Thursday, January 7, 2016
UFONet - is a tool designed to launch DDoS attacks
UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.
See this links for more info:
º CWE-601:Open Redirect: http://cwe.mitre.org/data/definitions/601.html
º OWASP:URL Redirector Abuse:
https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_URL_Redirector_Abuse2
º Web: http://ufonet.03c8.net
Installing:
UFONet runs on many platforms. It requires Python (2.x.y) and the following libraries:
python-pycurl - Python bindings to libcurl
python-geoip - Python bindings for the GeoIP IP-to-country resolver library
On Debian-based systems (ex: Ubuntu), run:
sudo apt-get install python-pycurl python-geoip
Source libs:
º Python: https://www.python.org/downloads/
º PyCurl: http://pycurl.sourceforge.net/
º PyGeoIP: https://pypi.python.org/pypi/GeoIP/
Searching for ‘zombies’
UFONet will search on google results for possible ‘Open Redirect’ vulnerable sites.
A common query string should be like this:
‘proxy.php?url=’
‘check.cgi?url=’
‘checklink?uri=’
‘validator?uri=’
So for example, you can begin a search with:
./ufonet -s 'proxy.php?url='
At the end of the process, you will be asked if you want to check the list retrieved to see if the urls are vulnerable.
Wanna check if they are valid zombies? (Y/n)
Also, you will be asked to update the list adding automatically only ‘vulnerable’ web apps.
Wanna update your list (Y/n)
If you reply ‘Y’, your new ‘zombies’ will be appended to the file named: zombies.txt
Examples:
with verbose:
./ufonet -s 'proxy.php?url=' -v
retrieve 15 urls:
./ufonet -s 'proxy.php?url=' --sn 15
Testing botnet
Open ‘zombies.txt’ (or another file) and create a list of possible ‘zombies’.
Urls of the ‘zombies’ should be like this:
http://target.com/check?uri=
After that, launch it:
./ufonet -t zombies.txt
At the end of the process, you will be asked if you want to update the list adding automatically only ‘vulnerable’ web apps.
Wanna update your list (Y/n)
If you reply ‘Y’, your file: zombies.txt will be updated.
Examples:
with verbose:
./ufonet -t zombies.txt -v
with proxy TOR:
./ufonet -t zombies.txt --proxy="http://127.0.0.1:8118"
Inspecting a target
This option is useful to know the best place to attack your target.
It will crawl your objetive to provide you with a URL path to the largest object (size)found in the HTML code.
./ufonet -i http://target.com
Then, you will can drive your ‘zombies’ to reload just there, doing your most effective attack.
./ufonet -a http://target.com -b "https://cdn.server.net/biggest_file_on_target.xxx"
Attacking a target
Enter a target to attack, with the number of rounds that will be attacked:
./ufonet -a http://target.com -r 10
This will attack the target, with the list of ‘zombies’ that your provided on: “zombies.txt”, a number of 10 times for each ‘zombie’. That means, that if you have a list of 1.000 ‘zombies’, the program will launch 1.000 ‘zombies’ x 10 rounds = 10.000 ‘hits’ to the target.
By default, if you don’t put any round, it will apply only 1.
Additionally, you can choose a place to recharge on target’s site. For example, a large image, a big size file or a flash movie. In some scenarios where targets doesn’t use cache systems, this will do the attack more effective.
./ufonet -a http://target.com -b "/images/big_size_image.jpg"
Examples:
with verbose:
./ufonet -a http://target.com -r 10 -v
with proxy TOR:
./ufonet -a http://target.com -r 10 --proxy="http://127.0.0.1:8118"
with a place:
./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
GUI/Web Interface
You can manage UFONet using a Web interface. The tool has implemented a python web server connected to the core, to provides you a more user friendly experience.
To launch it, use:
./ufonet --gui
This will open a tab on your default browser with all the options of the tool.
Search
Categories
Popular Posts
-
dotenv loads .env files into process.env for Node.js projects, making it useful for configuration hygiene checks, secret-handling review...
-
In this post, we will explore a Python script designed to parse logs containing url:user:pass data. These logs are instrumental in executin...
-
New bug bounty(vulnerabilities) collector Requirements Chrome with GUI (If you encounter trouble with script execution, check the stat...
-
x64dbg is a Windows user-mode debugger for controlled runtime inspection, breakpoint logic, trace collection and patch validation in autho...
