Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/utkusen/reqstress
a benchmarking&stressing tool that can send raw HTTP requests
https://github.com/utkusen/reqstress
benchmarking ddos dos-attack stresser
Last synced: 14 days ago
JSON representation
a benchmarking&stressing tool that can send raw HTTP requests
- Host: GitHub
- URL: https://github.com/utkusen/reqstress
- Owner: utkusen
- License: mit
- Created: 2021-06-06T16:29:23.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2022-09-24T22:46:30.000Z (about 2 years ago)
- Last Synced: 2024-11-05T21:45:37.957Z (about 1 month ago)
- Topics: benchmarking, ddos, dos-attack, stresser
- Language: Go
- Homepage:
- Size: 31.3 KB
- Stars: 166
- Watchers: 4
- Forks: 14
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# reqstress
reqstress is a benchmarking&stressing tool that can send raw HTTP requests. It's written in Go and uses [fasthttp](https://github.com/valyala/fasthttp) library instead of Go's default http library, because of its lightning-fast performance.
## Why Do We Need Another Benchmarking Tool?
There are really great benchmarking tools out there such as [wrk](https://github.com/wg/wrk), [bombardier](https://github.com/codesenberg/bombardier), [hey](https://github.com/rakyll/hey), [ab](https://httpd.apache.org/docs/2.4/tr/programs/ab.html). Some of them don't support sending custom requests, they are only sending a GET request to a given URL. Some of them support custom requests but it's really hard to craft one by using command line parameters. I wanted to create a tool that can read a raw HTTP request from a text file and replays it.
So, you can copy your favorite request from Burp Suite, Fiddler etc. and pass it to the reqstresser directly. It would be useful for stressing authenticated endpoints and specific requests that create a huge load.
## reqstress vs. Other Tools
reqstresser is not the fastest benchmarking tool, but it's not bad either. I tested couple of popular tools on a $20 Linode server with same amount of threads. Here is the result:
| Tool | Num. of Sent Requests | Duration |
|--------------|-----------------------|----------|
| wrk | ~45000 | 10s |
| bombardier | ~41000 | 10s |
| ab | ~40000 | 10s |
| reqstress | ~39304 | 10s |
| hey | ~35127 | 10s |
| goldeneye.py | ~10913 | 10s |# Installation
## From Binary
You can download the pre-built binaries from the [releases](https://github.com/utkusen/reqstress/releases) page and run. For example:
`wget https://github.com/utkusen/reqstress/releases/download/v0.1.4/reqstress_0.1.4_Linux_amd64.tar.gz`
`tar xzvf reqstress_0.1.4_Linux_amd64.tar.gz`
`./reqstress --help`
## From Source
1. Install Go on your system
2. Run: `go install github.com/utkusen/reqstress@latest`# Usage
reqstress requires 6 parameters to run:
`-r` : Path of the request file. For example: `-r request.txt`. Request file should contain a raw HTTP request. For example:
```http
POST /wp-login.php HTTP/1.1
Host: 1.1.1.1
Content-Length: 107
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://1.1.1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://1.1.1.1/wp-login.php?redirect_to=http%3A%2F%2F1.1.1.1%2Fwp-admin%2F&reauth=1
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: wordpress_test_cookie=WP%20Cookie%20check
Connection: closelog=admin&pwd=asdadsasdads
```
`-w` : The number of workers to run (e.g `-w 750`). The default value is 500. You can increase or decrease this by testing out the capability of your system.
`-d` : Duration of the test (in seconds) (e.g `-d 60`). Default is infinite.
`-https` : Target protocol. Can be `true` or `false` (e.g `-https=false`). Default is `true`
`-t` : Request timeout. (e.g `-t 1`). Default is 5(seconds)