In computing, a denial of service attack is a cyber-attack - KIW💠KIW
Gaza War!

Daily News

In computing, a denial of service attack is a cyber-attack

In computing, a denial of service attack is a cyber-attack


Awesome list of DDos attack tools.
Several DDos Tools for testings.

Please feel free to open pull requests.

About DDos Attack

In computing, a denial-of-service attack is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

Software & Script Info

 1. LOIC (Low Orbit Ion Cannon_Windows)

LOIC is an open-source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.

2. davoset

DDoS attacks via other sites execution tool. It is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.

3. ddosim

DDOSIM is a tool that can be used in a laboratory environment to simulate a distributed denial of service (DDOS) attack against a target server. ... It simulates several zombie hosts (having random IP addresses) which create full TCP connections to the target server.

4. GoldenEye

GoldenEye is an python app for security testing. GoldenEye is a HTTP DoS Test Tool.


 USAGE: ./ <url> [OPTIONS]

    Flag           Description                     Default
    -u, --useragents   File with user-agents to use                     (default: randomly generated)
    -w, --workers      Number of concurrent workers                     (default: 50)
    -s, --sockets      Number of concurrent sockets                     (default: 30)
    -m, --method       HTTP Method to use 'get' or 'post'  or 'random'  (default: get)
    -d, --debug        Enable Debug Mode [more verbose output]          (default: False)
    -h, --help         Shows this help



This software is distributed under the GNU General Public License version 3 (GPLv3)

5. Hoic (High Orbit Ion Cannon)

Hoic is an open-source network stress testing and denial-of-service attack application designed to attack as many as 256 URLs at the same time. It was designed to replace the Low Orbit Ion Cannon which was developed by Praetox Technologies and later released into the public domain.

6. HULK (HTTPS Unbearable Load King)

Python Version License Platform Codacy grade


This script is a Distributed Denial of Service tool that can put heavy load on HTTPS servers, in order to bring them to their knees, by exhausting the resource pool. Its is meant for research purposes only and any malicious usage of this tool is prohibited.The authors aren't to be held responsible for any consequence of usage of this tool.

Authors : Hyperclaw79version 3.0, 2.0Barry Shteiman , version 1.0


  • Run pip install -r requirements.txtbefore starting this script.
  • Launch the with the target website as arg.python
  • Launch the to spawn multiple processes of hulk - one per CPU Core. python localhost

    If it's a bot on a remote client, replace localhost with the server's IP.

  • Sit back and sip your coffee while the carnage unleashes! >:D


HULK v3 is a Python 3 compatible Asynchronous Distributed Denial of Service Script. Original script was created by Barry Shteiman. You can use that one if you have Python 2.

Using a GNU license cause there was no mention about any license used by Barry. Feel free to modify and share it, but leave some credits to us both and don't hold us liable.

7. pyloris

Using HTTPLoris is simple. In its most basic form, HTTPLoris merely needs a copy of Python 2.6.


On a Linux machine, one must simply invoke the script in a terminal, stating a site to test:

motoma@rocksalt:/home/motoma$ python

On Mac OS X, one invokes PyLoris the same way. Using the Terminal Application:

hotdog:/Users/Motoma/ motoma$ python

Using HTTPLoris in Windows is a little different. One will need to know the location of the Python installation, and be in the proper directory. Load up a command prompt:


Advanced Options

Invoking HTTPLoris by using the commands above start a limited to 500 connections across 50 threads, each sending at 1 byte/second and waiting until the connection is forced shut by the server. While this behavior will bog down an Apache server with the default settings, it is not a very thorough test. The following are some additionall options that will allow one to customize the way HTTPLoris works:

-a, --attacklimit
The --attacklimit flag restricts the number of total connections (current + completed) during a single session. Set this to zero to specify no limit.

-c, --connectionlimit
Adjusting the --connectionlimit flag can drastically change how well HTTPLoris performs. The --connectionlimit flag directly controls the number of concurrent connections held during the session. In a base Apache environment, when this number is above the MaxClients setting, the server is unresponsive.

-t, --threadlimit
This is the number of attacker threads run during the session.

-b, --connectionspeed
This is the connection speed for each individual connection in bytes/second. Comparing this with the lenght of the request, and you should have an accurate guess of how long each connection should linger.