-
As cyber threats evolve, so must our strategies to combat them. The deepdarkCTI project serves as a crucial resource, offering access to a c...
-
GTFOcli it's a Command Line Interface for easy binaries search commands that can be used to bypass local security restrictions in mis...
-
As mobile applications become more integral to our daily lives, ensuring their security is paramount. Vulnerabilities in mobile apps can exp...
-
social-analyzer provides API, CLI, and web interfaces for finding and analyzing public profiles across more than 1000 social media and web...
-
Remote adminitration tool for android Features Notifications listener SMS listener Phone call recording Image capturing and sc...
-
RepoReaper is a precision tool designed to automate the identification of exposed .git repositories across a list of domains and subdomai...
Blog Archive
-
►
2026
(3)
- ► 05/24 - 05/31 (3)
-
►
2024
(42)
- ► 05/26 - 06/02 (1)
- ► 05/12 - 05/19 (1)
- ► 05/05 - 05/12 (5)
- ► 03/10 - 03/17 (3)
- ► 02/18 - 02/25 (32)
-
►
2022
(20)
- ► 02/06 - 02/13 (18)
- ► 01/30 - 02/06 (2)
-
►
2018
(69)
- ► 10/14 - 10/21 (4)
- ► 08/26 - 09/02 (7)
- ► 08/12 - 08/19 (4)
- ► 07/15 - 07/22 (2)
- ► 07/08 - 07/15 (6)
- ► 07/01 - 07/08 (3)
- ► 06/17 - 06/24 (2)
- ► 03/04 - 03/11 (2)
- ► 02/18 - 02/25 (1)
- ► 02/04 - 02/11 (3)
- ► 01/28 - 02/04 (7)
- ► 01/21 - 01/28 (6)
- ► 01/14 - 01/21 (12)
- ► 01/07 - 01/14 (10)
-
►
2017
(72)
- ► 12/31 - 01/07 (2)
- ► 12/03 - 12/10 (1)
- ► 11/19 - 11/26 (1)
- ► 11/12 - 11/19 (1)
- ► 10/22 - 10/29 (3)
- ► 10/01 - 10/08 (2)
- ► 09/17 - 09/24 (6)
- ► 09/10 - 09/17 (2)
- ► 09/03 - 09/10 (2)
- ► 08/27 - 09/03 (4)
- ► 07/23 - 07/30 (5)
- ► 07/16 - 07/23 (3)
- ► 06/25 - 07/02 (1)
- ► 06/18 - 06/25 (4)
- ► 05/21 - 05/28 (7)
- ► 05/14 - 05/21 (1)
- ► 05/07 - 05/14 (2)
- ► 04/30 - 05/07 (2)
- ► 04/23 - 04/30 (2)
- ► 04/16 - 04/23 (2)
- ► 03/19 - 03/26 (4)
- ► 01/22 - 01/29 (2)
- ► 01/15 - 01/22 (1)
- ► 01/08 - 01/15 (8)
- ► 01/01 - 01/08 (4)
-
▼
2016
(648)
- ► 12/25 - 01/01 (1)
- ► 12/18 - 12/25 (2)
- ► 12/11 - 12/18 (6)
- ► 12/04 - 12/11 (4)
- ► 11/27 - 12/04 (5)
- ► 11/13 - 11/20 (1)
- ► 11/06 - 11/13 (1)
- ► 10/30 - 11/06 (5)
- ► 10/23 - 10/30 (1)
- ► 10/16 - 10/23 (2)
- ► 10/09 - 10/16 (5)
- ► 10/02 - 10/09 (3)
- ► 09/25 - 10/02 (2)
- ► 09/18 - 09/25 (6)
- ► 09/11 - 09/18 (6)
- ► 09/04 - 09/11 (4)
- ► 08/28 - 09/04 (7)
- ► 08/21 - 08/28 (5)
- ► 08/14 - 08/21 (4)
- ► 08/07 - 08/14 (2)
- ► 07/31 - 08/07 (2)
- ► 07/24 - 07/31 (5)
- ► 07/17 - 07/24 (2)
- ► 07/10 - 07/17 (3)
- ► 07/03 - 07/10 (6)
- ► 06/26 - 07/03 (11)
- ► 06/12 - 06/19 (4)
- ► 06/05 - 06/12 (1)
- ► 05/29 - 06/05 (1)
- ► 05/08 - 05/15 (4)
- ► 04/24 - 05/01 (8)
- ► 04/17 - 04/24 (5)
- ► 04/10 - 04/17 (1)
- ► 04/03 - 04/10 (8)
- ► 03/27 - 04/03 (1)
- ► 03/20 - 03/27 (5)
- ► 03/13 - 03/20 (1)
- ► 03/06 - 03/13 (12)
- ► 02/28 - 03/06 (14)
- ► 02/21 - 02/28 (11)
- ► 02/14 - 02/21 (12)
- ► 02/07 - 02/14 (13)
- ► 01/31 - 02/07 (121)
- ► 01/24 - 01/31 (34)
- ► 01/17 - 01/24 (58)
- ► 01/10 - 01/17 (59)
-
▼
01/03 - 01/10
(174)
- New World Order - Como a Nova Ordem Mundial quer n...
