DoS (Denial of Service) is an attack used to deny legitimate user’s access to a resource such as accessing a website, network, emails, etc. Distributed Denial of Service (DDoS) is a type of DoS attack that is performed by a number of compromised machines that all target the same victim. It floods the computer network with data packets.
There are numerous DDoS attack tools that can create a distributed denial-of-service attack against a target server. Following is a handpicked list of DDoS Attack Tools, with their popular features and website links.
LOIC (Low Orbit ION cannon)
LOIC (Low Orbit ION cannon) is open-source software use for DDoS attack. This tool is written in C#. This tool sends HTTP, TCP, and UDP requests to the server.
- LOIC helps you to test the performance of the network.
- It enables you to create a DDoS attack against any site that they control.
- Loic does not hide an IP address even if the proxy server is not working.
- It helps you to perform stress testing to verify the stability of the system.
- This software can be used to identify programs that may be used by hackers to attack a computer network.
HOIC (High Orbit ION cannon)
High Orbit Ion Cannon is a free denial-of-service attack tool. It is designed to attack more than one URLs at the same time. This tool helps you to launch DDoS attacks using HTTP (Hypertext Transfer Protocol).
- You can attack up to 256 websites at once.
- It has a counter that helps you to measure the output.
- It can be ported over to Linux or Mac OS.
- You can choose the number of threads in the current attack.
- HOIC enables you to control attacks with low, medium, and high settings.
HTTP Unbearable Load King (HULK)
HTTP Unbearable Load King (HULK) is a web server DDoS tool. It is specifically used to generate volumes of traffic at a webserver.
- It can bypass the cache server.
- This tool helps you to generate unique network traffic.
- HTTP Unbearable Load King (HULK) can be easily used for research purposes.
DDoSIM (DDoS Simulator)
DDoSIM (DDoS Simulator) is a tool that is used to create a distributed denial-of-service attack against a target server. It is written in C++ and can be used on the Linux operating system.
- This tool indicates the capacity of the server to handle application-specific DDOS attacks.
- It enables you to create full TCP connections to the target server.
- DDoSIM provides numerous options to perform a network attack.
- TCP connections can be flooded on a random network port.
PyLoris is a software product for testing network vulnerability by performing Distributed Denial of Service (DDoS) attack online. It helps you to control poorly manage concurrent connections.
- It provides easy to use GUI (Graphic User Interface).
- This tool enables you to attack using HTTP request headers.
- It has the latest codebase (collection of source code used to build a particular software system).
- You can run PyLoris using Python script.
- This tool supports Windows, Mac OS, and Linux.
- It provides an advanced option having a limitation of 50 threads, each with a total of 10 connections.
OWASP HTTP POST
The OWASP (Open Web Application Security Project) HTTP Post software enables you to test your web applications for network performance. It helps you to conduct denial of service from a single machine.
- It allows you to distribute and transmit the tool with others.
- You can freely use this tool for commercial purposes.
- OWASP HTTP POST helps you to share the result under the license it provides.
- This tool enables you to test against the application layer attacks.
- It helps you to decide the server capacity.
RUDY is a short form of R-U-Dead-Yet. It helps you to perform the DDoS attack with ease. It targets cloud applications by starvation of sessions available on the web server.
- This is a simple and easy tool.
- It automatically browses the target website and detects embedded web forms.
- R-U-Dead-Yet enables you to conduct HTTP DDoS attack using long-form field submission.
- This tool provides an interactive console menu.
- It automatically identifies form fields for data submission.
Tor’shammer is an application-layer DDoS program. You can use this tool to target web applications and a web server. It performs browser-based internet request that is used to load web pages.
- It allows you to create rich text markup using Markdown (a plain text formatting syntax tool).
- Tor’s Hammer automatically converts the URL into links.
- This app uses web server resources by creating a vast number of network connections.
- You can quickly link other artifacts in your project.
- It holds HTTP POST requests and connections for 1000 to 30000 seconds.
DAVOSET is software for committing DDOS attacks via abuse of any website functionality. This command line tool helps you to commit distributed denial of service attacks without any hassle.
- It provides support for cookies.
- This tool provides a command-line interface to perform an attack.
- DAVOSET can also help you to hit attack using XML external entities (attack against an app that parses XML input).
GoldenEye tool conducts a DDoS attack by sending an HTTP request to the server. It utilizes a KeepAlive message paired with cache-control options to persist socket connection busting.
- This tool consumes all the HTTP/S sockets on the application server for the DDoS attack.
- It is easy to use app written in Python.
- Arbitrary creation of user agents is possible.
- It randomizes GET, POST to get the mixed traffic.
Hacking activity – DDos atack using Tor’s Hammer
This attack is really powerful and requires the only skill that you should know how to operate commands on Kali Linux Operating System.
- Install Torshammer tool
- Now, Come to the directory wherever that script is. You will find something like this:
You can see there are five Python scripts, two for the terminal, two for sockets and remaining one is main torshammer script. Now Right click on the blank space and select “Open In Terminal”, it will directly open a terminal with that right path. Otherwise, you can type “cd torshammer” in the newly opened terminal.
- Write this command-
It will finally open the main interface for the tool.
Let’s understand these first:
Any Python tool in Kali Linux should start with “python” suffix and follow by toolname(.)py also. Like that any PHP tool should start with “php” and follow by toolname(.)php.
-t is for the target, some domain or ip-address.
-p is for port Defaults to 80.
-r is for the threads, how many threads we want to run for this attack.
-T stands for tor customized attacks.
- Let’s do the main thing:
python torshammer.py <i>any hostname/IP</i> -t -p 80 -r 5000
python torshammer.py -t google.com -p 80 -r 5000
As you hit enter after writing those commands, something will appear like this:
So, you have successfully run an attack.