Skip to content
A python based DOS/DDOS test tool
Python Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitattributes Initial commit Oct 8, 2018
.gitignore update import Oct 10, 2018 V2 UPDATE May 5, 2019 Update May 13, 2019
LICENSE Initial commit Oct 8, 2018 Update May 13, 2019 V2 UPDATE May 5, 2019



CF-Cannon is a tool written in python to perform layer 7 stress test on your own server.



V2 Version

V2 version enables distributed attack on each nodes with penetration of UAM page by Cloudflare and can be (theoretically) deployed on infinite machines.


apt-get update
apt-get -y upgrade
apt-get install build-essential nodejs python-setuptools
apt-get install -y python-pip
pip install demjson Flask pycurl 

Run (on each node):


Then use any third party API Tester: (i.e

Post a json request to path written in (Default: /attack)

	"T": 8,
	"charset": "utf-8",
	"is_protected_by_cf": false,
	"keywords": "welcome",
	"path": "/index.php",
	"peerCount": 300,
	"threadCount": 10000000,
	"url": ""

Note: Set "is_protected_by_cf" to be true only if you see following page:

alt text

After sending POST request, you’re suppose to see this: alt text

Failed means your node have no access to target (keyword not found). It can be caused by:

  • You have already take it down (Success)
  • Wrong keyword on html page
  • Your IP/Machine is on blacklist
  • Any other reason that may cause your node have no access to this page

Success simply suggest target web page still functions normally

Disclaimer: Please make sure all your tests are legal and with consent of relevant parties as I won't be responsible for any consequence caused by this script.



For CF-bypass you'll need a proxy list with very good connection and low latency to your server.

Third party proxy checker you may need:


apt-get update
apt-get -y upgrade
apt-get install build-essential nodejs python-setuptools python3-setuptools
apt-get install -y python3-pip
pip3 install PySocks requests cfscrape scapy-python3


python3 -t 1000 -d /index.php


-d --dir : path of target, I.e: then -d /index.php
-s --ssl : Use http or https. For https&proxy mode your proxy must support https.
-p --port: Port of the server,80 or 443?
-t --threads: How many threads?
-l --time: Haven't done yet
-x --proxy_file_location : Deafult: proxy.list, feel free to assign other list.

Don't forget:

ulimit -n 655350

Proof of Power


Notice that:

Each "ERROR:root:’’ returned an error. Could not collect tokens." indicates one proxy failure (cfscrape can’t access page though server)

The effiecy through proxy is still low, if you have ieda or update, welcome to merge.

You can’t perform that action at this time.