DAVOSET

DDoS attacks via other sites execution tool (DAVOSET) - це інструмент для використання Abuse of Functionality та XML External Entities уразливостей на одних сайтах для проведення атак на інші сайти (зокрема DoS і DDoS атак). Що був розроблений мною в 2010 році.

Про дані атаки я написав в статті Використання сайтів для атак на інші сайти. А в статті Ефективність проведення атак на сайти через використання інших сайтів я анонсував DAVOSET та дослідив ефективність даних атак. Також я писав про переваги даних атак.

Відео демонстрація програми DAVOSET - DDoS attacks via other sites execution tool.

GitHub: https://github.com/MustLive/DAVOSET

Скачати DDoS attacks via other sites execution tool:

DAVOSET v.1.2.8

DAVOSET_v.1.2.8.rar (26.03.2016)

DAVOSET v.1.2.7

DAVOSET_v.1.2.7.rar (30.11.2015)

DAVOSET v.1.2.6

DAVOSET_v.1.2.6.rar (30.10.2015)

DAVOSET v.1.2.5

DAVOSET_v.1.2.5.rar (30.06.2015)

DAVOSET v.1.2.4

DAVOSET_v.1.2.4.rar (31.03.2015)

DAVOSET v.1.2.3

DAVOSET_v.1.2.3.rar (15.11.2014)

DAVOSET v.1.2.2

DAVOSET_v.1.2.2.rar (31.10.2014)

DAVOSET v.1.2.1

DAVOSET_v.1.2.1.rar (23.10.2014)

DAVOSET v.1.2

DAVOSET_v.1.2.rar (26.04.2014)

DAVOSET v.1.1.9

DAVOSET_v.1.1.9.rar (29.03.2014)

DAVOSET v.1.1.8

DAVOSET_v.1.1.8.rar (07.03.2014)

DAVOSET v.1.1.7

DAVOSET_v.1.1.7.rar (13.02.2014)

DAVOSET v.1.1.6

DAVOSET_v.1.1.6.rar (24.01.2014)

DAVOSET v.1.1.5

DAVOSET_v.1.1.5.rar (31.12.2013)

DAVOSET v.1.1.4

DAVOSET_v.1.1.4.rar (03.12.2013)

DAVOSET v.1.1.3

DAVOSET_v.1.1.3.rar (31.08.2013)

DAVOSET v.1.1.2

DAVOSET_v.1.1.2.rar (31.07.2013)

DAVOSET v.1.1.1

DAVOSET_v.1.1.1.rar (19.07.2013)

DAVOSET v.1.1

DAVOSET_v.1.1.rar (13.07.2013)

DAVOSET v.1.0.9

DAVOSET_v.1.0.9.rar (05.07.2013)

DAVOSET v.1.0.8

DAVOSET_v.1.0.8.rar (28.06.2013)

DAVOSET v.1.0.7

DAVOSET_v.1.0.7.rar (21.06.2013)

DAVOSET v.1.0.6

DAVOSET_v.1.0.6.rar (18.06.2013)

DAVOSET v.1.0.5

DAVOSET_v.1.0.5.rar (18.07.2010)

 
Опис системи в readme.txt:

# DDoS attacks via other sites execution tool
# DAVOSET v.1.2.8
# Tool for conducting of DDoS attacks on the sites via other sites
# Copyright (C) MustLive 2010-2016
# Last update: 26.03.2016
# http://websecurity.com.ua
#########################################
# Program summary
#########################################

DAVOSET - it is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.

About such attacks you can read in my article Using of the sites for attacks on other sites.

#########################################
# Versions history
#########################################

26.03.2016 v.1.2.8

Added support of XXE vulnerability in EMC Cloud Tiering Appliance.
Added new services into full list of zombies.
Removed non-working services from full list of zombies.

30.11.2015 v.1.2.7

Added support of XXE vulnerability in Geoserver.
Added new services into full list of zombies.
Removed non-working services from full list of zombies.

