those URLs which they take more time to load for the target website, these URLs could be good candidates for a DoS attack.
I suggest you to try to execute multiple runs for the same website in such a way to get a mean value as results in latency might be affected by several factors. (like caching or network bandwith).
Result:
Sometimes files are available for open download. You could take advantage of this by downloading the same file multiple times and try to saturate the target bandwith. This command is very simple as it just starts multiple threads in parallel and attempts to download the same file multiple times.
This is probably an old fashioned attack as majority of the systems will probably be protected against this.
The files will be downloaded in the .exe directory and named with a progressive number.
INTERACTIVE
SHELL
/path/to/exe/crawler.exe BulkDownload https://url-to-download.com [Number_of_threads]
This is a useful command to perform a DoS attack. This command will create multiple threads which they will send GET request to the target. Each thread will try to make the requests unique as possible by manipulating the following headers/parameters: UserAgent, Referers, QueryParameter, Keep-Alive.
This will make harder for the target system to identify a pattern in the requests.
you can also add a proxy (which it's supported by the command), if you want to change the IP or mask your connection.
Check how I have done that by using AKS, Azure and Squid. here Link to Azure AKS DDoS Project
INTERACTIVE
SHELL
/path/to/exe/crawler.exe BulkCall https://url-to-call.com [Number_of_threads] [Duration]
/path/to/exe/crawler.exe BulkCall https://url-to-call.com [Number_of_threads] [Duration] http://proxy-url.com