-f, --finish
Specifying the --finish flag will cause HTTPLoris to finish and close connections upon the completion of the request. This will prompt servers to send full responses to the HTTP requests that are made.

-k --keepalive
Using the --keepalive flag will add the Connection: Keep-Alive header to the HTTP request. On vulnerable servers, this will increase the duration of connections considerably.

-p, --port
HTTPLoris will connect on port 80 by default. Specifying the --port flag will change this behavior.

-P, --page
By default, HTTPLoris will make HTTP requests for "/". Setting the --page flag will allow one to control the page that HTTPLoris requests.

-q, --quit
Terminate the connection without receiving reply from the server. This will reduce the effectivenes as connections will terminate as soon as the full request buffer has been sent.

-r, --requesttype
Setting the --requesttype flag will change the HTTP method used. Available options are GET, HEAD, POST, PUT, DELETE, OPTIONS, and TRACE. Certain proxies and load balancers will filter out certain types of requests, and hold them until the requests are complete. POST requests are commonly passed through due to their potential for large sizes, therefore this may cause different behavior.

-R, --referer
Adds a referring URL to the HTTP request.

-s, --Size
The --size flag allows one to increase the size of the request made. Increasing the size will in turn increase the duration of connections, leading to a longer sustained test. In situations where servers or firewalls are set to terminate unfinished connections, this can extend the length of the test drastically. This can also be used to test a web server's capability to handle multiple large requests and benchmark memory usage. The additional data is filled in the Cookie-Data field.

-u, --useragent
By default, HTTPLoris advertizes itself in the User-Agent header. The --useragent flag allows one to override this and masquerade as other web browsers. Useful because some sites will render different pages for different web browsers. 

-z, --gzip
Specifying the --gzip flag will allow instruct PyLoris to send an "Accept-Encoding: gzip" header. When combined with the --quit and --finish flags, this can test for the CEV-2009-1891 DoS vulnerability ( Also leads to larger CPU usage and smaller bandwidth usage.

-w, --timebetweenthreads
Setting the --timebetweenthreads flag will adjust the amount of time between threads spawning. Adjusting this in conjunction with the --threadlimit will change the CPU load on your local machine.

-W, --timebetweenconnections
Setting the --timebetweenconnections flag will adjust the amount of time between socket connections. This will directly affect how quickly the target's connection limit is reached.

Proxy Options 
HTTPLoris is able to connect through SOCKS4, SOCKS5, and HTTP proxies. This allows HTTPLoris to run through SSH tunnels, as well as TOR. Utilizing TOR should essentially eliminate the mitigating effects of ipchains, mod_antiloris, and mod_noloris.

Setting the --socksversion flag tells HTTPLoris to connect through a SOCKS proxy. Allowed values are SOCKS4, SOCKS5, and HTTP.

Set the --sockshost flag to the address of the SOCKS proxy when --socksversion is set. If this is not set, HTTPLoris will default to

Set the --socksport flag to the port number of the SOCKS proxy when --socksversion is set. 

--socksuser and --sockspass
Optionally, one may set a username and password for the SOCKS proxy using these two flags.

8. Rudy (R U Dead yet)

‘R U Dead Yet?’ or R.U.D.Y. is a denial-of-service attack tool that aims to keep a web server tied up by submitting form data at an absurdly slow pace. A R.U.D.Y. exploit is categorized as a low-and-slow attack, since it focuses on creating a few drawn-out requests rather than overwhelming a server with a high volume of quick requests. A successful R.U.D.Y. attack will result in the victim’s origin server becoming unavailable to legitimate traffic.

The R.U.D.Y. software includes a user-friendly point-and-click interface, so all an attacker needs to do is point the tool at a vulnerable target. Any web service that accepts form input is vulnerable to a R.U.D.Y. attack, since the tool works by sniffing out form fields and exploiting the form submission process.

9. Torshammer


./ -t <target> [-r <threads> -p <port> -T -h]
-t|--target <Hostname|IP>
-r|--threads <Number of threads> Defaults to 256
-p|--port <Web Server Port> Defaults to 80
-T|--tor Enable anonymising through tor on
-h|--help Shows this help

Eg. ./ -t -r 256

10. hping


	hping3 is a network tool able to send custom TCP/IP
	packets and to display target replies like ping do with
	ICMP replies. hping3 can handle fragmentation, and
	almost arbitrary packet size and content, using the
	command line interface.