- Rogue Wi-Fi - Access Point Attack WiFi-Pumpkin
- Maltrail - Malicious Traffic Detection System
- Winpayloads - Undetectable Windows Payload Generation
- Kali Linux - Wireless Penetration Testing Beginner...
- Metasploit - The Penetration Tester’s Guide
- Hacker’s Playbook - Practical Guide for Ethical Ha...
- Estrutura - Diretórios do Linux
- Hackers - Causam o primeiro corte de electricidade...
- UFONet - is a tool designed to launch DDoS attacks
- NASA: Algo está prestes a acontecer! O grande segr...
- The Wind - Man In The Middle (MITM) Attack Tool
- Milhões de pessoas não sabem o que usa!
- LEAVE THE MATRIX
- SCRYPTmail
- PenBox
- COMO FUNCIONA A MANIPULAÇÃO DA MÍDIA
- PT propõe fim do dinheiro em espécie - até que só ...
- Teoria da conspiração - Obama usou pomada especia...
- Farsa Criança Esperança - Rede Esgoto fica com 90%...
- Kali NetHunter 3.0 - Android Mobile Penetration Te...
- ParanoicScan - Vulnerability Scanner
- IPTV Brute-Force - Search And Brute Force Illegal ...
- Sawef - Send Attack Web Forms
- Vuvuzela - Private Messaging System That Hides Met...
- Phpsploit - Stealth Post-Exploitation Framework
- Blade - A Webshell Connection Tool With Customized...
- Sublist3R - Fast Subdomains Enumeration Tool For P...
- Nipe - Script To Redirect All Traffic From The Mac...
- jSQL Injection v0.73 - Java Tool For Automatic SQL...
- CenoCipher - Easy-To-Use, End-To-End Encrypted Com...
- JexBoss - Jboss Verify And Exploitation Tool
- Faraday 1.0.16 - Collaborative Penetration Test an...
- PentestPackage - A Package of Multiple Pentest Scr...
- Phan - Static Analyzer For PHP
- Domi-Owned - Tool Used for Compromising IBM/Lotus ...
- Ares - Python Botnet and Backdoor
- credmap - The Credential Mapper
- ATSCAN - Server, Site and Dork Scanner
- Pyersinia - Network Attack Tool
- Collection Of Awesome Honeypots
- Flashlight - Automated Information Gathering Tool ...
- Mosca - Static Analysis Tool To Find Bugs
- Joomlavs - A Black Box, Joomla Vulnerability Scanner
- MassBleed - Mass SSL Vulnerability Scanner
- Tor Messenger - Chat over Tor, Easily
- Xiaopan OS - Pentesting Distribution for Wireless ...
- Waldo - Multithreaded Directory and Subdomain Brut...
- oclHashcat v2.01 - Worlds Fastest Password Cracker
- 0d1n - Tool For Automating Customized Attacks Agai...
- SpiderFoot v2.6.1 - Open Source Intelligence Autom...
- Katana - Framework for Hackers, Professional Secur...
- Xplico v1.1.1 - Open Source Network Forensic Analy...
- Bohatei - Flexible and Elastic DDoS Defense
- REXT - Router Exploitation Toolkit
- Aircrack-ng 1.2 RC 3 - WEP and WPA-PSK Keys Cracki...
- Hsecscan - A Security Scanner For HTTP Response He...
- Nmap 7 - Security Scanner For Network Exploration ...
- GetHead - HTTP Header Analysis Vulnerability Tool
- Beurk - Experimental Unix Rootkit
- Codetainer - A Docker Container In Your Browser
- LiME - Linux Memory Extractor
- WAP - Web Application Protection
- Bluto - DNS Recon, DNS Zone Transfer, and Email En...
