UFONet – DDoS attacks via Web Abuse (XSS/CSRF)

UFONet – es una herramienta diseñada para lanzar ataques DDoS contra un objetivo, utilizando vectores ‘Open Redirect’ de aplicaciones web de terceros, como botnet.

Mira estos links si te interesa saber más:
CWE-601:Open Redirect
OWASP:URL Redirector Abuse


Principales características:


--version             show program's version number and exit
  -v, --verbose         active verbose on requests
  --check-tor           check to see if Tor is used properly
  --update              check for latest stable version

  *Configure Request(s)*:
    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
    --user-agent=AGENT  Use another HTTP User-Agent header (default SPOOFED)
    --referer=REFERER   Use another HTTP Referer header (default SPOOFED)
    --host=HOST         Use another HTTP Host header (default NONE)
    --xforw             Set your HTTP X-Forwarded-For with random IP values
    --xclient           Set your HTTP X-Client-IP with random IP values
    --timeout=TIMEOUT   Select your timeout (default 30)
    --retries=RETRIES   Retries when the connection timeouts (default 1)
    --delay=DELAY       Delay in seconds between each HTTP request (default 0)

  *Manage Botnet*:
    -s SEARCH           Search 'zombies' on google (ex: -s 'proxy.php?url=')
    --sn=NUM_RESULTS    Set max number of result to search (default 10)
    -t TEST             Test list of web 'zombie' servers (ex: -t zombies.txt)

  *Configure Attack(s)*:
    -r ROUNDS           Set number of 'rounds' for the attack (default: 1)
    -b PLACE            Set a place to 'bit' on target (ex: -b /path/big.jpg)
    -a TARGET           Start a Web DDoS attack (ex: -a http(s)://target.com)



Download UFONet