Kali Linux tools
2 min readAug 8, 2021
This week I will share 3 tools that can be used for stress testing.
- THC-SSL-DOS was developed by The Hacker’s Collective as a proof of concept for the SSL/TLS renegotiation vulnerability (CVE-2009–3555). It is used to verify the performance of SSL by performing a resource exhaustion attack on the SSL protocol. It works by initiating a regular SSL handshake and immediately requesting for the renegotiation of the encryption key constantly until the server runs out of resources resulting in a crash. It Can be used on UNIX and Windows. It Exploits the SSL secure renegotiation feature whereas many negotiations as possible are triggered via a single TCP connection. It Can be used to exploit the SSL key renegotiation feature enabled on servers.
- FunkLoad is an open-source python-based tool used for functional and load testing of web applications by emulating a single-threaded web browser. It can also be used to compile web agents by scripting web repetitive tasks. Can also be used for various types of testing including functional, regression, load, performance, and stress testing. It Can be used to test different web servers like PHP, Python, Java, and more. It Provides detailed bench reports in various formats such as ReST, HTML, Org-Mode, and PDF.
- InviteFlood is a tool used to perform SIP/SDP INVITE message flooding over UDP/IP on VOIP networks. It can be utilized to perform DoS attacks (including preventing users from initiating calls) against SIP devices (like PBX and IP telephones) by flooding them with INVITE Request messages. It Can be used on several Linux distributions and targets SIP gateways/proxies and SIP phones. It Focuses on SIP devices such as SIP phones, media gateways, PBX, and more. Most SIP networks use UDP which allows a malicious individual to leverage in flooding a SIP proxy or phone using the InviteFlood tool.