Python

CF-Cannon V2

Github Link

CF-Cannon V2 is a tool written in python to perform layer 7 stress test on your own server.

V2 version enables distributed attack on each nodes with penetration of UAM page and can be (theoretically) deployed on infinite machines.


Disclaimer: Please make sure all your tests are legal and with consent of relevant parties as I won’t be responsible for any consequence caused by this script.


Install:

apt-get update 
apt-get -y upgrade 
apt-get install build-essential nodejs python-setuptools 
apt-get install -y python-pip 
pip install demjson Flask pycurl

Run: (On each node)

python attack.py


Then use any third party API Tester: (i.e https://apitester.com/)

POST a json request to path written in attack.py (Default: /attack)

attackinfo={
	"T": 8,
	"charset": "utf-8",
	"is_protected_by_cf": false,
	"keywords": "welcome",
	"path": "/index.php",
	"peerCount": 300,
	"threadCount": 10000000,
	"url": "http://www.sample.com"
}

Set “is_protected_by_cf” to be true only if you see this page

After sending POST request, you’re suppose to see this:

Failed means your node have no access to target (keyword not found). It can be caused by:

  • You have already take it down (Success)
  • Wrong keyword on page or path can’t be found
  • Your IP/Machine is on blacklist
  • Any other reason that may cause you have no access to certain page

Success simply suggest target web page still functions normally


7 thoughts on “CF-Cannon V2”

  1. Can you make video how to use it? because i try install all requirements and open python attack.py not working

  2. Hello,

    I was asking me how to add multible nodes?
    Like:
    app.run(host=’0.0.0.0′,port=80)
    app.run(host=’0.0.0.0′,port=80)
    app.run(host=’0.0.0.0′,port=80)
    ?
    And can host be a Domain?

Leave a Reply

Your email address will not be published. Required fields are marked *