30.10.2015 v.1.2.6

Added support of comments in the lists.
Added support of XML requests via GET (e.g. for NetIQ Access).
Removed non-working services from full list of zombies.

30.06.2015 v.1.2.5

Added support of cache bypass at web sites.
Added new services into full list of zombies.
Removed non-working services from full list of zombies.

31.03.2015 v.1.2.4

Added support of site’s engine in subfolder to WP method.
Added new services into full list of zombies.
Removed non-working services from full list of zombies.

15.11.2014 v.1.2.3

Added new services into full list of zombies.
Made a list of web sites which require “http” for target URL.
Removed non-working services from full list of zombies.

31.10.2014 v.1.2.2

Added support of https URL for target sites.
Changed default settings.
Removed non-working services from full list of zombies.

23.10.2014 v.1.2.1

Added support of attacks via WordPress (based on XML support since v.1.1.2).
Added new services into both lists of zombies.
Removed non-working services from lists of zombies.

26.04.2014 v.1.2

Added support of Socks proxy.
Added new services into full list of zombies.
Removed non-working service from full list of zombies.

29.03.2014 v.1.1.9

Added new services into both lists of zombies.
Removed non-working services from lists of zombies.
Improved TestServer function.

07.03.2014 v.1.1.8

Added support of security bypass in plugin Google Maps.
Added new services into full list of zombies.
Removed non-working services from lists of zombies.

13.02.2014 v.1.1.7

Added new services into full list of zombies.
Added support of hours in timer.
Improved support of plugin Google Maps 3.

24.01.2014 v.1.1.6

Added new services into full list of zombies.
Added support of trailing slash in URL for translate.yandex.net.
Improved algorithm of work with open files.

31.12.2013 v.1.1.5

Added error handler in GetCookie().
Added new services into lists of zombies.
Removed non-working services from lists of zombies.

03.12.2013 v.1.1.4

Added new service into full list of zombies.
Removed non-working services from lists of zombies.
Fixed bug with port in two functions.

31.08.2013 v.1.1.3

Added support of cookies.
Added support of setting ports.
Added new services into full list of zombies.

31.07.2013 v.1.1.2

Added support of XML requests for XXE vulnerabilities.
Added new services into full list of zombies.
Improved work with services which require “http://” for target site.

19.07.2013 v.1.1.1

Added new services into both lists of zombies.
Improved work with services which don’t support “http://” for target site.
Improved connection with some servers.

13.07.2013 v.1.1

Added logging.
Improved connection with some servers.
Fixed traffic counting.

05.07.2013 v.1.0.9

Added support of CSRF tokens.
Added new service into full list of zombies.
Improved work with URLs without trailing forward slash.

28.06.2013 v.1.0.8

Added support of POST requests.
Added new service into both lists of zombies.
Fixed bug with input URL of a site.

21.06.2013 v.1.0.7

Added new services to both lists of zombies.
Removed non-working URLs of services from both lists.
Made program to not close at connection errors.

18.06.2013 v.1.0.6

Added new services into list_full.txt.
Improved identification of the page at sending request.
Fixed bug with iterator $i at testing list.

18.07.2010 v.1.0.5

Added support for command line arguments.
The next options can be set from command line: URL, test, file with list, mode and number of cycles.
Added option to set maximum number of cycles for cyclic mode.

13.07.2010 v.1.0.4

Added encoding of ‘&’ in URL of attacking site for correct work with zombie-servers.
Added support of cyclic mode.
Added option to set number of cycles for cyclic mode.

12.07.2010 v.1.0.3

Made list of zombie-servers in external file.
Added option to set name of file with list of zombie-servers.
Added support of skipping blank lines in file with list of zombie-servers.

11.07.2010 v.1.0.2

Added function for testing of list of zombie-servers.
Added Accept and User-Agent headers (for attack and test requests) for compatibility with some servers.
Added option to set fake User-Agent (for hiding of the attack).

10.07.2010 v.1.0.1

Added statistic with requests, time and speed of work (r/s).
Added statistic with amount of traffic and speed of work (B/s).

09.07.2010 v.1.0

First release.