wasp 0.2.0

data/lib/wasp/nest.rb

@@ -0,0 +1,321 @@
+require 'optparse'
+require File.dirname(__FILE__) + '/wasp'
+
+module WASP
+
+  class Nest
+    attr_reader   :key
+    attr_reader   :options
+    attr_reader   :args
+    attr_reader   :wasps
+    attr_reader   :queenwasp
+    attr_reader   :optionhelp
+  
+    def info
+      puts "be aware of me"
+    end
+  
+    def parse_options!
+
+      opts_parser = OptionParser.new do |opts|
+        opts.banner = "\nAvailable options:\n\n"
+          
+        opts.on('-k', '--key PRIVATE-KEY', 
+        'The ssh key pair name to use to connect to the new servers.') do |key| 
+           @options[:key] = key 
+         end
+        opts.on('-s', '--servers NUM-SERVERS', 
+        'The number of servers to start (default: 5).') do |server|
+          @options[:server] = server 
+        end
+        opts.on('-g', '--group SECURITY-GROUP', 
+        'The security group to run the instances under (default: default).') do |group|  
+          @options[:group] = group 
+        end
+        opts.on('-z', '--zone AVAILABILITY-ZONE',
+        "The availability zone to start the instances in (default: us-east-1).") do |zone|   
+          @options[:zone] = zone 
+        end
+        opts.on('-a', '--ami AMI', 
+        "The ami-id to use for each server from (default: ami-bfb473d6).") do |ami|
+          @options[:ami] = ami
+        end
+        opts.on('-u', '--url URL', 'URL of the target to attack.') do |url|
+          @options[:url] = url
+        end
+        opts.on('-p', '--pattern PATTERN', 
+        'The pattern of concurrent wasps are growing and time (default: 5000(wasps):60(secs)).') do |pattern|
+          @options[:pattern] = pattern 
+        end
+        opts.on('-t', '--time TIME', 
+        'The time to make to the target (seconds).') do |time|
+          @options[:time] = time
+        end        
+        opts.on('-i', '--cookie', 
+        'The request doesn\'t include a cookie which have fake session id. (default: with sessionID).') do
+          @options[:wo_cookie] = true
+        end                
+        opts.on('-H', '--header HEADER', 
+        'Append extra headers to the request. (i.e.: "Accep-Encoding: zip/zop;8bit").') do |header|
+          @options[:header] = header
+        end
+        opts.on('-n', '--numreq NUM-REQUEST', 
+        'The number of total connections to make to the target (default: 1000).') do |num|
+          @options[:num] = num 
+        end
+        opts.on('-c', '--concurrent CONCURRENT',
+        'The number of concurrent connections to make to the target (default: 100).') do |conn|
+          @options[:conn] = conn
+        end
+        opts.on('-l', '--login LOGINID',
+        'The ssh username name to use to connect to the new servers (default: ubuntu).') do |login|
+          @options[:login] = login
+        end
+        opts.on('-w', '--weapon WEAPON',
+        'The name of weapon to attack (default: ab).') do |weapon|
+          @options[:weapon] = weapon
+        end
+        opts.on('-e', '--keepalive', 'Use keep-alive option for weapon.') do
+          @options[:keepalive] = true
+        end        
+        opts.on('-o', '--compact', 'Use compact version of results.') do
+          @options[:compact] = true
+        end
+     
+        opts.on('-v', '--version')                { puts "wasp " + "#{WASP::Const::VERSION}\n".green; exit(true) }
+        opts.on('-h', '--help')                   { @optionhelp = true; help }
+    
+        opts.on_tail('--options')                 { puts "#{opts}\n" }
+      end
+
+      begin
+        @args = opts_parser.parse!(@args)
+      rescue => ex
+        print "[WARN]".yellow + " #{ex.message}\n"
+        @optionhelp = true
+        help
+      end
+      self
+    end
+  
+    def command_usage
+      puts "Usage:".green + " wasps COMMAND [options]"
+    <<-USAGE
+    
+  Wasps with Rain of Stings (ruby version of waspswithmachineguns)
+
+  A utility for arming (creating) many wasps (small EC2 instances) to attack
+  (load test) targets (web applications).
