Skip to content

DDoS Tools

Antonizoon edited this page Aug 13, 2014 · 3 revisions


ApacheBench is a webserver stress testing tool created by the Apache Foundation. this sucker is extremely effective especially if the arguments are -n 100000 -c 100 .


Black Widow

Black Widow is a website crawler which lets you scan a site's structure (like a directory) and then download folders at a time if you choose. This is useful for finding Bandwidth Raep images, as the scanner will list file sizes, allowing you to pick the fattest pix. This also allow you to have an overview of files which aren't obviously linked to, useful for sites with shitty layouts.

External Links

REAL Full Release + Keygen Zlob Trojan nigger Product site and feature list Download


file/Prelim.png Bunkerbuster is a new denial of service tool created by avery.


Bunkerbuster will include several new features:

  • Ability to attack multiple IP addresses or websites in one attack
  • Collaboration tools making coordinated attacks easier
  • Automatic updates

Technical Details

Bunkerbuster is written in C#, utilizing the .NET Framework 2.0.

Beta Testing

Currently, there is no beta version available. For more up to date information about Bunkerbuster, check out #bunkerbuster on IRC but we want a someone post!!


BWRaep 1.0: Bandwidth Raep so easy, a retard could do it.


  1. Launch BWRaep.exe
  2. Go to the URL List tab and enter image URLs (beginning with http://)
  3. Go to the Raep tab and click RAEPRAEPRAEP.
  4. ????
  5. Profit!!!


  • Saveable raep packages
  • Able to use proxies
  • Edit your user agent and referrer
  • Multiple downloads at once
  • Logging
  • Customizable limits (including bandwidth and loop limits)
  • Statistics saving
  • Comes with instructions
  • Minimize to tray while raeping
  • Sauce included




BWRaeper.NET is a Bandwidth Raep tool that uses a basic and simple URL list system to Raep targets. All you have to do is enter in the image URLs (1 per line) and commence the Raep! Downloads:


This BWRaeper works the same as the vampire script.
It continuously downloads the specified files/URLs and gives
the target an xbox hueg bandwidth bill.
Use moar URLs to increase download speed.


  1. Enter URLs, 1 PER LINE!
  2. Configure Proxy if you have to
  3. If a URL fails it will automatically stop that thread.
  4. Click Raep.
  5. ???
  6. PROFIT!

DoS 5.5


Message from the author

DoS 5.5 and it's previous and future versions are made for educational purposes only. DoS was designed for Stress Testing weakness' in Specific server configurations, to disclose where the my server's were lacking in parsing of massive amounts of connections, for in-order for me to fix that, I developed this program. If you choose to use this program for any illegal, direct or indirect purposes, you're the only one who can be accountable, and you will be left responsible for your own actions. Please use this program at your own Risk. By using DoS 5.5 or any of it's previous or future versions, the author cannot be held liable or responsible for any data loss, or damaged, from either 3rd party downloads or from this site. Thankyou. -xyr0x


This is a multipurpose Denial of Service tool, which, through sheer volume of use, we have decided to include. Note that this IS only in binary form, and IS in a shitty language, and IS by xyr0x, so don't be surprised if you become infected with a trojan. If you want to stay safe, use the tools made specifically FOR anon, BY anon, such as loic, pyraep, longcat, etc. It also has an annoying but that causes the GUI to freeze up for the first 10 minutes or so when its DoSing, it still does its thing, but you have no feedback, thats just awkward. This shows up on 24/34 antiviruses ( ), though mostly as a flooder, but sometimes as a trojan. However, since it's not for anon, by anon, you may get the shit raped out of you. Use at your own risk.


Eagle Strike

Eagle Strike is a tool written in PHP as part of Project Internet Boss. It is similar to Shitnami in that it floods the deep search page; however it kills two birds with one stone by also Slowlorising the server by keeping the sockets open (i.e. The server CPU overloading + running out of Apache threads). Sadly it has no support for proxies... Yet. It is most effective running at about 500 threads with 500 connections per thread. sauce

Longcat Death Star

Warning: This shit is out of date, as far as the original article is concerned.


Longcat Death Star is a project to make a simple and easy to use program that will make organising DDoS raids a whole lot easier. /b/tards will simply need to run one program, which will then connect to a IRC channel and receive updated targets and commands, and then proceed to DDoS the shit out of the said targets.


