Skip to content

c0r0n3r/dheater

BranchesTags

Repository files navigation

D(HE)ater

PyPI version Python versions License DOI

D(HE)ater is the proof-of-concept implementation of the D(HE)at attack (CVE-2002-20001). For further information about the attack visit the project page or read the full technical paper on IEEE Access.

Disclaimer

D(HE)ater is a proof-of-concept denial-of-service tool intended only for defensive security testing, mitigation verification, and research. Run it exclusively against systems you own or for which you have explicit, written authorization. Using it against systems without permission may be illegal and is likely to disrupt the targeted service. The authors provide the code as-is, without warranty, and accept no liability for any misuse or damage.

Usage

D(HE)ater is a command-line tool. The --protocol option and the target uri are mandatory:

# enforce DHE key exchange against a TLS service
dheat --protocol tls example.com:443

# enforce DHE key exchange against an SSH service
dheat --protocol ssh example.com:22

Optional arguments:

Option Default Description
--timeout 5 socket timeout in seconds
--thread-num 1 number of threads to run
--key-size none key size to enforce 
# 16 threads, 10 second timeout
dheat --protocol tls --thread-num 16 --timeout 10 example.com:443

Mitigation

Guidance on detecting and mitigating the D(HE)at attack is maintained on the official project site: dheatattack.com.

Requirements

D(HE)ater requires Python 3.9 or newer and depends on CryptoLyzer to check DHE support and generate the necessary traffic. The dependency is installed automatically with the methods described below.

Installation

Install the latest release from PyPI:

pip install dheater

To install the current development version directly from the source repository:

pip install git+https://gitlab.com/dheatattack/dheater.git

License

The code is available under the terms of Apache License Version 2.0. A non-comprehensive, but straightforward description and also the full license text can be found at Choose an open source license website.

Credits

D(HE)ater uses CryptoLyzer to check DHE support of TLS/SSH services and also to generate the traffic necessary to perform D(HE)at attack.

About

D(HE)ater is a proof of concept implementation of the D(HE)at attack (CVE-2002-20001) through which denial-of-service can be performed by enforcing the Diffie-Hellman key exchange. (read-only clone of the original GitLab project)

dheatattack.com

Topics

tls ssh ssl security ddos attack poc denial-of-service ddos-tool security-tools overloading diffie-hellman-groups diffie-hellman-algorithm ddos-attack-tools ddos-attack dos-attack diffie-hellman-key dhe ddos-attack-tool dos-attack-tool

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy
Activity

Stars

216 stars

Watchers

7 watching

Forks

30 forks
Report repository

Releases 12

v1.0.0 Latest
Jun 13, 2026
+ 11 releases

Packages

 
 
 

Contributors

Languages