Skip to content
Improved DOS exploit for wordpress websites (CVE-2018-6389)
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
.whitesource Initial WhiteSource configuration file May 5, 2019 Fixed a typo Mar 4, 2018 Update Mar 14, 2018


First of all, put Shiva on watch. I will be upgrading it to a full stress testing suite over time. Shiva is designed to perform Denial Of Service (DOS) attack on wordpress sites by loading all jquery scripts at once through load-scripts.php. So basically its an exploit for CVE-2018-6389.


  • Shiva uses multithreading to bring down websites as soon as possible,
  • You don't need to worry about your IP being exposed because Shiva uses Proxify to route all requests through random proxies which keep getting rotated automatically.

Dependencies & Compatibility

Shiva is compatible with both python2 and python3.

  • requests
  • proxify


You can attack a target with Shiva as follows:

python -u -t 50

Where is the target website and 50 is the number of threads.
You must keep in mind that Shiva is only effective against wordpress site so make sure your target runs on wordpress.
Number of threads should be selected according to the network speed.

You can’t perform that action at this time.