This project is complete, and according to Nigg it runs properly and will DoS a target on command. Look for both client and server versions when it's released. Feature Requests:
Stats Monitoring - Display both local and botnet stats on each client interface.
PlugIn Repository - A checklist inside the client settings that allows users to download, enable, disable assorted modules. An example would be to enable SSoD and ping, but disable bwraep (cuz I'm streaming pron). If a new module is developed there is no need to reinstall LCDS, just download and enable the module from the repository. Currently, According to Nigg, The Client is complete, and functional. Beta test Stats: file/Chartf.png


Longcat Flooder

file/Longcat.JPG Longcat Flooder is a multi-protocol flooding tool written during the Subeta raids, by the same creator as the newer bandwith raeping tool, BWRaeper.NET. It quickly became popular amongst Anonymous due to it's simplicity in use and powerful features. The protocols supported are TCP (SYN flooding), UDP and HTTP. Research has shown that SYN and UDP provide the best results. However, using the HTTP flooder can be useful in several situations:

  • Web server with limited bandwidth
  • Web server with limited CPU power
  • Website with search URLs Constantly flooding a URL where a search or other heavy SQL command gets executed has proven to be destructive during the Subeta raid. Only several Longcat Flooders were needed to take down the MySQL database when executing search commands. There are two different types of Longcat Flooder out there. One is a standalone version and one is a distributed version relying on a central server to provide raep information. The current version of the standalone version of the Longcat Flooder is v2.3 Final. The current version of the distributed version of the Longcat Flooder Client is 3.0 Beta it's a little unstable but better than 2.3. And the Longcat Flooder Server has version 1.0.


Some find that 2.2 is better then 2.3; I concur.


Development of the standalone version has ceased. However development of the distributed version is still going on. There is no v2.4 or above for the standalone, those are fake and are trojans.


The quintessinal, time tested DDoS tool used heavily against AnonTalk and in Operation Payback.


Nigr0 Script

The article claims that this PHP script is "one man DDoSing" stuff. Who knows, check out the source code yourself.

See Nigro_Script.


file/Pygetraep.png Pygetraep is a CLI based program, used to raep bandwidth. It is very similar to PyRAEP, but differs on a few things. One, it is CLI only. This means that in the long run, it is probably more efficient. Second, it uses system() calls that are reletive to the OS. This means that it won't work on every system with python, just those unix-like os like mac, linux, etc. This, however, gives it the added benefit of closing down faster than pyraep (which uses built in python to close threads rather than kill command).



pyRAEP is a project by Picatta to create a suite of DDoS tools, though so far only two types are available (UDP and HTTP). The only real standing bug is that it often will not shut down properly (because it tries to 'gently' shut down, instead of just closing like most apps). Below are the two apps in the suite:

Bandwidth Raep

This is a bandwidth abuse tool written back in january/february of 2007, for the hal turner raids, part of the Hal Raep Pack. It was recently re-written, so as to suck less. One note: If the program doesn't shut down after a minute, go ahead and close it down. It was made to shut down "gracefully" (many bwraep apps dont), but this can be a problem sometimes. You should be fine to just close it. Also, for those looking for a CLI version, use Pygetraep.



file/RAEP.png This is a subproject/feature of the larger, unified pyraep project, which works on the basis of a UDP flood attack (see Denial_of_Service_Methods. It is mostly completed, but like pyraep suffers from an occasional bug when shutting down. Because of multithreading, it works much more efficiently than rok/i/ts, and below is a table illustrating that point. | | | |
| ------------ | ----------- | ------------- | ------------ | Duration | Threads | Loop Size | % Better | 30s | 8 | 15 | 400%
| 30s | 15 | 25 | 1,100%


To use, you need to set three things: a target, a thread number, and a loop size. For the target, it is best to enter an IP address (to avoid dns issues), though a domain name can work too. Now, as far as thread count (first slider) goes, moar is better--up to a point. 8 threads > 4 threads, but 70 threads may very well freeze or not work properly. The next thing that can change the strength of attack is the drone loop size (second slider). Each drone thread will loop as many times as you tell it to before killing itself. More will make the attack more efficient as more threads will operate longer, however a large loop size will make it take a long time to shut pyRaep off.


If anyone reading can mirror this again it would be appreciated


rok/i/ts is a Win32 application written by waawaa and Trapdoor used for Denial of Service Methodsing. It can be ported to any operating system supporting PHP. However, in version 2, a visual basic launcher was created to make use of a GUI. It uses PHP, which has been compiled down into a 600kb program. A home connection can usually cap out using this, and shit flood a tiny server. The more people hitting the server the better it will go. As of version2 most of the bugs are fixed. This program works by sending UDP data on lots of random ports on the target server.