+
+  commands:
+    set       Set credential file for AWS. 
+    up        Start a batch of load testing servers.
+    equip     Check and install weapon to wasps.
+    attack    Begin the attack on a specific url.
+    rattack   Begin the attack incrementally growing up wasps during the period.
+    down      Shutdown and deactivate the load testing servers.
+    status    Report the status of the load testing servers.
+    regions   Get AWS regions for the wasps.
+    help      Show options.
+    
+ To set config file:
+  $ wasp set aws.yml
+    
+ To launch 6 wasps:
+  - launch 6 instances in us-east zone with private key named wasps
+  $ wasp up -k wasps -s 6 
+  
+  - launch 5 instances in us-west-2 zone with ami-8cb33ebc AMI, username ubuntu and private key named wasps
+  $ wasp up -k wasps -z us-west-2 -a ami-8cb33ebc -s 5 -l ubuntu
+ 
+ To equip weapon(apachebench):
+  $ wasp equip -w ab
+ 
+ To attack target with 1000 requests and 100 concurrent wasps:
+  $ wasp attack -n 1000 -c 100 -u http://target_site
+  
+ To attack target with incrementally increase wasps from 1 to 10000 during 60 seconds:
+  $ wasp rattack -p 10000:60 -u http://target_site  
+  
+ To sleep wasps:
+  $ wasp down
+    
+  USAGE
+  
+    end
+    
+    def lost_wasps
+      File.exists?("#{ENV["HOME"]}/.nest")
+      false
+    end
+  
+    def parse_command!
+      verb = @args.shift
+      case verb
+    
+      when 'set'
+        file = @args.shift
+        
+        help('nofile') if file.nil?
+        
+        file = File.absolute_path(file)
+        
+        begin
+          FileUtils.cp(file, ENV["HOME"] + "/.waspaws.yml")
+        rescue => ex
+          puts "#{ex.message}"
+          exit false
+        end
+        puts "AWS credential is set."
+      
+      when 'up'   
+        if lost_wasps then
+          puts "[WARN]".yellow + " There are lost wasps in the air. They need to go home first. [./nest down]"
+          exit(false)
+        end
+      
+        
+        if @options[:key].nil? then 
+          help("nokey")
+        end
+      
+        puts 'Breeding wasps..'
+        
+        @wasps = WASP::Wasp.new(@options)
+        @wasps.ready
+        @wasps.breed
+            
+        #puts 'Breeding queen wasp..'
+        #@queenwasp = WASP::QueenWasp.new(num_wasps)
+        
+      when 'equip'
+        puts "Check wasps weapon.."
+        
+        @wasps = WASP::Wasp.new(@options)
+        @wasps.equip
+      
+      when 'rattack'        
+        puts "Connecting to the nest"
+        
+        if @options[:url].nil? then
+          help("nourl")
+        end
+        
+        if @options[:pattern].nil? then
+          @options[:pattern] = "5000:60"
+        end
+        
+        pattern = @options[:pattern]
+        to, time, keep = pattern.split(":")
+        
+        help if time.nil? or to.nil?
+
+        if keep == 'keep' then
+          keep = true 
+        else
+          keep = false
+        end
+        @wasps = WASP::Wasp.new(@options)   
+        @wasps.rangeattack(to.to_i, time.to_i, @options[:url], keep)
+        
+      when 'attack'
+        puts "Connecting to the nest"
+        
+        if @options[:url].nil? then
+          help("nourl")
+        end
+                
+        num = if @options[:num].nil? then
+                WASP::Const::DEFAULT_NUMBER_OF_REQUESTS
+              else
+                @options[:num].to_i
+              end
+        
+        time = @options[:time]
+                
+        # number of requests would be ignored if time parameter have given
+        num = nil if not time.nil?
