synack: A C repository from Underewarrr

About¶ ↑

Tool created for testing DDOS/DOS attacks. Supports SYN, UDP, TCP connection, ACK, PUSH+ACK and mixed floods. Created FOR EDUCATIONAL AND TESTING purposes only.

Author¶ ↑

edubart - github.com/edubart

Install¶ ↑

$ git clone git://github.com/edubart/synack.git
$ make
$ sudo make install

FLOODS DESCRIPTION¶ ↑

TCP Ping
  Ping a TCP port by seding simple SYN packet, option created
  just to see the target responsiveness.

Connection flood
  Flood TCP services with the 3-way TCP handshake causing
  massive amount of connections on the host, exhausting it's resources
  and then preventing new connections.

  NOTE: If you use this attack, you MUST add the following iptables
  rule to prevent your kernel aborting the attack, otherwise your
  kernel will reject all established connections on the target:
    iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP

  NOTE: Spoofing can't be used with this attack.

  NOTE: If you are behind a shared connection with a router as gateway,
  make sure that the router can handle massive amount of connections,
  usually home user routers can't, so you might wan't to connect directly
  if possible. By directly I mean assigning your public IP directly to
  your interface.

SYN, UDP floods
  Well known flood types

ACK, PA, Mixed S/A/PA/FA and Mixed A/PA/FA floods
  Uncommon flood types created for testing purposes

  NOTE:
    PA = TCP with flags PUSH+ACK set
    FA = TCP with flags FIN+ACK set
    S = TCP with flag SYN set
    A = TCP with flag ACK set

USAGE¶ ↑

synack -i <interface> -h <host> [action] [options]
Actions:
    -P                - TCP ping (default action)
    -C                - Connection flood
    -S                - SYN flood
    -A                - ACK flood
    -X                - SYN+ACK flood
    -D                - PA flood
    -M                - Mixed S/A/PA/FA flood
    -N                - Mixed A/PA/FA flood
    -U                - UDP flood
    -O                - Monitor interface traffic
General options:
    -i [interface]    - Which interface to do the action (required)
    -h [host,host2]   - Target hosts separated by comma, accepts 'host:port' syntax too (required)
    -H [targets file] - Targets in a file where each line is in ip:port format
    -n [subnet]       - Attack subnet, use formats like 192.168.0.0/16
    -p [port]         - Target port (default: random)
    -t [time]         - Run time in seconds (default: infinite)
    -u [interval]     - Sleep interval in microseconds (default: 10000)
    -j [pps]          - Calculates a sleep interval for desired packets per second output (accurate with multiple threads)
    -b [bytes]        - Additional random bytes to send as data (default: 0)
    -m [threads]      - Number of send threads (default: 1)
    -s [ip]           - Custom source ip, you may set to 'random' (default: interface ip)
    -d [binary file]  - Send binary file as data
    -z [page] [host]  - Send simple HTTP 1.1 request as data
    -f [text file]    - Read a list of IPs from a text file for spoofing
    -o                - Disable tcp options on SYN packets
    -q                - Quiet, don't print statistics output
    -x                - Drop established connections when receive ACK packets
    -y [delay]        - Drop established connections after delay
    -k [smac] [dmac]  - Use rawsendto kernel patch to send massive kpps
    -c [count]        - Max number of packets to send
    -w                - Stop after one packet was sent to all targets
    --help            - Print this help

TIPS¶ ↑

How to generate spoof ips list

# on target machine
iptables -I INPUT -p tcp --dport 9999 -j DROP
tcpdump -i eth0 tcp port 9999 -n -t -c 1100000 > spoofsniff
cat spoofsniff | awk '{print $2}' | sed 's/^\(.*\)\..*$/\1/' | sort | uniq > spoofips

# on source machine
synack -i eth0 -s random -h target -A -p 9999 -m 10 -j 1000

How to speed up throughput to get more pps (packets per second)