Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-slowloris-check

Script types: portrule
Categories: vuln, safe
Download: http://nmap.org/svn/scripts/http-slowloris-check.nse

User Summary

Tests a web server for vulnerability to the Slowloris DoS attack without actually launching a DoS attack.

Slowloris was described at Defcon 17 by RSnake (see http://ha.ckers.org/slowloris/).

This script opens two connections to the server, each without the final CRLF. After 10 seconds, second connection sends additional header. Both connections then wait for server timeout. If second connection gets a timeout 10 or more seconds after the first one, we can conclude that sending additional header prolonged its timeout and that the server is vulnerable to slowloris DoS attack.

You can specify custom http User-agent field with http.useragent script argument.

Idea from Qualys blogpost: * https://community.qualys.com/blogs/securitylabs/2011/07/07/identifying-slow-http-attack-vulnerabilities-on-web-applications

Script Arguments

http.useragent

Specifies custom user agent string.

http.max-cache-size, http.max-pipeline, http.pipeline

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

vulns.showall

See the documentation for the vulns library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap --script http-slowloris-check  <target>

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
| http-slowloris-check:
|   VULNERABLE:
|   Slowloris DOS attack
|     State: VULNERABLE
|     Description:
|       Slowloris tries to keep many connections to the target web server open and hold them open as long as possible.
|       It accomplishes this by opening connections to the target web server and sending a partial request. By doing
|       so, it starves the http server's resources causing Denial Of Service.
|
|     Disclosure date: 2009-09-17
|     References:
|_      http://ha.ckers.org/slowloris/

Requires


Author: Aleksandar Nikolic

License: Same as Nmap--See http://nmap.org/book/man-legal.html

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]