Zwergloris is a basic implementation of the Slowloris DoS attack.
It works great against Apache/2.4.41 with the reqtimeout plugin disabled. If the plugin is enabled (like it is with the default installation), the attack will succeed for a certain amount of time until the connections are closed. It then tries to create new connections (see Issues).
This was hacked together relatively quickly and just for fun. It’s also one of the few things I did in rust, so the code may not be the nicest thing ever.
Please be nice and use this tool only against your own services.
zwergloris --target 127.0.0.1:80
To specify the number of connections and the time to wait until new data is send, see zwergloris --help
-
closed connections are only detected when we try to send data, so when the server closes the connection, there is a time frame where the server is operating normal until the next tick
-
the current values for the interval and number of connections seem to work, but it would be nice to find some sane defaults