bonesi man page

BoNeSi — the DDoS Botnet Simulator


bonesi [OPTION]... dst_ip:port


BoNeSi is a DDoS Botnet Simulator for different protocol types. The attributes of the created packets and connections can be controlled by several parameters like packet rate or payload size. It spoofs the source IP addresses even when generating TCP traffic (HTTP-GET attack). Therefor it includes a simple TCP stack to handle tcp connections in promiscuous mode. In a working installation, one has to ensure that the response packets from the server are routed to the host running BoNeSi. Due to this limitation BoNeSi cannot be used in arbitrary network infrastructures running HTTP-GET attacks. The most advanced kind of traffic that can be generated are HTTP requests.


In order to make the http requests more realistic, several things are determined by chance:
- source port: out of range defined in code
- ttl: 3..255
- tcp options: out of seven different real life options with different lengths and probabilities
- user agent for http header: out of a given list from a file


-i, --ips=FILENAME
read ip addresses from this file
-p, --protocol=PROTO
udp (default), icmp or tcp
-r, --send_rate=NUM
packets per second, 0 = infinite (default)
-s, --playload_size=BYTES
size of the paylod, (default: 32)
-o, --stats_file=FILENAME
filename for the statistics, (default: 'stats')
-c, --max_packets=NUM
maximum number of packets (requests at tcp/http)
0 = infinite (default)
IPs are integers in host byte order instead of in dotted notation
-t, --max_bots=NUM
determine max_bots in the 24bit prefix randomly (1-256)
-u, --url=URL
the url (default: '/') (only for tcp/http)
-l, --url_list=FILENAME
filename with url list (only for tcp/http)
-b, --useragent_list=FILENAME
filename with useragent list (only for tcp/http)
-d, --device=DEVICE
network listening device (only for tcp/http)
-v, --verbose
print additional debug messages
-h, --help
print the help message and exit


Send 2 udp packets per second with a payload of 1200bytes to host on port 2405:
bonesi -p udp -s 1200 -r 2 -i 50k-bots

Send as many as possible, but only 100 in total udp packets with a payload of 10bytes to host on port 2405:
bonesi -p udp -s 10 -c 100 -i 50k-bots

Request 1000 times per second via eth1:
bonesi -p tcp -r 1000 -i 50k-bots -u /site.html -d eth1


Written by Matthias Reif, Markus Goldstein and Christian Jansohn

Reporting Bugs

Report bugs to <>.