A comprehensive network analysis tool designed to test all seven layers of the OSI model, with a specific focus on identifying DDoS vulnerabilities and security misconfigurations.
This tool is provided STRICTLY for educational purposes and authorized security testing of YOUR OWN systems only.
- Usage of this tool against any system without explicit permission is illegal and unethical.
- The author(s) assume no liability and are not responsible for any misuse or damage caused by this tool.
- Always follow responsible security practices and legal requirements.
The 7-Layer Network Analysis Tool performs comprehensive testing across all OSI layers:
- Physical Layer: Analyzes link statistics and signal quality
- Data Link Layer: Tests ARP resolution and MAC address reachability
- Network Layer: Checks IP connectivity, routing, and ICMP functionality
- Transport Layer: Examines TCP/UDP connectivity and port availability
- Session Layer: Tests session establishment, maintenance, and termination
- Presentation Layer: Analyzes data encoding, compression, and encryption (SSL/TLS)
- Application Layer: Tests HTTP/HTTPS behavior, security headers, and WAF detection
Additionally, it includes specialized DDoS vulnerability testing that examines:
- DNS reflection/amplification potential
- Rate limiting effectiveness
- Connection pool handling
- Resource exhaustion vectors
- Load balancing detection
- CDN presence
- Python 3.7 or higher
- Root/sudo privileges (for raw socket access)
- Required packages listed in requirements.txt
-
Clone this repository:
git clone https://github.com/zenjahid/7-layer-analyzer.git cd 7-layer-analyzer -
Install required packages:
pip install -r requirements.txt
-
Make the script executable:
chmod +x ddos-audit.py
sudo python3 ddos-audit.py example.comusage: ddos-audit.py [-h] [-i INTERFACE] [-d DURATION] [--no-verify] [--ddos-audit] target
7-Layer Network Analysis Tool for educational and authorized security testing
positional arguments:
target Target hostname or IP address to analyze
optional arguments:
-h, --help show this help message and exit
-i INTERFACE, --interface INTERFACE
Network interface to use
-d DURATION, --duration DURATION
Maximum test duration in seconds (default: 30, max: 60)
--no-verify Skip ownership verification (NOT RECOMMENDED)
--ddos-audit Include DDoS vulnerability audit
IMPORTANT: Only use on systems you own or have explicit permission to test.
To verify ownership of a target domain, the tool checks for a verification file at:
http://{target}/osi7layer_verification.txt
This file should contain the target hostname or IP address. If the file is not found, you'll be prompted to confirm that you have permission to test the target.
For localhost or private IP addresses, ownership verification is automatically bypassed.
The tool provides a comprehensive report that includes:
- Layer-by-Layer Analysis: Detailed findings for each OSI layer
- Security Headers: Analysis of HTTP security headers
- DDoS Vulnerabilities: Potential reflection/amplification vectors
- Security Recommendations: Actionable suggestions based on findings
Example output:
================================================================================
SUMMARY REPORT FOR example.com (93.184.216.34)
================================================================================
[Layer 1: Physical]
Link Status: up
Link Speed: 1000 Mbps
Signal Quality: -67 dBm
[Layer 2: Data Link]
Target MAC: 00:1a:2b:3c:4d:5e
ARP Responses: 1
Frame RTT: 2.45 ms
...
[Layer 7: Application]
HTTP Methods Support:
- GET: 200
- POST: 200
- HEAD: 200
- OPTIONS: 200
- PUT: 405
- DELETE: 405
- TRACE: 405
- CONNECT: 405
- PATCH: 405
Security Headers:
- Strict-Transport-Security: max-age=31536000
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
WAF Detected: True
Rate Limiting: True
...
================================================================================
SECURITY RECOMMENDATIONS
================================================================================
- Implement Content Security Policy (CSP)
- Configure DNS server to prevent amplification attacks
- Consider using a CDN for DDoS protection
================================================================================
DISCLAIMER: This report is for educational and authorized testing purposes only.
Always follow responsible security practices and legal requirements.
================================================================================
The tool implements several safety controls to prevent misuse:
- Ownership Verification: Ensures you have permission to test the target
- Rate Limiting: Caps the number of packets/requests per second
- Maximum Duration: Limits test duration to prevent extended scanning
- Minimal Resource Testing: Uses small payloads to avoid actual DoS conditions
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.