Saturday, December 10, 2016

GOLDEN EYE PYTHON SCRIPT

Golden Eye Python Ddos Script


GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!

GoldenEye is a HTTP DoS Test Tool.

Attack Vector exploited: HTTP Keep Alive + NoCache

USAGE:  ./goldeneye.py <url> [OPTIONS]


OPTIONS:

Flag                         Description                                                        Default
-u, --useragents      File with user-agents to use                            (default: randomly generated)
-w, --workers           Number of concurrent workers                                 (default: 50)
-s, --sockets             Number of concurrent sockets                                 (default: 30)
-m, --method           HTTP Method to use 'get' or 'post' or 'random'      (default: get)
-d, --debug               Enable Debug Mode [more verbose output]            (default: False)
-h, --help.                 Shows this help







Posted by at No comments:

SQLMAP

SQLMAP - python script
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


Installation

Preferably, you can download sqlmap by cloning the Git repository:

git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev

sqlmap works out of the box with Python version 2.6.x and 2.7.x on any platform.

To get a list of basic options and switches use:

python sqlmap.py -h

To get a list of all options and switches use:

python sqlmap.py -hh

You can find a sample run here. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the user's manual.




Posted by at No comments:

HULK DDOS SCRIPT

HULK DDoS- Python script


The HTTP Unbearable Load King (HULK) program was developed by a white-hat network security researcher, who shared it on his blog as a proof-of-concept demonstration of how to effortlessly knock over web servers. Nonetheless there is some concern that others might use it for more nefarious purposes.
Barry Shteiman, the developer of the HULK python script, was able to bring a Microsoft IIS 7 web server test system "to its knees" in under less a minute from a single host using the tool.
Neal Quinn, chief operating officer at DoS defence biz Prolexic, commented: "We’ve tested the tool internally and it is functional. What makes HULK dangerous is the fact that a single malicious actor with a single computer could feasibly take down a small, unhardened web server in minutes."
HULK starts a load of threads to fire off a flood of HTTP GET requests with randomly generated header and URL parameter values. This randomisation makes it more difficult to distinguish the attack from legitimate traffic. However thwarting the tool is not especially difficult, according to Prolexic.
“Fortunately, this is not a very complex DoS tool,” he added. “We were quickly able to dissect its approach and stop it dead in its tracks. It is fairly simple to stop HULK attacks and neutralise this vulnerability with the proper configuration settings and rules.”
Prolexic has added rules to its distributed-DoS mitigation tools to defend against possible attacks that leverage HULK's technique






Posted by at No comments:
Subscribe to: Posts (Atom)