FAQ: UFONet v1.2.1 [Revision: 11/02/2019]

Project Website: https://ufonet.03c8.net

  • What is UFONet?
  • It is a toolkit designed to launch DDoS and DoS attacks.
  • What is a DDoS attack?
  • A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it (for example, with traffic...) from multiple sources.
  • What is a DoS attack?
  • A Denial of Service (DoS) attack is an attempt to make an online service unavailable by overwhelming it (for example, with traffic...) from a single source.
  • What is a Botnet?
  • A Botnet is a collection of computers often referred to as "zombies" that allows an attacker to control them. It is commonly used to make DDoS attacks.
  • What is the philosophy behind UFONet?
  • "On a samurai sword or even any tool, what matters is who goes to use it and for what, not who builds it and when..."
  • Why can UFONet be more special, than for example, other botnets previously built?
  • Because UFONet tries not living traces (IPs, etc...) from the origin of the attack. And of course, because it is free/libre. ;-)
  • How does UFONet work technically?
  • UFONet is a tool designed to launch Layer 7 (HTTP/Web Abuse) DDoS attacks, using 'Open Redirect' vectors, generally located on third part-y web applications (a botnet) and other powerful DoS attacks, some including different OSI model layers, as for example the TCP/SYN flood attack, which is perform on Layer 3 (Network). This schema shows you how the architecture of the requests are made when performing a simple DDoS attack.
  • Is UFONet a "strong" botnet?
  • Well!. It depends on how you understand a botnet as "strong". If you understand it as; * 'privacy'; UFONet is the best -ninja- DDoS/DoS tool... * 'traffic volume'; it depends on; 'zombies', bandwidth, target's conf, etc... With UFONet it's not about having a lot of 'zombies', it's more about those you have work properly. If they are nice, you can 'defeat' a 'small' webserver just with a 'couple of dozens'. Or for example, in a scenario in which a target is using a VPS service with some limited bandwidth rate (ex: 1GB/month) for the attacker is just a matter of time to run the tool and wait until traffic (noise) reaches the maximum limit that closes the service. Commonly people understand a botnet as an individual tool but UFONet is also a P2P/darknet, that can be used to connect others machines and to run complex schemas involving other people working cooperatively: sharing 'zombies', reporting statistics (with rankings, clans)... Therefore, UFONet can also be defined fundamentally, as: a botnet of botnets, which is obviously a harder and effective way to overwhelm an objective, than when a single person tries it individually.
  • What's the difference between: 'zombies', 'aliens', 'droids', 'ucavs'...?
  • * Zombie: HTTP GET 'Open Redirect' bot ex: https://ZOMBIE.com/check?uri=$TARGET * Droid: HTTP GET 'Open Redirect' bot with params ex: https://ZOMBIE.COM/css-validator/validator?uri=$TARGET&profile=css3 * Alien: HTTP POST 'Open Redirect' bot ex: https://ZOMBIE.com/analyze.html;$POST;url=$TARGET * Drone: HTTP 'Web Abuse' bot ex: https://www.isup.me/$TARGET * X-RPC: XML-RPC Vulnerability ex: https://ZOMBIE.COM/xmlrpc.php
  • Is it possible to stress target's database using UFONet?
  • Yes, it is. For example, you can order to your 'zombies' to submit random valid requests on a target's search input form. This floods database with queries. ex(wordpress): ./ufonet -a 'http://TARGET.com' --db '?s='
  • Is there a LOIC connected to UFONet?
  • Yes, hehe... It has implemented an advanced version of that software that supports proxies. ex: ./ufonet -a 'http://TARGET.com' --loic 500
  • And a LORIS?
  • Yes, of course. You can connect one to make requests leave open threads on the target too, making the web server work slower: ex: ./ufonet -a 'http://TARGET.com' --loris 100
  • How works UFOSYN?
  • It is a script to launch a powerful TCP-SYN (DoS) flood attack (it requires 'root' access): ex: sudo ./ufonet -a 'http://TARGET.com' --ufosyn 100
  • And SPRAY?
  • This script is used to launch a TCP-SYN reflector (DDoS) flood attack (it requires 'root' access): ex: sudo ./ufonet -a 'http://TARGET.com' --spray 100
  • What is a SMURF?
  • This other script is used to launch an ICMP echo (DDoS) flood attack (it requires 'root' access): ex: sudo ./ufonet -a 'http://TARGET.com' --smurf 100
  • And XMAS?
  • With this script you can launch a complex TCP-XMAS (DoS) flood attack (it requires 'root' access): ex: sudo ./ufonet -a 'http://TARGET.com' --xmas 100
  • How works a NUKE?
  • With this script you can launch a TCP-STARVARTION (DoS) socking attack (it requires 'root' access) that will knock down your target in seconds, if it does not have a minimum level of protection: ex: sudo ./ufonet -a 'http://TARGET.com' --nuke 10000
  • How should a powerful attack that combines all the techniques (DDoS+DoS)?
  • sudo ./ufonet -a 'http://TARGET.com' --loic 100 --loris 100 --ufosyn 100 / --spray 100 --smurf 100 --xmas 100 --nuke 10000
  • How can I start with UFONet; for example using GNU/Linux (ex: Kali)?
  • You can try to install automatically all required libs by using this command: % python setup.py install
  • Which libs should I install?
  • python-pycurl - Python bindings to libcurl python-geoip - Python bindings for the GeoIP IP-to-country resolver library python-whois - Python module for retrieving WHOIS information - Python 2 python-crypto - Cryptographic algorithms and protocols for Python python-requests - elegant and simple HTTP library for Python2, built for human beings python-scapy - Packet generator/sniffer and network scanner/discovery * Python: https://www.python.org/downloads/ * PyCurl: http://pycurl.sourceforge.net/ * PyGeoIP: https://pypi.python.org/pypi/GeoIP/ * PyWhois: https://pypi.python.org/pypi/whois * PyCrypto: https://pypi.python.org/pypi/pycrypto * PyRequests: https://pypi.python.org/pypi/requests * PyScapy: https://pypi.org/project/scapy/ * Leaflet: http://leafletjs.com/ (provided)
  • Exists any HELP command?
  • ufonet --help (-h)
  • How can I start a Graphical User Interface (GUI)?
  • ufonet --gui
  • What is a 'wormhole'?
  • It is an IRC gateway to Freenode where UFONet 'masters' can meet.
  • Is it possible to update the tool automatically?
  • Yes. But only if you have cloned UFONet from a Git repository. * git clone https://code.03c8.net/epsylon/ufonet * git clone https://github.com/epsylon/ufonet * ufonet --update
  • What is a 'blackhole'?
  • It is a P2P daemon to share 'zombies' with other UFONet 'masters'.
  • Where can I download more 'zombies'?
  • You should search for accessible 'blackholes'. Some of them are on the darknet... By the way, there is a Community list of 'zombies' that you can download using: ufonet --download-zombies
  • Can I spread 'zombies' with a web-server?
  • Yes. You just need to create a 'blackhole' and share your IP with other UFONet 'masters'... ufonet --blackhole (daemonize it with: ufonet --blackhole &)
  • How can I know if my 'zombies' are working properly?
  • ufonet -t 'botnet/zombies.txt'
  • Where can I report a bug?
  • You can report errors on: Github issues. Also you can stay in touch reporting on my "mothership" (using BOARD provided by default). If nobody gets back to you, then drop me an e-mail.
  • Can I pay you for DDoS a target?
  • No. But you can keep sending me ridiculous 'job' offers.... ;-)
  • Do you sell botnets?
  • No. Actually, I am providing you one for free/gratis... hehe.