BoNeSi – The DDoS Botnet Simulator

BoNeSi is a network traffic generator for different protocol types. The attributes of the created packets and connections can be controlled by several parameters like send rate or payload size or they are determined by chance.

The tool spoofs the source ip addresses even when generating tcp traffic. Therefor it includes a simple tcp-stack to handle tcp connections in promiscuous mode.

BoNeSi - The DDoS Botnet Simulator
BoNeSi – The DDoS Botnet Simulator

User may generate ICMP, UDP and TCP (HTTP) flooding attacks from a defined botnet size (different IP addresses). The tool is highly configurable and rates, data volume, source IP addresses, URLs and other parameters can be configured.

some of the extra options during the DDoS attack are:

  • 50k-bots – 50,000 ip addresses generated randomly to use with –ips option
  • browserlist.txt – several browser identifications to use with –useragentlist option
  • urllist.txt – several urls to use with –urllist option
  • Sniffs TCP packets on the network interface and responds to all packets in order to establish TCP connections. For this feature, it is necessary, that all traffic from the target webserver is routed back to the host running.
  • UDP/ ICMP attacks can easily fill the bandwidth and HTTP-Flooding attacks knock out webservers fast. BoNeSi were tested against state-of-the-art commercial DDoS mitigation systems and the result was to either crash them or hiding the attack from being detected.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments