npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

thlorenz-attack

v0.3.0

Published

Tool that surfaces problems in your application that render it insecure or may cause it to crash.

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

thlorenzthlorenz

Keywords

Readme

attack build status

Tool that surfaces problems in your application that render it insecure or may cause it to crash.

assets/attack.gif

// create sitemap of your server
var attack = require('thlorenz-attack')
var app = require('express')()
  .get('/', function index () { })
  .post('/other', function other () { })

attack.writeRoutes(app)

Then use the attack cli tool to generate ab and siege scripts to attack your server.

Table of Contents generated with DocToc

Status

Only express apps supported at the moment to have sitemap geneated.

Installation

npm install thlorenz-attack

Usage

usage: attack <attack-options>

Surfaces problems in your application that render it insecure or may cause it to crash.
Requires a routes file to have been generated, see https://github.com/thlorenz/attack#attackwriteroutesapp-opts

OPTIONS:

  -h, --help      Print this help message.
  -c, --config    Overrides the default configuration for siege and ab
                  The config file has this format:
                  https://github.com/thlorenz/attack/blob/master/attacks/default-config.json 
  -t, --type      Specifies which kind of attack to generate ('ab' | 'siege') 
  -u, --url       Specifies the root url at which your server accepts requests (including port and protocol)
                  i.e. http://localhost:5000
  -o, --output    Specifies into which file to pipe the output of the 'ab' tool  


EXAMPLES:

Create an ab attack using the default options piping into results.txt

  attack -r ./attack-routes.json -o results.txt -t ab -u http://localhost:5001 > attack.sh

Create a siege attack using the default options

	attack -r ./attack-routes.json -o results.txt -t siege -u http://localhost:5001 > siege-attack.sh &&\

Create a siege attack using a custom config

	attack -r ./attack-routes.json -c ./myconfig.json -o results.txt -t siege -u http://localhost:5001 > siege-attack.sh &&\

Find more examples in the examples/Makefile at https://github.com/thlorenz/attack/blob/master/examples/Makefile

The config you can pass looks as follows. It is best if you just copy it from here and then modify it to your liking.

{
  "siege": {
    "acceptEncoding": "gzip",
    "authorization": null,
    "concurrency": 5,
    "internet": true,
    "keepAlive": true,
    "loginUrl": null,
    "requests": 20
  },
  "ab": {
    "authorization": null,
    "concurrency": 5,
    "jsonFiles": null, "//": "array of JSON file names to be used in Invalid JSON attack",
    "keepAlive": false,
    "requests": 50,
    "url": null,
    "resultFile": "ab-results.txt"
  }
}

API

generated with docme

Examples

Try the examples here as follows:

Express Example

cd examples && npm install
make ab-siege-async
node express-async-error

In another terminal

sh siege-attack.sh && sh ab-attack.sh

Then watch your express app crash after a bit.

License

MIT