	Since version 3, hping implements scripting capabilties,
	read the API.txt file under the /docs directory to know
	more about it.

	As a command line utility, hping is useful to test at
	many kind of networking devices like firewalls, routers,
	and so. It can be used as a traceroute alike program over all
	the supported protocols, firewalk usage, OS fingerprinting,
	port-scanner (see the --scan option introduced with hping3),
	TCP/IP stack auditing.

	It's also really a good didactic tool to learn TCP/IP.

	Using Tcl/Tk scripting much more can be done, because
	while the hping3 packet generation code is actually the
	hping2 put there mainly for compatibility with the command
	line interface, all the real news are about scripting.

	See the libs directory for example scripts. To run
	the example scripts type:

		hping3 exec ScriptName.htcl <arguments, if required>

	hping3 is developed and manteined by
	with the help of other hackers, and comes under GPL version
	2 of license. Development is open so you can send me
	patches/suggestions/affronts without inhibitions.

	Please check the AUTHORS file for a list of people that
	contribued with code, ideas, bug reports.

	Also vim developer, for tcpdump and GNU in general.


	For the hping3 API check docs/API.txt

	You can find documentation about hping3 specific functions

	Make sure to check the page at


	A supported unix-like OS, gcc, root access.


	Tcl/Tk is optional but strongly suggested.


	see INSTALL file.

have fun,

11. #Refref

#Refref - An SQLi injection DDOS tool

12. Hyenae


  • ARP-Request flooding
  • ARP-Cache poisoning
  • PPPoE session initiation flooding
  • Blind PPPoE session termination
  • ICMP-Echo flooding
  • ICMP-Smurf attack
  • ICMP based TCP-Connection reset
  • TCP-SYN flooding
  • TCP-Land attack
  • Blind TCP-Connection reset
  • UDP flooding
  • DNS-Query flooding
  • DHCP-Discover flooding
  • DHCP starvation attack
  • DHCP-Release forcing
  • Cisco HSRP active router hijacking
  • Pattern based packet address configuration
  • Intelligent address and address protocol detection
  • Smart wildcard-based randomization
  • Daemon for setting up remote attack networks - HyenaeFE QT-Frontend support

13. Boom(Python)

14. RCPnet

A multi-tool for network pen-testing written in python. It contains effective ping functions, hostname traceroute, and cloudflare detection. This is a modification from the FoxNuke Project, which only intended to be a DOS tool for network pen testing.

15. MaddStress

MaddStress is a simple denial-of-service (DDoS) attack tool that refers to attempts to burden a network or server with requests, making it unavailable to users.


  • Strongest & Best DDoS Tools
  • UDP Configuration
  • TCP Configuration
  • SYN Configuration
  • Proxy Configuration
  • URL Grabber
  • Port Scanner
  • CloudFlare Resolver
  • Multi CloudFlare Resolver
  • Proxy Attack & Generator
  • Always Updates & Current News
  • System Information
  • Network Information
  • Simple Design UI
  • User friendly GUI

16. Dequiem

Dequiem is a DDoS tool written in python 2.7


  • DDoS
  • Find a website's IP
  • Port Scanning


NEMESIS is tool like torshammer or pyloic, used to Distributed Denial of Service attacks, writen in C#

18. ChiHULK

Written in python 2.7
Edited version of the DDoS / DoS tool called HULK(.py).

19. PentaDos

Written in python 2.7
A tool designed by members of PentagonCrew to help you easily take down websites. Ethical uses only

20. Moihack DoS Attack Tool Reloaded

A simple TCP/UDP Port Flooder written in Python.

21. Slowloris

22. AnDDoS

Stealth Anonymous Kill-The-Server

The classic DDoS! Overload the server.

23. torDDos

Author: r3nt0n

Version 1.0 Python 2.7 GPL-3.0 License Date
TorDDos is a Python tool to automatize DDos attacks to a website from the Tor network.


  -h, --help        show this help message and exit
  -t , --target     server to kick-out
  -n , --attempts   number of attempts of attack (default: 5)

How it works

  • Creates a new Tor session.
  • Makes a request to the website you choose as a target.
  • Releases the Tor session, then creates another and request data again to the website.


