Warning I deny any responsibility for using this article to launch an assault on a website that you don’t own.

TL;DR

In this article, you will find a procedure to launch a distributed load test of ApacheBench (AB) on your website. I will use BeesWithMachineGuns.

Requirements

  • Boto / awscli
  • Python 2.6 - 3.6
  • paramiko

Installation

  • aws configure with your credentials
  • sudo pip install https://github.com/newsapps/beeswithmachineguns/archive/master.zip

Launch ssh-agent, add your key:

Copy your EC2 ssh-key pair to your instance, in /home/ec2-user/.ssh/. This key will be used to launch bees.

The name of the key must be the same name as it shows in the EC2 console.

Run

eval $(ssh-agent -s)

ssh-add your_key.pem

Bees Usage

Let’s launch a bees attack!

Bees Attack

Please use a specific security group and subnet.

1
2

bees up --servers=16 --group=sg-your_sg -v subnet-your_subnet --key=your_key --login=your_login -z eu-west-1a -i ami-your_ami -t t2.micro -x "{'Project':'Bees'}" -b 0.0040
bees attack -n 300000 -c 600 -u http://your_own_website/

1
2
3
4
5
6
7

-n NUMBER, --number=NUMBER
                    The number of total connections to make to the target
                    (default: 1000).

-c CONCURRENT, --concurrent=CONCURRENT
                    The number of concurrent connections to make to the
                    target (default: 100).

Sample result

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19

Bee 0 is out of ammo.
Offensive complete.
     Complete requests:         300000
     Failed requests:           0
          connect:              0
          receive:              0
          length:               0
          exceptions:           0
     Response Codes:
          2xx:          300000
          3xx:          0
          4xx:          0
          5xx:          0
     Requests per second:       2763.700000 [#/sec] (mean of bees)
     Time per request:          217.100000 [ms] (mean of bees)
     50% responses faster than: 144.303000 [ms]
     90% responses faster than: 404.920000 [ms]
Mission Assessment: Target crushed bee offensive.
The swarm is awaiting new orders.

Then shut down your bees army: bees down

Double-check that there are no more EC2 instances running in the EC2 console.

Tips

  • Check the AMI you are using and validate that AB is properly installed.
  • Use the following option to tag your instances: -x "{'Project':'Bees'}".
  • Prefer t2.micro instance type, cheaper than t1.micro and more robust for a large attack.
  • You should try the -b 0.0040 switch (for example) to launch the bees army on the spot market.
  • You can also try hurl attack.

I recommend you make your own AMI image. I’ve used the official one, but surprisingly, there is no ApacheBench installed. Official AMI: ami-8b8f59f2 (eu-west-1), Link.

Please don’t hesitate to ping me with any questions, on Twitter or in the comments below.

That’s all folks!

zoph.