+              
+        conn = if @options[:conn].nil? then
+                WASP::Const::DEFAULT_CONCURRENT_OF_CONNECTIONS
+              else
+                @options[:conn].to_i
+              end
+              
+        @wasps = WASP::Wasp.new(@options)   
+        @wasps.attack(num, conn, @options[:url], time)
+      
+      
+      when 'down'
+        puts "Connecting to the nest."
+        @wasps = WASP::Wasp.new(@options)
+        @wasps.down
+      
+      when 'status'
+        puts 'Report the wasp..'
+        @wasps = WASP::Wasp.new(@options)
+        @wasps.status
+        
+      when 'regions'
+        puts 'Searching airfield..'
+        @wasps = WASP::Wasp.new(@options)
+        @wasps.airfield
+    
+      when 'help'
+        @optionhelp = true
+        help
+      else
+        help
+      end
+    end
+  
+  def help (errcode = nil)
+    case errcode
+    
+    when 'nokey'
+      puts "[Error]".red + " : AWS private key is required.\n";
+      
+    when 'nourl'
+      puts "[Error]".red + " : Target url is required.\n";
+    
+    when 'nofile'
+      puts "[Error]".red + " : Config file not found.\n";
+      
+    end
+      puts command_usage
+      if @optionhelp then
+        @args = @args.unshift('--options')
+        parse_options!
+      end
+      exit(true)
+    end
+  
+    def cleanup
+      puts "Clean up.."
+      exit(true)
+    end
+  
+    def wakeup
+      trap('TERM') { print '\nTerminated\n'; exit(false)}
+    
+      parse_options!
+      
+      WASP::Config.output ||= STDOUT
+      
+      parse_command!
+    end
+  
+    def initialize(args)
+      @args = args
+      @options = { :colorize => true }
+      @wasps = []
+      @queenwasp = nil
+      @optionhelp = false
+    end
+    
+    def self.wakeup(args)
+      new(args).wakeup
+    end
+  end
+  
+end

data/lib/wasp/queenwasp.rb

@@ -0,0 +1,7 @@
+module WASP
+  class QueenWasp
+    def info
+      puts "give me a report"
+    end
+  end
+end

data/lib/wasp/stingab.rb

@@ -0,0 +1,355 @@
+module WASP
+  class WeaponAB
+    attr_reader   :ssh
+    attr_reader   :ab
+    attr_reader   :zip
+    attr_reader   :ulimit
+    
+    def initialize
+      @ab = false
+      @zip = false
+      @ulimit = false
+    end
+    
+    def check(ssh)      
+      return nil if ssh.nil?
+
+      @ssh = ssh
+      result = @ssh.exec! "ab -V"
+      @ab = true if not result.match(/This is ApacheBench, Version 2/).nil?
+      
+      zip_result = @ssh.exec! "zip -h"      
+      @zip = true if not zip_result.match(/Info-ZIP/).nil?
+      
+      open_files = @ssh.exec! "ulimit -n"
+      @ulimit = true if open_files.to_i > 1024
+      
+      return @ab && @zip && @ulimit
+    end
+    
+    def reload
+      if @ssh.nil? then
+        print "[Error]".red + " Check your weapon first!"