  • Linux system
  • Python 2.7
  • Tor service
  • requests

This tool is created for the sole purpose of security awareness and education, it should not be used against systems that you do not have permission to test/attack. The author is not responsible for misuse or for any damage that you may cause. You agree that you use this software at your own risk.

24. Pummel

██████╗ ██╗   ██╗███╗   ███╗███╗   ███╗███████╗██╗         
██╔══██╗██║   ██║████╗ ████║████╗ ████║██╔════╝██║         
██████╔╝██║   ██║██╔████╔██║██╔████╔██║█████╗  ██║         
██╔═══╝ ██║   ██║██║╚██╔╝██║██║╚██╔╝██║██╔══╝  ██║         
██║     ╚██████╔╝██║ ╚═╝ ██║██║ ╚═╝ ██║███████╗███████╗    
╚═╝      ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚═╝╚══════╝╚══════╝  



  •  Prevent Attacking .edu or .gov website


  •  HTTP-Flooding
  •  HTTPS-Flooding
  •  Semiauto-Get Socks5 Proxies
  •  Socks5 Proxies Checker
  •  GET/HEAD Mode
  •  User-friendly


pip3 install requests pysocks
cd Pummel



25. SYN Flood

This project is a simple DDos attack tool based on SYN flood. Written in C++, using libnet.


  • The code is written under Windows 10, in VS Ultimate 2013, version 12.0.21005.1 REL.
  • 中文版安装指南看这里
  • To configure the libnet package, you need to download its newest source code from here, and then install WinPcap by this installer. After that, download WpdPacksource code from this link. Unzip the libnet and wpdpack compressed package.
  • Assume that you unzip libnet's package to E:\libnet-1.2-rc3, unzip wpdpack's package to E:\WpdPack. There's a folder win32 in E:\libnet-1.2-rc3\libnet. You need to build a visual studio project, using the codes in that folder.
  • Configure the project: there're two folders named include in E:\libnet-1.2-rc3\libnet and E:\WpdPack, here it should be E:\libnet-1.2-rc3\libnet\includeand E:\WpdPack\include. Add the two paths into the Include path of the project (in project settings, choose VC++ path, and you will see this option).
  • Add the lib path of WpdPack into Libpath of the project, here it should be E:\WpdPack\Lib.
  • Edit the in_systm.hunder E:\libnet-1.2-rc3\libnet\win32, add the following definitions at the end of file:
typedef char int8_t;
typedef short int16_t;
typedef int int32_t;
  • Now you can build by press F7. You will find Libnet.dll and Libnet.lib under E:\libnet-1.2-rc3\libnet\win32\Debug. Copy them to C:\Windows\System32and C:\Windows\SysWOW64. After the upper steps, you have configured libnet already.
  • You can now create a VS project containing the two files in this repository: SYNFlood.cpp and wingetopt.h.
  • Setup the project settings, add E:\libnet-1.2-rc3\libnet\includeE:\libnet-1.2-rc3\libnet\srcE:\libnet-1.2-rc3\libnet\include\libnetE:\WpdPack\IncludeE:\WpdPack\Include\pcap into the project's VC++ include path.
  • Add E:\WpdPack\LibE:\WpdPack\Lib\x64E:\libnet-1.2-rc3\libnet\win32\Debug into the VC++ library path.
  • Add libnet.lib to the addtional entries of linker.
  • Add E:\libnet-1.2-rc3\libnet\win32\Debug to the additional library paths.
  • Generate the executable file now.


  • You can download a compiled binary file from here.
  • Three optional flags are provided:
  • -t : set the target ipaddress and port, using the format of, here 80 is the target port, and is the target ip address.
  • -s : the number of attacing packets to be sent per second. By default, it will send in maximum speed.
  • -p : number of threads to send packets per second. Default is 1 thread.
  • For example, run synFlood.exe -t, it will send syn packets to at maximum speed with 1 thread.
  • You can use wireshark to capture the SYN packets sent.

Running status

Use the program to attack my CVM, the wiresharkcaptures those SYN packets. However, since the provider of my CVM has defense for DDos attack, I didn't see any thing wrong with my website server running in CVM.


All codes in this repository are licensed under the terms you may find in the file named "LICENSE" in this directory.


All collected tools and scripts come from the Internet and have passed the test, but we are not responsible for any undetected danger of software or scripts that may cause harm to your computer.



Newsletter Signup

Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque.

Posting Komentar