WebApp Sec mailing list archives
Re: pentest tool for dos
From: hkm <hkm () hakim ws>
Date: Wed, 15 Jun 2011 10:04:32 -0500
You can try the FHTTP "The HTTP Fucker". It is quite very effective. http://hackingtelevision.blogspot.com/2011/05/fhttp-v12.html hkm On Tue, 2011-06-14 at 21:40 +0000, anthony.cicalla () gmail com wrote:
If you have been doing pen testing for any real length of time your already on watch lists. However dos and ddos testing isn't part of a pen test because you can always take something offline with enough traffic. Sent via BlackBerry from T-Mobile -----Original Message----- From: Jeremiah Cornelius <jeremiah () nur net> Sender: listbounce () securityfocus com Date: Tue, 14 Jun 2011 08:34:10 To: <webappsec () securityfocus com> Reply-To: jeremiah () nur net Subject: Re: pentest tool for dos There's a Java version of LOIC. You might want to DL through a proxy , and doing so might still get you on a watchlist. ;-) Also, the SourceForge page for JavaLOIC has disappeared. There are links to different archives on the 'net. Proceed with caution (sandbox, etc.) http://www.mediafire.com/?u3pn398d5w6sixg http://www.mediafire.com/?9rfblvej3ycd8dt -- JC On 06/13/2011 10:48 PM, ShiYih Lye wrote:hi guys, Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver. We are still testing Slowloris and RUDY. Siege so far able to trigger more concurrent connection to the victim with 1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the attacker. We are using a Centos 5.5 for the attacker. On Tue, Jun 14, 2011 at 1:47 PM, ShiYih Lye<shiyih.lye () my offgamers com> wrote:hi guys, Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver. We are still testing Slowloris and RUDY. Siege so far able to trigger more concurrent connection to the victim with 1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the attacker. We are using a Centos 5.5 for the attacker. On Mon, Jun 13, 2011 at 5:46 AM, amar wakharkar<amarsuhas () hotmail com> wrote:Dear Lye, You can use Low Orbit Ion Cannon Tool for DOS. Regards, Amar Wakharkar.From: shiyih.lye () my offgamers com Date: Wed, 8 Jun 2011 11:40:00 +0800 Subject: pentest tool for dos To: webappsec () securityfocus com; pen-test () securityfocus com Hi guys, We are testing the dos protection mechanism of our web server, and we're using 'apache benchmark', ab for that purpose (httpd version is 2.2.3 in Centos 5) from the pentest machine. But it is not able to go to a higher concurrent hits, so I'm wonder do you have any better or more comprehensive tools out there that you think is better ? Thanks for any input given. Regards, Lye ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- pentest tool for dos ShiYih Lye (Jun 07)
- Message not available
- Message not available
- Re: pentest tool for dos ShiYih Lye (Jun 13)
- Re: pentest tool for dos Rafael Correia (Jun 14)
- Re: pentest tool for dos Jeremiah Cornelius (Jun 14)
- Re: pentest tool for dos anthony . cicalla (Jun 14)
- Re: pentest tool for dos hkm (Jun 17)
- Message not available
- Message not available