LinuxCommandLibrary

goldeneye.py

Launch denial-of-service attack (HTTP flood)

TLDR

Test a specific website

$ [path/to/]goldeneye.py [url]
copy

Test a specific website with 100 user agents and 200 concurrent sockets
$ [path/to/]goldeneye.py [url] [[-u|--useragents]] 100 [[-s|--sockets]] 200
copy

Test a specific website without verifying the SSL certificate
$ [path/to/]goldeneye.py [url] [[-n|--nosslcheck]]
copy

Test a specific website in debug mode
$ [path/to/]goldeneye.py [url] [[-d|--debug]]
copy

Display help
$ [path/to/]goldeneye.py [[-h|--help]]
copy

SYNOPSIS

goldeneye.py [options] <url>

PARAMETERS

-w <workers>, --workers <workers>
    Number of worker processes (default: 10)

-s <sockets>, --sockets <sockets>
    Sockets per worker process (default: 30)

-t <threads>, --threads <threads>
    Threads per worker process (default: 250)

-m, --multithreading
    Enable multithreading

-d, --debug
    Enable debug output

-k, --keepalive
    Enable keep-alive connections

-u <useragent>, --useragent <useragent>
    Custom user-agent string

-x, --proxy
    Use single proxy from list

-r, --randomize
    Randomize proxy list

-c <cookies>, --cookies <cookies>
    HTTP Cookie header

-p <proxyfile>, --proxy-file <proxyfile>
    File containing proxy list

-a, --accept
    Include Accept header

-2, --http2
    Enable HTTP/2 support

-3, --http3
    Enable HTTP/3 support

-j, --json
    POST JSON payloads

-n, --nofollow
    Disable following redirects

-f, --force
    Force POST requests

-o, --only-headers
    Send only headers

-g, --gzip
    Enable gzip compression

-y, --verify
    Verify SSL certificates

-z, --timeout <timeout>
    Connection timeout (seconds)

-l, --latency
    Display latency stats

-v, --verbose
    Verbose output

DESCRIPTION

GoldenEye.py is a pure Python 3 script for generating high-volume HTTP GET/POST floods to simulate Layer 7 DDoS attacks. It opens multiple sockets per thread, maintaining persistent connections to overwhelm web servers. Designed for stress testing your own infrastructure, it supports proxies, custom user-agents, and multithreading.

Key features include random IP spoofing via proxies, keep-alive connections, and POST data payloads. It mimics browser behavior to evade basic protections but is detectable by advanced WAFs. Warning: Misuse constitutes a criminal offense under laws like the CFAA. Only use with explicit permission on targets you control. Not for production or unauthorized testing.

CAVEATS

Legal warning: DDoS attacks are illegal without authorization. Use solely for testing owned systems. High resource usage may crash your own machine. Incompatible with Python 2; requires Python 3+. Proxies must be HTTP/SOCKS5 format.

EXAMPLE USAGE

Basic test: python3 goldeneye.py http://example.com
With workers/proxies: python3 goldeneye.py -w 50 -s 100 -p proxies.txt https://target.com

DEPENDENCIES

Requires requests, urllib3. Install via pip install -r requirements.txt. No root needed.

HISTORY

Originally inspired by 2014 GoldenEye malware. Rewritten in Python 3 by jseidl (2016) on GitHub as a testing tool. Updated sporadically for modern HTTP/2+ support and bug fixes.

SEE ALSO

hping3(8), slowhttptest(1), ab(1)

Copied to clipboard