The Black Project, a HTTP DoS tool written in Python. Black Project is a script written in python that executes HTTP based DoS attack on victim’s website. The packets that are sent on the web server are sent from a single computer which tries to overload website’s resources by sending fake packets to the apache.
The Black Project, also known as a modified version of GoldenEye Python DoS tool. Both the tool, GoldenEye and Black Project works the same except BlackProject has fixed GoldenEye’s overloading issue. This issue results in attacker’s computer to crash after the attack is launched.
A HTTP DoS Tool Written In Python That Works
BlackProject was initially launched in the year 2016 and hasn’t been updated so far. However it is still proven to be working against several weak websites.
BlackProject can take down websites having PHP pages. The script sends malicious HTTP requests over PHP and hence, making it slow down. As soon as the PHP script takes more then it’s configured max_exec time in php.ini, the website goes down with an error “Gateway Error” or “503 Timed Out”.
Earlier in 2016, the tool was proven to be effective against most of websites including few government websites according to Cobra Command.
But for now, the tool can be used for personal pentesting. As per ShadowCrypt’s test against several WordPress websites, the BlackProject still works and can take down fewer PHP based websites.
How To Protect An Average Website Against BlackProject’s Attack?
As already mentioned above, the script tries to overload website’s resources through the mean of php. Hence, the website can be protected by increasing the value upto two times in php.ini settings. As per ShadowCrypt’s instructions, website owners can either add Cloudflare’s protection for the first 2-3 days so that Cloudflare’s algorithm checks up all possible IPs and block the attack. Or, it is recommended for the website owners to change(double) the values of the post_max_size, memory_limit,max_input_time and max_execution_time. This method has been personally tried and proven to be working.
TheBlackProject is a HTTP Layer 7 DoS script which is an upgraded version of GoldenEye. Many bugs have been fixed since last release of GoldenEye.
TheBlackProject is a DoS python script for http. This project is under Team Ultimate Software and Technologies association limited.
Credits :- Manal Shaikh
USAGE: ./blackproject.py <url> [OPTIONS] OPTIONS: Flag Description Default -u, --useragents File with user-agents to use (default: randomly generated) -w, --workers Number of concurrent workers (default: 50) -s, --sockets Number of concurrent sockets (default: 30) -m, --method HTTP Method to use 'get' or 'post' or 'random' (default: get) -d, --debug Enable Debug Mode [more verbose output] (default: False) -h, --help Shows this help
- util/getuas.py – Fetchs user-agent lists from http://www.useragentstring.com/pages/useragentstring.php subpages (ex: ./getuas.py http://www.useragentstring.com/pages/Browserlist/) REQUIRES BEAUTIFULSOUP4
- res/lists/useragents – Text lists (one per line) of User-Agent strings (from http://www.useragentstring.com)
- Change from getopt to argparse
- Change from string.format() to printf-like
- Add more useragents
- More sockets options to be added
- Packet size and quantities information to be added.
- Add more options to attack like SYN, TCP and etc. (Rather then HTTP)
THIS SOFTWARE IS PROVIDED FOR EDUCATIONAL USE ONLY! IF YOU ENGAGE IN ANY ILLEGAL ACTIVITY THE AUTHOR DOES NOT TAKE ANY RESPONSIBILITY FOR IT. BY USING THIS SOFTWARE YOU AGREE WITH THESE TERMS.
Above are the textual form of “README.md” mentioned in the github’s repository. Users can download this script by going to github.com/shieldsec/BlackProject.