1. LOIC (Low
Orbit Ion Canon) - LOIC is one of the most popular DOS attacking tools freely
available on the Internet. This tool was used by the popular hackers group
Anonymous against many big companies’ networks last year. Anonymous has not
only used the tool, but also requested Internet users to join their DDOS attack
via IRC.
3. HULK (HTTP Unbearable Load King) - generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.
It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.
4. DDOSIM—Layer 7 DDOS Simulator - used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server. This tool is written in C++ and runs on Linux systems.
5. R-U-Dead-Yet - also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.Download RUDY: https://code.google.com/p/r-u-dead-yet/
6. Tor’s Hammer - It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.Download TOR’s Hammer here: http://packetstormsecurity.com/files/98831/
7. PyLoris - PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.Download PyLoris: http://sourceforge.net/projects/pyloris/
8. OWASP DOS HTTP POST - You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.Download here: https://code.google.com/p/owasp-dos-http-post/
9. DAVOSET - The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.
Download DavoSET: http://packetstormsecurity.com/files/123084/DAVOSET-1.1.3.html
It can be used simply by a single user
to perform a DOS attack on small servers. This tool is really easy to use, even
for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP
requests to the victim server. You only need to know the URL of IP address of
the server and the tool will do the rest.
You can see the snapshot of the tool
above. Enter the URL or IP address and then select the attack parameters. If
you are not sure, you can leave the defaults. When you are done with
everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will
start attacking on the target server. In a few seconds, you will see that the
website has stopped responding to your requests.
This tool also has a HIVEMIND mode. It
lets attacker control remote LOIC systems to perform a DDOS attack. This
feature is used to control all other computers in your zombie network. This
tool can be used for both DOS attacks and DDOS attacks against any website or
server.
The most important thing you should
know is that LOIC does nothing to hide your IP address. If you are planning to
use LOIC to perform a DOS attack, think again. Using a proxy will not help you
because it will hit the proxy server not the target server. So using this tool
against a server can create a trouble for you.
Download
LOIC Here: http://sourceforge.net/projects/loic/
2. XOIC - performs
a DOS attack on any server with an IP address, a user-selected port, and a
user-selected protocol. Developers of XOIC claim that XOIC is more powerful
than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a
beginner can easily use this tool to perform attacks on other websites or
servers.
3. HULK (HTTP Unbearable Load King) - generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.
It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.
The developer of the tool tested it on
an IIS 7 web server with 4 GB RAM. This tool brought the server down in under
one minute.
Download HULK here: http://packetstormsecurity.com/files/112856/HULK-Http-Unbearable-Load-King.html
4. DDOSIM—Layer 7 DDOS Simulator - used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server. This tool is written in C++ and runs on Linux systems.
These are main features of DDOSIM
- Simulates several zombies in attack
- Random IP addresses
- TCP-connection-based attacks
- Application-layer DDOS attacks
- HTTP DDoS with valid requests
- HTTP DDoS with invalid requests (similar to a DC++
attack)
- SMTP DDoS
- TCP connection flood on random port
Download DDOSIM here: http://sourceforge.net/projects/ddosim/
Read more about this tool here: http://stormsecurity.wordpress.com/2009/03/03/application-layer-ddos-simulator/
5. R-U-Dead-Yet - also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.Download RUDY: https://code.google.com/p/r-u-dead-yet/
6. Tor’s Hammer - It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.Download TOR’s Hammer here: http://packetstormsecurity.com/files/98831/
7. PyLoris - PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.Download PyLoris: http://sourceforge.net/projects/pyloris/
8. OWASP DOS HTTP POST - You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.Download here: https://code.google.com/p/owasp-dos-http-post/
9. DAVOSET - The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.
Download DavoSET: http://packetstormsecurity.com/files/123084/DAVOSET-1.1.3.html
10. GoldenEye HTTP Denial Of
Service Tool - tools that can put heavy
load on HTTP servers in order to bring them to their knees by exhausting
resource pools.
