We have been waiting a long time for Motoma to release this version! Finally, he has released PyLoris version 3.0!
“PyLoris is a tool for testing a web server’s vulnerability to Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections web servers cannot complete valid requests. Supports SOCKS, SSL, and all HTTP request methods.”
There are major changes in this version! This is a very brief change log:
- Tkinter GUI
- Scripting API
- Inteligent Thread & Exception Handling
- Supports options to be pulled from files
- Multiple concurrent attack support
- ScriptLoris class for easy extension and prepackaged attack creation
- libloris module providing attack API
- Highly configurable HTTP connection consuming DoS
- HTTPS support
- GET, POST, HEAD and other headers supported
- SOCKS4 and SOCKS5 proxies supported
- Written in Python
- Cross Platform; supported on Windows, Linux, and Mac OS X
- Forging Referer header for severs inaccessible directly
- Gzip encoding to test for CEV-2009-1891 vulnerability
- Many more bug fixes!
Download this beauty, PyLoris version 3.0 here!
Tagged as: HTTP DoS, PyLoris, Slowloris, stress testing tool
Jacknsee is an educational network security tool. Its purpose is to teach students in computer science how basic hijacking techniques are used to corrupt a network. A few examples are given: man in the middle, DoS, stack buffer overflow attack.
setting up a test lab is just so easy with jacknsee. Just install it in sorce machine and have some application running on destination machine and you can place a firewall , IDS ,IPS or contentfiltering applications in between and we are ready to explore.
Tools implement to preform network protocol attacks included in jacknsee :
- a raw packet generator
- an arp request/reply generator
- a programm to implement DNS spoofing
- much more
Most of graphical user interface has also been developed. A first scenario is functional : Man in the middle using arp cache poisoning.
Well we havent got time to test this tool but will surely test it and share it rite here ….
Download jacknsee Here
Searches leading to this post:
tools to teach network security
Tagged as: application security tool, ddos tool, jacknsee, stress testing tool
You must be aware of our “List of Web Application Stress Testers“. On the same lines, we have a server stress tester – legitStress!
In our set up environment, we were able to load multiple copies of legitStress. We did have to make some tweaks inorder for it to run to our likings. It offers commonly known attacks – TCP flood & UDP flood. The author also plans to include, RSnakes now infamous – Slowloris and SYN flood.
legitStress is a simple PERL+PHP script with a webpanel and it has a simple set up too. All you need to modify is the config.inc.php, create the MySql Data and configure the server URL in the PERL script and you are ready to stress test a server. Yes, we know that it looks like a script-kiddish tool, but probably, with time, it can get there!
Download the current version here.
Tagged as: legitStress, Open Source, Slowloris, stress test, stress testing tool
