slowloris.py - Simple Slowloris in Python
What is Slowloris?
Slowloris is an HTTP Denial of Service (DoS) attack that affects threaded servers. It works by opening many HTTP connections to the target server and sending partial requests periodically to keep the connections open. This prevents the server from handling legitimate connections, effectively causing a DoS.
How Slowloris Works:
- Start making lots of HTTP requests.
- Send headers periodically (every ~15 seconds) to keep the connections open.
- Never close the connection unless the server does so. If the server closes a connection, create a new one and continue the process.
This exhausts the server's thread pool, preventing it from responding to other users.
How to Install and Run Slowloris
You can install slowloris either by cloning the git repository or using pip. Here's how:
Using Pip
sudo pip3 install slowlorisslowloris example.com
That's all it takes to install and run slowloris.py.
Using Git
git clone https://github.com/gkbrk/slowloris.gitcd slowlorispython3 slowloris.py example.com
SOCKS5 Proxy Support
To use the -x
option for connecting via a SOCKS5 proxy, you will need to install the PySocks library:
sudo pip3 install PySocks
Then you can use:
slowloris -x --proxy-host <host> --proxy-port <port> example.com
Configuration Options
You can modify slowloris' behavior using command-line arguments. Run slowloris -h
for the latest help documentation. Key options include:
-p, --port
: Port of webserver (default is 80)-s, --sockets
: Number of sockets to use in the test-v, --verbose
: Increases logging output-ua, --randuseragents
: Randomizes user-agents with each request-x, --useproxy
: Use a SOCKS5 proxy for connecting--https
: Use HTTPS for the requests--sleeptime
: Time to sleep between each header sent
Citation
If you found this work useful, please cite it as:
@article{gkbrkslowloris, title = "Slowloris", author = "Gokberk Yaltirakli", journal = "github.com", year = "2015", url = "https://github.com/gkbrk/slowloris" }
License
The code is licensed under the MIT License.
Disclaimer
This tool is for educational purposes only. Usage of slowloris.py for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this program.