python版DDOS攻击工具脚本

全栈程序员站长

发布于 2022-09-18 14:52:28

2.6K0

大家好，又见面了，我是你们的朋友全栈君。

代码中有注释说明

#! /usr/bin/env python
# -*- coding: UTF-8 -*-  
from redis import Redis
import time
from gurd import *
rdb = Redis("127.0.0.1")
vips = {}


def setOffset(offset):
	keys = rdb.keys("*")
	min = offset
	for key in keys:
		if key=="offset":
			continue
		elif int(key)<min:
			min = int(key)
	if offset > min:
		rdb.set("offset",min)
		time.sleep(5)



def main():
	icmp = {}
	udp = {}
	http = {}
	syn = {}
	count = 0
	offset = int(rdb.incr("offset"))-1
	data = rdb.hgetall(offset)
	for key in data.keys():
		if key.endswith("http"):
			items = key.split("-")
			if http.has_key(items[1]):
				http[items[1]] += int(data[key])
			else:
				http[items[1]] = int(data[key])
		elif key.endswith("syn"):
			items = key.split("-")
			if syn.has_key(items[1]):
				syn[items[1]] += int(data[key])
			else:
				syn[items[1]] = int(data[key])
		elif key.endswith("icmp"):
			items = key.split("-")
			if icmp.has_key(items[1]):
				icmp[items[1]] += int(data[key])
			else:
				icmp[items[1]] = int(data[key])
		elif key.endswith("udp"):
			items = key.split("-")
			if udp.has_key(items[1]):
				udp[items[1]] += int(data[key])
			else:
				udp[items[1]] = int(data[key])
		elif key.endswith("count"):
			count += int(data[key])
		else:
			continue
	count = 0
	#syn flood 判断和检测
	for key in syn.keys():
		if syn[key]<5000:
			continue
		if http[key]/syn[key]<=3:
			if vips.has_key(key):
				vips[key]["attack"] += 1
				vips[key]["type"] = "syn"
				vips[key]["count"]+= syn[key]
				vips[key]["end"]=offset
			else:
				# 往列表里添加被攻击VIP，统计被攻击VIP的攻击量，如果一个VIP 持续10未收到攻击则从受攻击VIP列表中移除
				vips[key]={"attack":10,"type":"syn","count":syn[key],"guard":0,"start":offset,"end":offset}
	# udp flood 判断和检测
	for key in udp.keys():
		if udp[key]<5000:
			continue
		if vips.has_key(key):
			vips[key]["attack"] += 1
			vips[key]["type"] = "udp"
			vips[key]["count"]+= udp[key]
			vips[key]["end"]=offset
		else:
			vips[key]={"attack":10,"type":"syn","count":udp[key],"guard":0,"start":offset,"end":offset}
	# icmp flood 判断和检测
	for key in icmp.keys():
		if icmp[key]<5000:
			continue
		if vips.has_key(key):
			vips[key]["attack"] += 1
			vips[key]["type"] = "icmp"
			vips[key]["count"]+= icmp[key]
			vips[key]["end"]=offset
		else:
			vips[key]={"attack":10,"type":"syn","count":icmp[key],"guard":0,"start":offset,"end":offset}
	# 遍历所有被攻击的VIP，所有的attack减一，attack为0的从受攻击队列中移除
	for key in vips.keys():
		vips[key]["attack"] += -1
		if vips[key]["guard"]==0:
			print "find ddos attack on %s  from :%d " %(key,vips[key]["start"])
			addVip(key)
			# add to guard
			vips[key]["guard"]=1
		if vips[key]["attack"]==0:
			# remove from guard and vips 
			delVip(key)
			print "find ddos attack end on %s time:%d " %(key,vips[key]["end"])
			vips.pop(key)
	rdb.expire(offset,1)
	while offset < int(time.time()-10):
		offset = int(rdb.incr("offset"))-1
		rdb.expire(offset,1)
	#print "offset:%d time:%d" %(offset,int(time.time()))
	if offset > int(time.time())-5:
		time.sleep(2)
	else:
		setOffset(offset)


while 1:
	try:
		main()
	except:
		rdb = Redis("127.0.0.1")
		vips = {}
		pass

发布者：全栈程序员栈长，转载请注明出处：https://javaforall.cn/157758.html原文链接：https://javaforall.cn

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

如有侵权请联系 cloudcommunity@tencent.com 删除

java