http-slowloris
脚本使用类型:
portrule
脚本所属分类:
dos, intrusive
脚本下载地址: http://nmap.org/svn/scripts/http-slowloris.nse
Tests a web server for vulnerability to the Slowloris DoS attack by launching a Slowloris attack.
Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/).
This script opens and maintains numerous 'half-HTTP' connections until the server runs out of ressources, leading to a denial of service. When a successful DoS is detected, the script stops the attack and returns these pieces of information (which may be useful to tweak further filtering rules):
Please note that the number of concurrent connexions must be defined
with the --max-parallelism
option (default is 20, suggested
is 400 or more) Also, be advised that in some cases this attack can
bring the web server down for good, not only while the attack is
running.
Also, due to OS limitations, the script is unlikely to work when run from Windows.
Specify that the script should continue the attack forever. Defaults to false.
Specify maximum run time for DoS attack (30 minutes default).
Time to wait before sending new http header datas in order to maintain the connection. Defaults to 100 seconds.
执行格式
nmap --script http-slowloris --max-parallelism 400 <target>
PORT STATE SERVICE REASON VERSION 80/tcp open http syn-ack Apache httpd 2.2.20 ((Ubuntu)) | http-slowloris: | Vulnerable: | the DoS attack took +2m22s | with 501 concurrent connections |_ and 441 sent queries
Author: Aleksandar Nikolic, Ange Gutek
License: VER007 整理 http://www.ver007.com