NOTE: “THIS CODE IS NOT FOR EDUCATIONAL PURPOSE”
UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet.
– Clean code (only needs python-pycurl)
– Documentation with examples
– Web/GUI Interface
– Proxy to connect to ‘zombies’ (ex: tor)
– Change HTTP Headers (User-Agent, Referer, Host…)
– Configure requests (Timeout, Retries, Delay…)
– Search for ‘zombies’ on google results (using a pattern or a list of dorks)
– Test ‘Open Redirect’ vulnerabilities on ‘zombies’
– Download/Upload ‘zombies’ from Community
– Inspect a target (HTML objects sizes)
– Set a place to ‘bit’ on a target (ex: big file)
– Control number of rounds to attack
– Apply cache evasion techniques
See this links for more info:
UFONet runs on many platforms. It requires Python and the following library:
— python-pycurl – Python bindings to libcurl
On Debian-based systems (ex: Ubuntu), run:
— sudo apt-get install python-pycurl
Source libs: Python | PyCurl
Attacking a target:
Enter a target to attack, with the number of rounds that will be attacked:
./ufonet -a http://target.com -r 10This will attack the target, with the list of ‘zombies’ that your provided on: “zombies.txt”, a number of 10 times for each ‘zombie’. That means, that if you have a list of 1.000 ‘zombies’,
the program will launch 1.000 ‘zombies’ x 10 rounds = 10.000 ‘hits’ to the target.
::By default, if you don’t put any round, it will apply only 1. ::
Additionally, you can choose a place to recharge on target’s site. For example, a large image, a big size file or a flash movie. In some scenarios where targets doesn’t use cache systems,
this will do the attack more effective.
Open ‘zombies.txt’ (or another file) and create a list of possible ‘zombies’. Urls of the ‘zombies’ should be like this: http://target.com/check?uri=
After that, launch it:
./ufonet -t zombies.txt
At the end of the process, you will be asked if you want to update the list adding automatically only ‘vulnerable’ web apps.
Wanna update your list (Y/n)
If you reply ‘Y’, your file: zombies.txt will be updated.