General security

Understanding DoS attacks and the best free DoS attacking tools [updated in 2020]

Howard Poston
September 25, 2020 by
Howard Poston

A Denial of Service (DoS) attack is designed to cause service outages. These attacks can easily cost an organization a significant amount in damages and wasted resources, even if the attacker does not demand a ransom to stop the attack. A number of different free DDoS tools exist, making it cheap and easy for even unsophisticated attackers to use this attack technique.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

What is a denial-of-service attack?

A DoS attack is any attack that is designed to take a system offline or make it unavailable to legitimate users. The goal of the attack could be to hurt the target organization, extort a ransom to allow services to be restored or cover up another attack.

DoS attacks can take advantage of a number of different vulnerabilities within a computer system. Buffer overflow vulnerabilities and other programming flaws can be exploited to cause a segmentation fault or other error that causes a program to crash.

However, the most common method of performing a DoS attack is to take advantage of bottlenecks within a computing system. Every component of a system has a maximum amount of traffic, data, connections and so on that it is capable of processing, and the entire system is limited by the component with the lowest threshold. Most DoS attacks are designed to exceed this maximum capacity, making it impossible for the system to process legitimate user requests.

DoS attacks can be performed in multiple different ways. Examples of common attack techniques include:

  • Volumetric attacks: Network connections and network interface cards (NICs) have set bandwidth limitations. Volumetric attacks attempt to overwhelm these systems by sending more data than they can handle. These attacks may be composed of a massive number of small packets or a smaller number of very large ones.
  • Protocol-level attacks: Computers have a set number of TCP and UDP port numbers allocated and cannot handle a new connection if no port is available. Protocol-level attacks attempt to consume all of a computer’s available connections, making it incapable of accepting new connections.
  • Application-layer attacks: Applications communicating over the network need to be capable of processing the requests that they receive. In many cases, an application’s thresholds are much lower than the infrastructure that it runs on. By sending many legitimate requests to an application, an attacker can consume all of its available resources and make it unavailable to legitimate users.

DDoS or distributed denial-of-service attack

DoS attacks are designed to overwhelm a service with more traffic than it can handle. However, this assumes that the attacker has the resources necessary to achieve this.

Distributed DoS (DDoS) attacks are designed to ensure that the target is overwhelmed by taking a many-to-one approach to the attack. Instead of using a single machine to perform an attack, the attacker uses a botnet.

This botnet is composed of many attacker-controlled machines, including compromised computers, leased cloud infrastructure and more. Each of these machines is instructed to send some traffic to the target service. By taking advantage of its greater numbers, a DDoS botnet can take down any unprotected service, even if the target has more network bandwidth and better computers than the attacker.

Free DoS attacking tools

It’s possible for an attacker to write custom software to perform a DoS attack or malware to perform a DDoS attack, and many DDoS websites offer DDoS-as-a-Service. For penetration testers wishing to perform their attacks independently but don’t want to write their own tools, a number of free DoS attack tools exist.

1. LOIC (Low Orbit Ion Cannon)

LOIC is one of the most popular DoS attacking tools freely available on the internet. The famous hacking group Anonymous has not only used the tool, but also requested internet users to join their DDoS attacks via IRC.

LOIC can be used by a single user to perform a DoS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DoS attack by sending UDP, TCP or HTTP requests to the victim server. You only need to know the URL or IP address of the server, and the tool will do the rest.

Image 1: Low Orbit Ion Cannon

You can see a snapshot of the tool above. Enter the URL or IP address, and then select the attack parameters. If you are not sure about what settings to use, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER”, and it will start attacking the target server.

This tool also has a HIVEMIND mode. It lets attackers control remote LOIC systems to perform a DDoS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DoS attacks and DDoS attacks against any website or server.

The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DoS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. This tool should only be used for testing the resiliency of your own systems against DoS and DDoS attacks.


XOIC is another nice DoS attacking tool. It performs a DoS attack against any server if the user can provide an IP address, a target port, and a protocol to use in the attack. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks.

