PyLoris: A testing tool for web server DoS vulnerabilites
PyLoris is a tool for testing a web server's vulnerability to a particular class of Denial of Service (DoS) attacks. It uses the Slowloris method; by using all available connections, web servers cannot complete valid requests.
PyLoris 2.3 Features:
- Highly configurable HTTP connection consuming DoS
- HTTPS support
- GET, POST, HEAD and other headers supported
- SOCKS4 and SOCKS5 proxies supported
- Written in Python
- Cross Platform; supported on Windows, Linux, and Mac OS X
- Forging Referer header for severs inaccessible directly
- Gzip encoding to test for CEV-2009-1891 vulnerability
PyLoris requires Python to run. The latest version of PyLoris can be downloaded from http://pyloris.sourceforge.net
What is PyLoris?
PyLoris is a tool that can be used to test web servers for a vulnerability to a specific class of Denial of Service attack. This class of attack is described by RSnake--along with the original proof of concept--at http://ha.ckers.org/slowloris. Click here to read a short discussion on the cause and impact of PyLoris.
Using PyLoris
Using PyLoris is simple. In its most basic form, PyLoris merely needs a copy of Python to run. Click here for information on utilizing PyLoris and all of its features.
Frequently Asked Questions
There are a lot of questions and rumors about PyLoris and Slowloris. I try to answer them to the best of my ability. Click here for answers to technical and non-technical questions regarding PyLoris
About PyLoris
While reading through an article on Hack a Day, I came across RSnake's idea, as well as his implementation of this attack. Click here to read the backstory behind PyLoris.
Special Thanks
There are a number of people who helped me in immeasurable ways. This is a short list of people that helped in the building and testing of PyLoris.