How to use the command 'goldeneye.py' (with examples)
- Linux
- December 17, 2024
GoldenEye is a powerful HTTP DoS (Denial of Service) test tool designed for testing the resilience of websites against overload attacks. By simulating a flood of HTTP requests to a specified URL, it helps developers and administrators assess the robustness of their web servers against potential DoS attacks. The tool, created by jseidl and available on GitHub, allows for various configurations to test under different conditions, including varying the number of user agents and sockets as well as bypassing SSL certificate verification. Below, we explore various use cases of GoldenEye with practical examples to help understand its applications.
Use case 1: Testing a specific website
Code:
./goldeneye.py url
Motivation: This basic test is essential for anyone who wants to evaluate their website’s initial capacity for handling multiple HTTP requests. By introducing a load to the server using default settings, it establishes a baseline for how the server performs under stress. This provides a preliminary impression of the server’s response time and availability, highlighting potential weaknesses that need addressing.
Explanation:
In this command, ./goldeneye.py is the tool being executed. The single argument url specifies the target website you intend to test. By calling the tool with only this argument, GoldenEye uses its default settings for user agents and sockets to generate requests.
Example Output:
GoldenEye v1.2 by Jan Seidl
Hitting URL: http://sample-website.com
Number of User Agents: 40
Number of Concurrent Sockets: 50
... (output showing progress and potential impact on the website)
Use case 2: Testing a specific website with 100 user agents and 200 concurrent sockets
Code:
./goldeneye.py url --useragents 100 --sockets 200
Motivation: Increasing the number of user agents and sockets escalates the test’s intensity, simulating a more substantial DoS attack. This approach is beneficial for realistically testing the server’s capacity and handling of more extreme traffic conditions. It can highlight deeper issues that are not evident under lighter loads.
Explanation:
--useragents 100: This argument sets the number of user agent strings the tool will use during the test to 100. User agents simulate different browsers or devices, making the requests appear more distributed and harder to block.--sockets 200: This determines the number of open sockets, or simultaneous connections, to 200, heightening the load challenge for the server by making more concurrent requests.
Example Output:
GoldenEye v1.2 by Jan Seidl
Hitting URL: http://sample-website.com
Number of User Agents: 100
Number of Concurrent Sockets: 200
... (output with increased intensity on website resources)
Use case 3: Testing a specific website without verifying the SSL certificate
Code:
./goldeneye.py url --nosslcheck
Motivation: There are scenarios where the website’s SSL certificate might not be valid or is self-signed, causing verification processes to fail. This example allows testing in such environments or in cases where certificate verification isn’t necessary. It’s particularly useful for internal network tests where SSL isn’t properly configured.
Explanation:
--nosslcheck: This option bypasses SSL certificate verification, enabling the test to continue even if the certificate is self-signed or invalid. This is crucial for testing environments or situations where SSL is not a concern but function testing is required.
Example Output:
GoldenEye v1.2 by Jan Seidl
Hitting URL: https://sample-website.com
SSL Certificate verification is disabled.
... (output shows progress with SSL checks bypassed)
Use case 4: Testing a specific website in debug mode
Code:
./goldeneye.py url --debug
Motivation: Debug mode offers detailed insights into how the tool is performing, providing step-by-step information that can be instrumental in diagnosing issues during the test. This is particularly useful for developers or testers who need to understand what happens behind the scenes or when something doesn’t work as expected.
Explanation:
--debug: Activates detailed logging by the GoldenEye tool. This mode records extensive information about the test processes, helpful for troubleshooting or confirming if the tool is executing as intended.
Example Output:
GoldenEye v1.2 by Jan Seidl
Hitting URL: http://sample-website.com
Debugging Mode: ON
[DEBUG] Initializing requests
[DEBUG] Sending HTTP GET request
... (detailed logs of request and response cycle)
Use case 5: Displaying help instructions
Code:
./goldeneye.py --help
Motivation: Familiarizing oneself with the available options of a tool is crucial for effective usage. Viewing the help instructions enables users to quickly understand all the features and adjust the tool’s parameters to suit their testing needs.
Explanation:
--help: Displays a detailed help message listing all available commands, arguments, and options. This is a guide to understanding how to use the GoldenEye tool effectively, showing parameters that can be utilized in various testing scenarios.
Example Output:
Usage: goldeneye.py URL [OPTIONS]
OPTIONS:
--useragents <number> Number of user agent strings to use
--sockets <number> Number of concurrent sockets
--nosslcheck Disable SSL certificate checks
--debug Run in debug mode
--help Display help
... (additional details about each option)
Conclusion:
GoldenEye provides a versatile and powerful tool for testing how websites manage HTTP flood scenarios, offering numerous options to simulate different attack intensities and configurations. Whether you’re conducting baseline tests with default settings or more advanced exploration using increased concurrency, SSL bypass, or debug mode, this tool can significantly assist in identifying and strengthening potential vulnerabilities in web servers.