Image 2: XOIC

In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DoS attack mode. The last one is a DoS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.

Download XOIC here.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

3. HULK (HTTP Unbearable Load King)

HULK is another nice DoS attacking tool that generates a unique request for each and every request to the web server, making it more difficult for the server to detect patterns within the attack. This is only one of the ways in which HULK eliminates patterns within its attacks.

It has a list of known user agents to use randomly with requests. It also uses referrer forgery and can bypass caching engines; thus, it directly hits the server’s resource pool.

Download HULK here.

4. DDoSIM — layer 7 DDoS simulator

DDoSIM is another popular DoS attacking tool. As the name suggests, it is used to perform DDoS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.

This tool is written in C++ and runs on Linux systems.

These are main features of DDoSIM

  • Simulates several zombies in attack
  • Random IP addresses
  • TCP-connection-based attacks
  • Application-layer DDoS attacks
  • HTTP DDoS with valid requests
  • HTTP DDoS with invalid requests (similar to a DC++ attack)
  • TCP connection flood on random port

Download DDoSIM here.

Read more about this tool here.

5. R-U-Dead-Yet

R-U-Dead-Yet is a HTTP POST DoS attack tool. For short, it is also known as RUDY. It performs a DoS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DoS attack.

Download RUDY here.

6. Tor’s hammer

Tor’s hammer is a nice DoS testing tool written in Python. It performs slow-rate attacks using HTTP POST requests.

This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in a few seconds.

Download TOR’s Hammer here.

7. PyLoris

PyLoris is said to be a testing tool for servers. It can be used to perform DoS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DoS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP and Telnet.

The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DoS attacking tools, this tool directly hits the service.

Download PyLoris here.

8. OWASP switchblade (formerly DoS HTTP POST)

OWASP Switchblade is another nice tool to perform DoS attacks. You can use this tool to check whether or not your web server is able to defend against DoS attacks. Not only for defense, it can also be used to perform DoS attacks against a website during a Red Team exercise.

Download Switchblade here


DAVOSET is yet another nice tool for performing DDoS attacks. The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.

Download DavoSET here.

10. GoldenEye HTTP Denial of Service tool

GoldenEye is another simple but effective DoS attacking tool. It was developed in Python for testing DoS attacks.

Download GoldenEye here.

Detection and prevention of denial-of-service attack

A successful DoS attack can cause significant damage to an organization’s operations. For this reason, it is important to have strategies and solutions in place to protect against them.

The first step in protecting against DoS attacks is minimizing the attack surface. One way to accomplish this is to deploy a network firewall with a restrictive allow/block list. This limits inbound traffic to protocols legitimately used by applications within the organization’s network and blocks any other traffic at the network border.

Anti-DoS tools are specialized solutions designed to identify and filter out attack traffic before it reaches the target service. This is accomplished by identifying features of the malicious traffic that differ from legitimate traffic. However, the increasing sophistication of DoS attacks makes this more difficult to perform.

The DDoS threat can also be decreased by denying attackers’ access to devices for use in their attacks. Botnets are commonly composed of computers, Internet of Things (IoT), and mobile devices that are compromised due to poor password security, lack of patching, or malware infections. Using strong passwords, installing security updates and using a trusted antivirus on all systems can help to limit the size of the botnets used in DDoS attacks.


Denial-of-service attacks can knock an organization’s systems offline and waste valuable resources on malicious traffic. This incurs significant costs for the target, even if the attacker doesn’t demand a ransom to stop their attacks.

The wide variety of free tools make it cheap and easy for cybercriminals to perform DoS and DDoS attacks, so every organization should have systems in place to protect against them. This is especially true as the growth of the Internet of Things and cloud computing make enterprise-scale attacks cheaper for attackers to perform.

Read more about DoS

Phishing: Denial Of Service (DoS) Implications

Denial of Service Attack

Howard Poston
Howard Poston

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at or via his website at