DDoS stands for Distributed Denial of Service. This is a cyber-attack in which the attacker floods the victim’s servers with unwanted traffic by using the different systems across the internet, resulting in the crashing of the victim’s servers. This directly affects the availability of services. I am listing some tools which can be used for such types of attack. These tools are also useful in testing of network devices.
Note: Never use these tools against public websites without permission.
HULK is a Denial of Service (DoS) tool used to attack web servers by generating unique and obfuscated traffic volumes.
HULK’s generated traffic also bypasses caching engines and hits the server’s direct resource pool.
LOIC stands for Low Orbit Ion Cannon. It is one of the most popular DoS attack tools available for Windows, Mac, and Linux.
This tool was used by hackers group Anonymous against many big companies and requested users to participate in the IRC attack.
This tool generates traffic of UDP, HTTP, and TCP against the victim server. It is UI based tool, which makes it easy to use even for beginners.
Just need to enter IP or URL and select attack type: HTTP, UDP, or TCP; simply click “IMMA CHARGIN MAH LAZER” and it will start attacking the victim server.
XOIC is another DOS attack tool with an IP address, a user-selected port, and a user-selected protocol. It is a GUI based tool that makes it easy to use for beginners. Developers of this tool claim that XOIC is more powerful than LOIC.
Three attacks mode are possible. The first one is basic. The second is the normal DOS attack mode. The third one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.
4. DDOSIM—Layer 7 DDOS Simulator
DDOSIM is another tool for a DDOS attack. It is written in C++ and runs on Linux. It simulates several compromised hosts (spoof IP addresses) and creates full TCP connections to the victim server.
Its current functionalities include HTTP DDoS with valid requests, HTTP DDoS with invalid requests, SMTP DDoS, and TCP connection flood on the random port.
RUDY (R-U-Dead-Yet?) is a DoS tool used to execute slow-rate attacks (like Slowloris), which is implemented via long-form field submissions.
Slow rate, Layer-7 DDoS attacks, also called “low and slow” attacks, generates a slow rate and low volume of traffic. DDoS mitigation tools are difficult to detect as a tool sends continuous HTTP small packets to the victim server that looks legitimate, keeps using the resources over a period, and exhausts it.
6. Tor’s Hammer
Tor’s Hammer is a slow-rate HTTP POST (Layer 7) DoS tool. Tor’s Hammer sends a classic slow POST attack, where HTML POST fields are transmitted at slow rates under the same session.
This attack is also difficult to identify as a tool that sends continuous HTTP small packets to the victim server, which looks legitimate and keeps using the resources over a period and exhausts it.
Tor’s Hammer is also able to spoof and generate traffic from random source IP. This makes it difficult for DDoS mitigation tools to detect an attack.
PyLoris is a scriptable tool for testing a server’s vulnerability to connection exhaustion denial of service (DoS) attacks.
PyLoris can utilize SOCKS proxies and SSL connections and target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.
Features of Pyloris include Tkinter GUI, Scripting API, Anonymity, TOR Proxying, and SOCKS Proxying.
Slowloris is a tool used for DDoS attacks. It is different from other tools, as it sends legitimate HTTP traffic.
This tool will not flood the victim server. It just makes full TCP connection and requires only a few hundred requests at long-term and regular intervals.
This tool tries to exhaust all connections, and in this way, hackers can down the victim’s server.
9. OWASP DOS HTTP POST
This tool is used to test your web applications’ stability against HTTP Post, Slowloris, and SSL renegotiation attacks.
DDoS attacks via other sites execution tool (DAVOSET) – it is the command-line tool for conducting DDoS attacks on the sites via Abuse of Functionality and XML External Entities vulnerabilities at other sites.
GoldenEye is one of the popular HTTP Denial Of Service Tool. It uses KeepAlive (and Connection: keep-alive) paired with Cache-Control options to persist socket connection busting through caching (when possible) until it consumes all available sockets HTTP/S server.
This tool allows you to reproduce several MITM, DoS, and DDoS attack scenarios that come with a clusterable remote daemon and an interactive attack assistant.
Hyenae’s Features include ARP-Request flooding, ARP-Cache poisoning, ICMP-Echo flooding, etc.
Hping3 is one of the best tools for the DDoS attack. It is used to send TCP/IP, UDP, ICMP, SYN/ACK packets, and display target replies like ping program does with ICMP replies. This tool can be used for Test firewall rules, Advanced port scanning, Test net performance using different protocols, packet size, TOS (the type of service) and fragmentation, etc.
14. Apache Benchmark Tool
The ApacheBench tool (ab) is generally used to test a load of servers by sending an arbitrary number of concurrent requests, but it can also use for DDoS attack. Although ab was designed for testing Apache installations, it can be used to benchmark any HTTP server.
The THC-SSL-DoS tool attacks the server by using the concept of SSL exhaustion, in which it renegotiates the keys again and again. This tool exhaust all SSL connection and down the victim’s server.
16. Saphyra DDOS Tool
The Saphyra iDDoS tool is a Python script that can be run on virtually any device, including mobile phones. Let’s take a look at this relatively simple script to understand how it operates and why it is hard to defend against.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.