+        return nil
+      end
+  
+      if not @ab then
+        command = "uname -v"
+        dist = @ssh.exec! command
+        case 
+        when dist.match(/Ubuntu/) then
+          command = 'sudo apt-get update'
+          @ssh.exec! command
+          command = 'sudo apt-get install apache2-utils -y'
+          result = @ssh.exec! command
+        end
+      end
+      
+      if not @zip then
+        command = "uname -v"
+        dist = @ssh.exec! command
+        case 
+        when dist.match(/Ubuntu/) then
+          command = 'sudo apt-get update'
+          @ssh.exec! command
+          command = 'sudo apt-get install zip -y'
+        result = @ssh.exec! command
+        end
+      end     
+      
+      if not @ulimit then
+        command = "sudo bash -c \"echo '*   soft  nofile  19999' >>  /etc/security/limits.conf\""
+        @ssh.exec! command
+        command = "sudo bash -c \"echo '*   hard  nofile  19999' >>  /etc/security/limits.conf\""
+        @ssh.exec! command
+        command = "sudo bash -c \"echo 100000 > /proc/sys/kernel/threads-max\""
+        @ssh.exec! command
+      end
+    end
+    
+    def wavefire (concurrnet_user, url, id, wave, keepalive=false, without_cookie=false, header=nil)
+      if @ssh.nil? then
+        print "[Error]".red + " Check your weapon first!"
+        return nil
+      end
+      
+      if wave.nil? then
+        print "[Error]".red + " No wave!"
+        return nil
+      end
+      
+      header = "-H '#{header}'" if not header.nil?
+      
+      cookie = "-C 'sessionid=NotARealSessionID'"
+      cookie = nil if without_cookie
+      
+      keepalive_s = ""
+      keepalive_s = "-k" if keepalive
+
+      time = WASP::Const::DEFAULT_WAVE_TIME
+      
+      command = "ab -t #{time} #{keepalive_s} -r #{cookie} #{header} -c #{concurrnet_user} #{url}/"
+      report = @ssh.exec! command
+      
+      report
+    end
+        
+    def fire (num_requests, concurrnet_user, url, id, report=false, keepalive=false, without_cookie=false, time=nil, header=nil)
+      if @ssh.nil? then
+        print "[Error]".red + " Check your weapon first!"
+        return nil
+      end
+      
+      keepalive_s = ""
+      keepalive_s = "-k" if keepalive
+      
+      gnuplot = "-g #{id}.plot" if report
+      
+      cookie = "-C 'sessionid=NotARealSessionID'"
+      cookie = nil if without_cookie
+      
+      header = "-H '#{header}'" if not header.nil?
+      
+      option = "-n #{num_requests}"
+      
+      option = "-t #{time}" if not time.nil?
+      
+      command = "ab #{keepalive_s} -r #{gnuplot} #{option} #{header} -c #{concurrnet_user} #{cookie} #{url}/"
+      report = @ssh.exec! command
+      
+      command = "zip #{id}.zip #{id}.plot"
+      @ssh.exec! command
+      
+      report
+    end
+    
+    def points (report)
+      return nil if report.nil?
+      
+      #puts report
+      
+      error_regex = []
+      
+      response = {}
+      
+      error_regex.push(/Too many open files/)
+      error_regex.push(/Cannot use concurrency level greater than total number of requests/)
+      error_regex.push(/Invalid Concurrency/)
+      error_regex.push(/The timeout specified has expired/)
+      
+      error_regex.each do |reg|
+        return nil if not report.match(reg).nil?
+      end
+        
+      regex = /Concurrency Level:.*[\d]*/
+      report.match(regex) do |data|
+        response[:concurrency] = data.to_s.gsub!(/\D/, '')
+        #puts response[:concurrency]
+      end
+      
+      regex = /Time taken for tests:.*[\d]*.[\d]*.*seconds/
+      report.match(regex) do |data|
+        response[:time] = data.to_s.gsub!(/[a-zA-Z:\s]/, '')
+        #puts response[:time]
+      end
+      
+      regex = /Complete requests:.*[\d]*/
+      report.match(regex) do |data|
+        response[:complete] = data.to_s.gsub!(/\D/, '')
+        #puts response[:complete]
+      end
+      
+      regex = /Failed requests:.*[\d]*/
+      report.match(regex) do |data|
+        response[:failed] = data.to_s.gsub!(/\D/, '')
+        #puts response[:failed]
+      end
+      
+      regex = /Write errors:.*[\d]*/
+      report.match(regex) do |data|
+        response[:write_errors] = data.to_s.gsub!(/\D/, '')
+        #puts response[:write_errors]
+      end
+      
+      regex = /Non-2xx responses:.*/
+      response[:non2xx] = 0
+      report.match(regex) do |data|
+        values = data.to_s.split(" ")
+        response[:non2xx] = values[2] unless values.nil?