Slowloris is a utility (originally written in perl) that can be used to exploit a flaw in many webservers (the most vulnerable are listed in the article on, allowing you to perform a de facto "SYN flood over HTTP."


The article that revealed Slowloris explains its function as follows:

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they'll allow. Slowloris must wait for all the sockets to become available before it's successful at consuming them, so if it's a high traffic website, it may take a while for the site to free up it's sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they'll still be able to see the site. So it's a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later.

Utility Downloads (Original Program) is the original utility (written in Perl).


A common usage example:

perl -dns -port 80 -timeout 500 -num 2000 can be obtained at the following addresses:

  • The original source from

  • A Linux binary created with the PAR packer. TACTICAL PITFALLS:

  • Some marks may have blocked the User Agent that uses.

    • To remedy this, modify the User-Agent variables to another valid User Agent.
  • It will not work on any Windows before Vista SP2.

  • To avoid and work around this pitfall, either dual-boot a Linux installation, update your crap, or mess with TCPSYS).


QSlowLoris is a C++ program that uses Qt libraries to execute the methods used by TACTICAL ADVANTAGES:

  • QSlowLoris' graphical user interface makes this program easy to use by all insurgents.

To acquire QSlowLoris, visit the proceeding download pages:


(needs updating, they released a GUI edition)

PyLoris is a Python GUI implementation of the Slowloris concept. It allows an insurgent to specify the bandwidth for the connection, as well as how large each request is.


Common usage:

python -l -r POST -s 500000 -g "/fa/pages/?cid=407" \
-u "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/ Safari/530.5"

PyLoris can be obtained via the following resources:

Documentation is a perl-script in the spirit of pyRAEP and Longcat Flooder. It does what any normal synflooder does only a bit better. I got bored with the line of "Linuxfags use hping3" - it is very inefficient. For the basic randomize approach, writing a simple code would do the job would be better.


Any SYN-flooder trades in half-open tcp connections - those in which the SYN has been received and ACK is sent, but as of yet the SYN-ACK packet hasn't yet been sent in the three-way handshake. The traditional SYN-flooder uses random source-IP:s on the packets, but this is inefficient in as the node in question often receives a "destination unreachable" ICMP from some network router before the half-open connection is timed out. uses nmap to find IP:s which don't reply on ACK - silently drop the packet - due to paranoia and O'Reilly books. This means, each and every packet has to timeout in the OS tcp/ip buffer. This can either be dealt with by ignoring incoming connections or allocating more resources. This has the effect of making the system run essential functions slower, often crashing the machine or an almost total blackout in serving webpages, mail services, etc... Also, '' is a abbreviation of 'sendsyn' Note: for an eternal run, specify --iteration=-1



(missing?) is a Perl script which directs an UDP flood to an IP


$ wget -o #download $ chmod +x #make executable $ sudo ./ #show help; must be run as root


UDP Flooder  -  Randomizes SourceIP/Port and Destination Port
	Usage: ./ <A> ** [C]
		A: Number of Packets/sec (in kilobytes/sec -- set it around your max upload speed)
			(Starts to get CPU intensive when using >500KB/s...)
		B: Target Host or IP Address
		C: Target Port (Not Required)
	Ex: ./ 10 localhost -- to flood yourself @ 10kb/s on random ports
	Ex: ./ 100 123 -- to flood your default gateway @ 100kb/s on UDP port 123


** Pastebin** wget -o

UDP Unicorn

file/UDPUnicorn.png An open source (C language), Win32 UDP flooding/DoS (Denial of Service) utility with multithreading by Sparky. Uses winsock library to create UDP sockets and flood a target. Raep secret ingredient: Unicorn magic dust. Download at


UDP Unicorn is in the production stage, and is stable. Version 2.0 was released on April 9, 2011. More versions may be released with more features.


UDPFlooder is a UDP Flooder(DoSSer) written in Java. It works by sending multiple junk UDP packets to a target, using multi-threading.

How To Use

Running UDPFlooder
Windows: Double click UDPFlooder.jar
Everyone else:
java -jar UDPFlooder.jar Instructions
Enter the target IP or hostname
Enter the amount of threads you want to run simultaneously (See Notes)
Press FRAG Recompiling
Windows: Run rebuild.bat
Linux/BSD: Run Everyone else: cd /path/to/UDPFlooder/
jar cfm UDPFlooder.jar manifest .class kingdomLib/.class res/*


Since it's written in Java, it can be run/recompiled on the following systems:

  • Windows 2000/XP/Vista/7
  • Linux
  • BSD
  • Solaris
  • Mac

Download(Source Code Included)


  • MD5 hash: 6c5959d149dd4427ad61164350a1c852
  • SHA-1 hash: 4fcf2e9339c31603ed052f2f727001ddbe5797dc


  • Threads: (Basically how many Flooders you want to run at the same time), by default it's 10, and more than say, 30, will probably cause your system to lag.

