Modular DoS/DDoS testing toolkit for authorized security audits. 19 attack vectors across L3/L4/L7. Raw sockets, spoofing, amplification. Python + C + Rust + Go.
| CODE | MODULE | DESCRIPTION | LAYER | ROOT | AMP |
| NETWORK & TRANSPORT — Layer 3/4 | |||||
| UFOSYN | syn_flood | Half-open TCP state exhaustion. Spoofed SYN fills server backlog. Tests SYN cookie activation. | L4 | ROOT | — |
| UFOACK | ack_flood | Spoofed ACK flood. Generates RST storm. Reveals stateless vs stateful firewall behavior. | L4 | ROOT | — |
| UFORST | rst_flood | RST/FIN flood. Forceful TCP connection teardown. Variants: R, F, RF. | L4 | ROOT | — |
| XMAS | xmas_flood | All 8 TCP flags simultaneously. Illegal per RFC 793. IDS detection + stateless ACL bypass test. | L4 | ROOT | — |
| UFOUDP | udp_flood | Volumetric UDP up to 1400B. Random ports generate ICMP unreachable storm on victim. | L4 | ROOT | — |
| PINGER | icmp_flood | ICMP echo flood. Server must reply per packet — doubles effective bandwidth. | L3 | ROOT | — |
| TACHYON | tachyon | SYN-ACK flood. Direct or reflected mode. Reflected: real servers send SYN-ACK to victim from valid IPs. | L4 | ROOT | ~1x |
| DROPER | ip_frag | IP fragmentation flood. 8-byte fragments exhaust kernel ipq reassembly buffers. last_only holds 30s. | L3 | ROOT | — |
| OVERLAP | overlap | Fragment overlap. Teardrop: overlapping offsets crash old kernels. Rose, Tiny variants. | L3 | ROOT | — |
| AMPLIFICATION / DRDoS | |||||
| SNIPER | sniper | SNMP v2c GetBulkRequest. BER-encoded manually. max-repetitions=255 dumps full MIB-II subtree. | AMP | ROOT | ~650x |
| MONLIST | ntp_amp | NTP mode 7 monlist. 8-byte request to 4400-byte response. Widespread on unpatched embedded devices. | AMP | ROOT | ~550x |
| SMURF | smurf | ICMP echo to subnet broadcast, spoofed as victim. Every host on /24 replies to victim. | AMP | ROOT | ~254x |
| FRAGGLE | fraggle | UDP echo port 7 or chargen port 19 broadcast amplification. Auto-derives broadcast from CIDR. | AMP | ROOT | ~254x |
| DNS | dns_amp | DNS ANY/DNSKEY reflection via open resolvers. Unique random subdomain per packet defeats cache. Accepts @file.txt lists. | AMP | ROOT | ~60x |
| SPRAY | spray | Multi-vector DRDoS coordinator. NTP + DNS + SNMP simultaneously. YAML-configurable. | AMP | ROOT | MULTI |
| APPLICATION — Layer 7 | |||||
| LOIC L7 | http_flood | Async GET/POST via Go goroutines. Cache-bust, UA rotation. 100k+ concurrent connections. | L7 | NO ROOT | — |
| LORIS | slowloris | Incomplete HTTP headers. Server waits for CRLF. Drips junk headers every 10s. Auto-refills pool. | L7 | NO ROOT | — |
| RUDY | slow_post | 10MB Content-Length declared, 1 byte/10s body drip. Bypasses header-timeout servers. | L7 | NO ROOT | — |
| NUKE | nuke | TCP connection starvation. Full 3-way handshake, fills ESTABLISHED table. window0 variant. | L4/L7 | NO ROOT | — |
First move on any open TCP port. Increase threads progressively to find degradation threshold.
~650x SNMP GetBulk. Printers, switches, UPS — community "public" still common default.
Set sockets to MaxRequestWorkers + 10%. Default Apache = 256. 300 sockets for full exhaustion.
NTP + DNS + SNMP simultaneously. Different source IPs per protocol — no single ACL blocks all.
Teardrop still crashes VxWorks, QNX, LynxOS and other custom embedded stacks.