HULK - Web Server DoS (Denial of Service) Tool
HULK (Http Unbearable Load King) is a web server Denial of Service attack tool developed by security researcher Barry Shteiman for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a web server, bypassing caching engines and therefore hitting the server's direct resource pool.
This tool is a dos tool that is meant to put a heavy load on HTTP servers in order to bring them to their knees by exhausting the resource pool, it is meant for research purposes only and any malicious use of this tool is prohibited.
This tool is a dos tool that is meant to put a heavy load on HTTP servers in order to bring them to their knees by exhausting the resource pool, it is meant for research purposes only and any malicious use of this tool is prohibited.
Techniques used in the tool:
- Obfuscation of Source Client - this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list.
- Reference Forgery - the referer that points at the request is obfuscated and points into either the host itself or some major pre-listed websites.
- Stickiness - using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
- no-cache - this is a given, but by asking the HTTP server for no-cache, a server that is not behind a dedicated caching service will present a unique page.
- Unique Transformation of URL - to eliminate caching and other optimization tools, there are custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
Usage:
python hulk.py <url> you can add "safe" after url, to autoshut after dos
Note: The "safe" word is meant to kill the process after all threads got a 500 error, since its easier to control in a lab, it is optional.
Screenshots:
You might also like:
- Hackode - Android App For Hackers
- DotDotPwn - Directory Traversal Fuzzer
- OSForensics - Tool For Extracting Forensic Data From Computers
- Snort - OpenSource Network Intrusion Detection Tool
- Weevely - Weaponized Web Shell
- Pentoo - Gentoo-Based Linux Distribution For Penetration Testers
- evasi0n - Jailbreak Tool For iOS 6, 7 Devices
- SSLyze - Tool For Analysing SSL/TLS Configurations
- Advanced Windows Service Manager - Tool For Analyzing Windows Services
- SoftPerfect WiFi Guard - Tool For Detecting & Alerting WiFi Network Intrusions
- BlindElephant - Web Application Fingerprinter
- theHarvester - Tool For Gathering Target Information (E-mail accounts, subdomain names, open ports and etc.)
- SI6 Networks' IPv6 Toolkit - A Security Assessment & Troubleshooting Tool For IPv6 Protocols
- Automater - Tool For Analyzing URLs/Domains, IP Addresses, and Md5 Hashes
- Web-Sorrow - Tool For Detecting Misconfigurations and Collecting Server Information
- ADHD - An Ubuntu Based Security Distribution
- ARPwner - ARP & DNS Poisoning Attack Tool
- Xortool - A Tool To Analyze Multi-byte XOR Cipher
Post a Comment