+        #puts response[:transferred]
+      end
+      
+      response[:ok] = response[:complete].to_i - response[:non2xx].to_i
+      response[:ok] = 0 if response[:ok] < 0
+      
+      regex = /Total transferred:.*[\d]*.*bytes/
+      report.match(regex) do |data|
+        response[:transferred] = data.to_s.gsub!(/\D/, '')
+        #puts response[:transferred]
+      end
+      
+      regex = /HTML transferred:.*[\d]*.*bytes/
+      report.match(regex) do |data|
+        response[:html_transferred] = data.to_s.gsub!(/\D/, '')
+        #puts response[:html_transferred]
+      end
+      
+      regex = /Requests per second:.*[\d]*.[\d]*.*\[#\/sec\].*\(mean\)/
+      report.match(regex) do |data|
+        #response[:requests_per_second] = data.to_s.gsub!(/[a-zA-Z:#\s\[\/\]\(\)]/, '')
+        response[:requests_per_second] = response[:ok].to_f / response[:time].to_f
+        #puts response[:requests_per_second]
+      end
+      
+      regex = /Time per request:.*[\d]*.[\d]*.*\[ms\].*\(mean\)/
+      report.match(regex) do |data|
+        response[:time_per_request] = data.to_s.gsub!(/[a-zA-Z:\s\[\]\(\)]/, '')
+        #puts response[:time_per_request]
+      end      
+      
+      regex = /Total:.*/
+      report.match(regex) do |data|
+        values = data.to_s.split(" ")
+        response[:mean_per_request] = values[2] unless values.nil?
+        response[:standard_deviation] = values[3] unless values.nil?
+        #puts response[:mean_per_request]
+        #puts response[:standard_deviation]
+      end
+      
+      regex = /.*80\%.*[\d]*/
+      report.match(regex) do |data|
+        response[:eighty_percent] = data.to_s.gsub!(/\s*80\%\s*/, '')
+        #puts response[:eighty_percent]
+      end
+      
+      regex = /.*100\%.*[\d]*/
+      report.match(regex) do |data|
+        response[:hundred_percent] = data.to_s.gsub!(/\s*100\%\s*/, '')
+        #puts response[:hundred_percent]
+      end
+      
+      response
+    end
+    
+    def compact_summary (results)
+      return nil if results.nil?
+
+      # remove nil report from results array
+      reports = []
+      results.each do |r|
+        if not r.nil? then
+          reports.push(r)
+        end
+      end
+        
+      concurrency_results = reports.map do |r| r[:concurrency].to_i end
+      total_concurrency = concurrency_results.inject do |sum, r| sum + r end
+      
+      print " Concurrent users:\t\t" + "#{total_concurrency}".yellow   + "\n"
+      
+      rps_results = reports.map do |r| r[:requests_per_second].to_f end
+      mean_requests = rps_results.inject do |sum, r| sum + r end
+      
+      print " Requests per second:\t\t" + "%.3f".green % mean_requests + " [#/sec] (mean)\n"
+      
+      #tpr_results = reports.map do |r| r[:time_per_request].to_f end
+      #tpr = tpr_results.inject { |sum, r| sum + r } / reports.count
+      
+      tpr = total_concurrency / mean_requests * 1000
+      print " Time per request:\t\t" + "%.3f".green % tpr + " [ms] (mean)\n"
+      
+      mpr_results = reports.map do |r| r[:mean_per_request].to_f end
+      mean_response = mpr_results.inject { |sum, r| sum + r } / reports.count
+      
+      print " Connection Time:\t\t" + "%.3f".green % mean_response + " [ms] (mean)\n"
+      
+      eighty_results = reports.map do |r| r[:eighty_percent].to_f end
+      mean_eighty = eighty_results.inject { |sum, r| sum + r } / reports.count
+      
+      print " Almost(80%%) response time:\t%.3f [ms] (mean)\n" % mean_eighty
+    end
+    
+    def summary (results)
+      return nil if results.nil?
