Skip to content
A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).
Latest commit 65419f6 Mar 11, 2016 @cosmin cosmin Merge pull request #140 from kyoung/master
Allow the user to enter the content type parameter


Bees with Machine Guns!

A utility for arming (creating) many bees (micro EC2 instances) to attack (load test) targets (web applications).

Also, retribution for this shameful act against a proud hive.


  • Python 2.6
  • boto
  • paramiko

Installation for users


pip install beeswithmachineguns

or, if you must:

easy_install beeswithmachineguns

Installation for developers (w/ virtualenv + virtualenvwrapper)

git clone git://
cd beeswithmachineguns
mkvirtualenv --no-site-packages beesenv
easy_install pip
pip install -r requirements.txt

Configuring AWS credentials

Bees uses boto to communicate with EC2 and thus supports all the same methods of storing credentials that it does. These include declaring environment variables, machine-global configuration files, and per-user configuration files. You can read more about these options on boto’s configuration page.

At minimum, create a .boto file in your home directory with the following contents:

aws_access_key_id = <your access key>
aws_secret_access_key = <your secret key>

The credentials used must have sufficient access to EC2.

Make sure the .boto file is only accessible by the current account:

chmod 600 .boto


A typical bees session looks something like this:

bees up -s 4 -g public -k frakkingtoasters
bees attack -n 10000 -c 250 -u
bees down

A bees session where this is being called from a python file, while specifying content type and a payload file.
This is a working example, all of these objects exist in the us-east-1 region.

import bees
import json

sOptions = '{"post_file":"data.json","contenttype":"application/json"}'
options = json.loads(sOptions)

bees.attack('<URL TO TEST>',2,2,**options)

In this case the data.json is a simple json file, mind the path.

This spins up 4 servers in security group ‘public’ using the EC2 keypair ‘frakkingtoasters’, whose private key is expected to reside at ~/.ssh/frakkingtoasters.pem.

Note: the default EC2 security group is called ‘default’ and by default it locks out SSH access. I recommend creating a ‘public’ security group for use with the bees and explicitly opening port 22 on that group.

It then uses those 4 servers to send 10,000 requests, 250 at a time, to attack

Lastly, it spins down the 4 servers. Please remember to do this—we aren’t responsible for your EC2 bills.

For complete options type:

bees -h

The caveat! (PLEASE READ)

(The following was cribbed from our original blog post about the bees.)

If you decide to use the Bees, please keep in mind the following important caveat: they are, more-or-less a distributed denial-of-service attack in a fancy package and, therefore, if you point them at any server you don’t own you will behaving unethically, have your Amazon Web Services account locked-out, and be liable in a court of law for any downtime you cause.

You have been warned.


Please log your bugs on the Github issues tracker.


The bees are a creation of the News Applications team at the Chicago Tribune—visit our blog and read our original post about the project.

Initial refactoring code and inspiration from Jeff Larson.

Thanks to everyone who reported bugs against the alpha release.



Something went wrong with that request. Please try again.