Mar 18, 2018

Stress website with a Beehive (with machineguns 🔫)

Warning I deny any responsibility for using this article to launch an assault on a website that you don’t own.

TL;DR

In this article, you will find a procedure to launch a distributed load test of ApacheBench (AB) on your website. I will use: BeesWithMachineGuns

Requirements

  • Boto / awscli
  • Python 2.6 - 3.6
  • paramiko

Installation

  • aws configure with your credentials
  • sudo pip install https://github.com/newsapps/beeswithmachineguns/archive/master.zip

Launch ssh-agent, add your key:

Copy your EC2 ssh-key pair to your instance, in /home/ec2-user/.ssh/. This key will be used to launch bees.

The name of the key must be the same name as it shows in the EC2 console.

Run

eval $(ssh-agent -s)

ssh-add your_key.pem

Bees Usage

Let’s launch a bees attack!

Bees Attack

Please use a specific security group and subnet.

bees up --servers=16 --group=sg-your_sg -v subnet-your_subnet --key=your_key --login=your_login -z eu-west-1a -i ami-your_ami -t t2.micro -x "{'Project':'Bees'}" -b 0.0040
bees attack -n 300000 -c 600 -u http://your_own_website/
``

    -n NUMBER, --number=NUMBER
                        The number of total connections to make to the target
                        (default: 1000).

    -c CONCURRENT, --concurrent=CONCURRENT
                        The number of concurrent connections to make to the
                        target (default: 100).

### Sample result

```bash
Bee 0 is out of ammo.
Offensive complete.
     Complete requests:         300000
     Failed requests:           0
          connect:              0
          receive:              0
          length:               0
          exceptions:           0
     Response Codes:
          2xx:          300000
          3xx:          0
          4xx:          0
          5xx:          0
     Requests per second:       2763.700000 [#/sec] (mean of bees)
     Time per request:          217.100000 [ms] (mean of bees)
     50% responses faster than: 144.303000 [ms]
     90% responses faster than: 404.920000 [ms]
Mission Assessment: Target crushed bee offensive.
The swarm is awaiting new orders.

Then shut down your bees army: bees down

Double-check if there is no more EC2 instance running in EC2 console.

Tips

  • Check the AMI you are using, validate that AB is properly installed.
  • Use the following option to tag your instances: -x "{'Project':'Bees'}"
  • Prefer t2.micro instance type cheaper than t1.micro and more robust for a large attack.
  • You should try -b 0.0040 switch (for example) to launch bees army on spot market.
  • You can also try hurl attack

I recommend you to make your own ami image. I’ve used the official one, but surprisingly, there is no ApacheBench installed. Official ami : ami-8b8f59f2 (eu-west-1) - Link

Please don’t hesitate to ping me with any questions, on Twitter or in the comments below.

That’s all folks!

zoph.