+
+      # remove nil report from results array
+      reports = []
+      results.each do |r|
+        if not r.nil? then
+          reports.push(r)
+        end
+      end
+        
+      concurrency_results = reports.map do |r| r[:concurrency].to_i end
+      total_concurrency = concurrency_results.inject do |sum, r| sum + r end
+      
+      print " Concurrent users:\t\t" + "#{total_concurrency}".yellow   + "\n"
+      
+      complete_results = reports.map do |r| r[:complete].to_i end
+      total_complete_requests = complete_results.inject do |sum, r| sum + r end
+      
+      print " Complete requests:\t\t#{total_complete_requests}\n"
+      
+      ok_results = reports.map do |r| r[:ok].to_i end
+      total_ok_responses = ok_results.inject do |sum, r| sum + r end
+
+      print " 20x responses:\t\t\t#{total_ok_responses}\n"      
+      
+      non2xx_results = reports.map do |r| r[:non2xx].to_i end
+      total_non2xx_responses = non2xx_results.inject do |sum, r| sum + r end
+
+      print " Non-2xx responses:\t\t#{total_non2xx_responses}\n"
+      
+      failed_results = reports.map do |r| r[:failed].to_i end
+      total_failed_requests = failed_results.inject do |sum, r| sum + r end
+      
+      print " Failed requests:\t\t" + "#{total_failed_requests}".red + "\n"
+      
+      time_results = reports.map do |r| r[:time].to_f end
+      time_taken = time_results.inject { |sum, r| sum + r } / reports.count
+      
+      print " Time taken for test:\t\t%.3f seconds (mean)\n" % time_taken
+      
+      rps_results = reports.map do |r| r[:requests_per_second].to_f end
+      mean_requests = rps_results.inject do |sum, r| sum + r end
+      
+      print " Requests per second:\t\t" + "%.3f".green % mean_requests + " [#/sec] (mean)\n"
+      
+      #tpr_results = reports.map do |r| r[:time_per_request].to_f end
+      #tpr = tpr_results.inject { |sum, r| sum + r } / reports.count
+      
+      tpr = total_concurrency.to_f / mean_requests.to_f * 1000.0
+      
+      print " Time per request:\t\t" + "%.3f".green % tpr + " [ms] (mean)\n"
+      
+      mpr_results = reports.map do |r| r[:mean_per_request].to_f end
+      mean_response = mpr_results.inject { |sum, r| sum + r } / reports.count
+      
+      print " Connection Time:\t\t" + "%.3f".green % mean_response + " [ms] (mean)\n"
+      
+      eighty_results = reports.map do |r| r[:eighty_percent].to_f end
+      mean_eighty = eighty_results.inject { |sum, r| sum + r } / reports.count
+      
+      print " Almost(80%%) response time:\t%.3f [ms] (mean)\n" % mean_eighty
+      
+      hundred_results = reports.map do |r| r[:hundred_percent].to_f end
+      longest_response = hundred_results.sort.last
+      
+      print " The longest response time:\t%.3f [ms] (mean)\n\n" % longest_response
+      
+      case 
+      when mean_response < 500 then
+        print "Mission Assessment: Target crushed wasp offensive.\n\n"
+      when mean_response < 1000 then
+        print "Mission Assessment: Target successfully fended off the wasp.\n\n"
+      when mean_response < 1500 then
+        print "Mission Assessment: Target wounded, but operational.\n\n"
+      when mean_response < 2000 then
+        print "Mission Assessment: Target severely compromised.\n\n"
+      else
+        print "Mission Assessment: wasp annihilated target.\n\n"
+      end
+    end
+    
+  end
+end