Now we can easily create a script that starts multiple connections simultaneously and keeps them open. Let's look at the http-slowloris-check
script, which detects the infamous Slowloris vulnerability (http://ha.ckers.org/slowloris/), known for causing denial-of-service conditions with very few network resources. In this case, the script only opens two connections, but we can expand the idea to keep open as many connections as possible. Refer to the http-slowloris
NSE exploit (https://svn.nmap.org/nmap/scripts/http-slowloris.nse) if you are looking for a similar implementation.
The main function of http-slowloris-check
starts two worker threads and waits for both of them to complete. The time difference is compared to determine whether the second worker thread took longer and, therefore, whether the connection was kept alive:
action = function(host,port) … -- definition of the slowloris vuln table goes here local report = vulns.Report:new(SCRIPT_NAME...