Untitled (DDoS Client)

Untitled is a small DDoS client written in C++. Used for DDoSing websites.


Once executed and started, it will rapidly send data to a website/server, hopefully eating it's bandwidth or raping the CPU. Much alike other Denial of Service tools.


Created as a DDoS trojan in February 2008, but was never spread. In May 2008, it was changed to a client and fucked up some really small and shit websites. Updated and uploaded on 8th April, 2009.

How to use it

Just run it and fill out the information requested. If you're an idiot, type help.

If you really want to fuck shit up, get heaps of people to launch it at once.


  1. Password: untitled
  2. Password: mirror Need more mirrors. Edit: links are borked. Someone upload this pile of shit.




When the status report says that it has received errors, it is usually a good thing. For example, it can't connect; because it is dead.


file/Untitledsc.JPG file/Current.JPG

Vampire Raep

Vampire raep is an easy to use tool for Bandwidth Raeping in your browser. Just copy image list, and IT'S GOOFY TIME!

  • Protip: Best used in conjunction with Black Widow to find the largest images on a site, though site:url on google images works just fine too (go for the largest in filesize, not dimensions.


Vampire raep was originally called The Lad Vampire, a tool made by the site ArtistsAgainst419 to help BAWWWing retards get their petty revenge on Nigerian scammers by consuming the bandwidth of the scammers badly hosted sites.

This tool was first employed by /i/nsurgents to great success during the initial Hal Turner raids, edited by the user Nigger in IRC to point to images on and uploaded at The tool allowed fellow Anons with no computer experience to mass-raep Hals bandwidth, producing great lulz when Hal miscalculated that he owed thousands of dollars to Jews. His resistance only made Anon's penis harder, making them DOUBLE THE DATAFORCE.

Due to being hosted on a shitty freehost, nigrar was taken down by the collective complaints of the users of VNNforum to customer support, but soon properly hosted versions popped up, with added support via PHP for the user to add their own list of images to be bandwidth raeped, making it more versatile and even more powerful than ever before.


To use Vampire raep simply find images on the target website, make a nice list with one image url on each line and submit it. Leave it running and go do other things.

Vampire raep only drains bandwidth; it does not DDOS the site but merely drains resources that most websites pay for a limited amount of. It only works on certain targets, so it is vital to do some research on your target to see if it can be raeped properly, ie does not have an unlimited bandwidth plan.

Raeping images hosted on large image hosting websites like Photobucket wont work, they have enough bandwidth to serve the drooling masses of myspace, we cannot even put a dent in that. Imageshack however does have a bandwidth limit per image, so raeping those wont take down your target site, it will however change the images to a notice from Imageshack. For images hosted on-site, do your homework and check what kind of site it is to see if it is possible. Large media sites such as eBaum's are out from the start since they have enough bandwidth to host videos and music, let alone images. Imageboards don't work because the images get deleted after a while (VNN tried this on 4chan /b/, wondering why it stopped working after 30 minutes...). For other sites that are conservative about image and video usage, do a WHOIS check on the domain and see who hosts them, check the hosts website and see what plans they offer. If they have cheap plans with set bandwidth limits, then the target can be successfully raeped. Vampire raep also works on websites self-hosted by the owner, since their connection will usually have a relatively low upload rate, lagging the site to an unusable state. This tool works best with large numbers of people using it; in fact, on many sites it is rather pointless to do it by yourself. If you absolutely must destroy your targets website instead of trolling it or some other means of attack, then post your intent, a list of target images and a link to a vampire raep tool in /i/, try to get as many people on it as possible.


Due to the raep, gigaloader is down.


  • Down

    • <-- Anti Scientology vamp for Project Chanology.


Zap Attack

A UDP flooder for MAC (does other things, too, btw)

  • Download, open prog, File -> UPD Flooder
  • Put the IP of the site to attack in Address field
  • Set port to 80 (or a specific port number if specified)
  • Hit Attack
  • ???
  • PROFIT!!!



Bibliotheca Anonoma

Note: This wiki has moved to a new website. Please update your links.


Check the Workroom for content we're still reviewing.





Website Archives


Clone this wiki locally
You can’t perform that action at this time.