- Wireshark v2.0 - The World’s Foremost Network Prot...
- Toxy - Hackable Http Proxy To Simulate Server Fail...
- Tails 1.7 - The Amnesic Incognito Live System
- Security Onion - Linux Distro For Intrusion Detect...
- ARDT - Akamai Reflective DDoS Tool
- Infernal-Twin - This Is Evil Twin Attack Automated...
- LMD - Linux Malware Detect
- XPL-SEARCH - Search Exploits In Multiple Exploit D...
- MobSF (Mobile Security Framework) - Mobile (Androi...
- Gping - Ping, But With A Graph
- CSRFT - Cross Site Request Forgeries (Exploitation...
- Burpkit - Next-Gen Burpsuite Penetration Testing Tool
- Rubocop - A Ruby Static Code Analyzer, Based On Th...
- Btproxy - Man In The Middle Analysis Tool For Blue...
- TheFuck - Magnificent App Which Corrects Your Prev...
- B374K - PHP Webshell with handy features
- Twittor - A fully featured backdoor that uses Twit...
- Faraday 1.0.15 - Collaborative Penetration Test an...
- ZeroNet - Decentralized websites using Bitcoin cry...
- Weeman - HTTP Server for Phishing
- Heartbleed Vulnerability Scanner - Network Scanner...
- Gryffin - Large Scale Web Security Scanning Platform
- Pupy - Multi-Platform Remote Administration Tool
- DNSteal - DNS Exfiltration tool for stealthily sen...
- Tiger - The Unix security audit and intrusion dete...
- PEInjector - MITM PE file infector
- MALHEUR - Automatic Analysis of Malware Behavior
- CrackMapExec - A swiss army knife for pentesting W...
- Speedtest - Command Line Interface for Testing Int...
- Pentoo 2015 - Security-Focused Livecd based on Gentoo
- ZAP 2.4.2 - Penetration Testing Tool for Testing W...
- Wfuzz - The Web Application Bruteforcer
- Sn1per - Automated Pentest Recon Scanner
- Droopescan - Scanner to identify issues with sever...
- Discover - Custom bash scripts used to automate va...
- SparkyLinux - Lightweight & fast Debian-based Linu...
- Burp Suite Professional 1.6.26 - The Leading Toolk...
- Sonar.js - Framework for identifying and launching...
- AutoBrowser - Create Report and Screenshots of HTT...
- TestDisk - Partition Recovery and File Undelete fo...
- Intrigue - Intelligence Gathering Framework
- FruityWifi v2.2 - Wireless Network Auditing Tool
- NetRipper - Smart Traffic Sniffing for Penetration...
- Wifresti - Find your wireless network password fro...
- SubDomain Analyzer - Get detailed information of a...
- SQLChop - SQL Injection Detection Engine
- CredCrack - Fast and Stealthy Credential Harvester
- Geotweet - Social engineering tool for human hacking
- Katoolin - Automatically install all Kali Linux tools
- Whonix v11 - Anonymous Operating System
- SPF - SpeedPhish Framework
- OWASP ZSC Shellcoder - Generate Customized Shellcodes
- Metasploit AV Evasion - Metasploit payload generat...
- HTTPie - a CLI, cURL-like tool for humans
- A Cidade Mais Perigosa da Internet
- PortDog - Simple Python Script to Detect Port Scan...
- MPC - Msfvenom Payload Creator
- OWASP ZAP 2.4.1 - Penetration Testing Tool for Tes...
- PEframe - Tool to perform static analysis on Porta...
- Burp Suite Professional v1.6.23 - The Leading Tool...
- BWA - OWASP Broken Web Applications Project
- SET v6.5 - The Social-Engineer Toolkit “Mr Robot”
- IVRE - A Python network recon framework, based on ...
- Passgen - Random Character Generator Crunch to Cra...
-
►
2015
(26)
- ► 12/27 - 01/03 (1)
- ► 08/30 - 09/06 (8)
- ► 08/23 - 08/30 (16)
- ► 08/16 - 08/23 (1)
Home
Privacy Center
Data Protection
Community
Digital Policy
Security Tools
Online Utilities
Resources
Search Operators
Library

0 comentários:
Post a Comment
Note: Only a member of this blog may post a comment.