0) REQUIREMENTS
Java.
1) INSTALLING
Download
from SourceForge and unzip.
2) CONFIGURING
Edit etc/spizd.properties.
3) RUNNING
Make sure you read and customize etc/spizd.propeties file.
There's a few script files in bin directory, they all require the
property file.
spizd-probe.sh will open a
number of connections to given server, and read one line of
response from each of them, trying to determine number of
simultaneous connctions a server can handle.
This is probably the first thing you'll be running.
spizd-http.sh reads given
url list file, and bombs the server with one request per
connection, keeping constant number of concurrent connections, or
decreasing number of connections, as configured.
spizd-pop3.sh reads
password dictionary file, and tries to login to a pop server with
given username and passwords read from the dictionary, via
multiple connections.
spizd-imap.sh does the
same thing for imap servers.
spizd-smtp.sh does the
same thing for smtp servers. Additionally, it can send a number of
messages for each connection, see spizd.properties.
spizd-ssh.sh does the same
thing for ssh.
Note: default confing of sshd contains MaxStartups "10:30:60",
meaning 10 unauthenticated connections are allowed, 10-60 have 30%
disconnect chance, and all above 60 are disallowed.
spizd-pop3s.sh, spizd-pop3tls.sh, spizd-imaps.sh,
spizd-imaptls.sh, spizd-smtps.sh, spizd-smtptls.sh use secure
authentification mechanisms for mail servers.
installcert.sh is utility
to install self-signed certificates if required.
spizd-radius.sh reads
dictionary file and sends auth-request packets to destigned radius
server. Options like radius secret need to be specified in
spizd.properties file.
spizd-dict.sh generates
password dictionary file within given parameters.
Password generation is not very smart, and generated dictionary
file contains passwords sorted alphabetically, rough equivalent of
brute-force attack; if you really need to crack some passwords,
get some better dictionary file(s).
Dictionary file name is specified in properties file.
File may contain only passwords, or login and password separated
by defined separator; in former case login must be provided as
command line argument.
For more information on how each of these modules work, check
included javadoc, or - Use the Source, Luke!
Note for crackers: this is
invasive cracking method and you will be noticed immediatelly.
4) BUILDING
There's ant build.xml file in this directory, so to build SPIZD
distro, just type ant dist.
5) LINUX NOTES
Running a stress-test client is not a trivial task.
A linux user (including root) can have only 1024 files and sockets
opened by default; check ulimit -n and nofile in limits.conf.
Furthermore, number of local ports is also limited; check
/proc/sys/net/ipv4/ip_local_port_range
(net.ipv4.ip_local_port_range in sysctl.conf).
Kernel IP connection tracking module is also limited; check
/proc/sys/net/ipv4/ip_conntrack_max (net.ipv4.ip_conntrack_max in
sysctl.conf) and /proc/sys/net/nf_conntrack_max
(net.netfilter.nf_conntrack_max).
If that's not enough, you may also need to change
/proc/sys/net/ipv4/tcp_tw_reuse (net.ipv4.tcp_tw_reuse in
sysctl.conf) to 1, to reuse sockets in TIME_WAIT state, or to
reduce /proc/sys/net/ipv4/tcp_fin_timeout
(net.ipv4.tcp_fin_timeout in sysctl.conf) so sockets wait less for
the other peer to close.
Also, server may detect stress test as syn flood and start sending
syn cookies; this may result in connection timeouts/refusal.
If so, set /proc/sys/net/ipv4/tcp_syncookies to 0.