Web Application Analysisdoshttppentestkeep-alivesecurity-testing

GoldenEye

GoldenEye is an HTTP DoS test tool used to check if a website is susceptible to Denial of Service attacks by opening multiple parallel connections. It employs HTTP Keep Alive and NoCache as the attack vector for testing web server resilience.

Description

GoldenEye is designed for pentesters to evaluate network security by simulating HTTP Denial of Service (DoS) attacks. It targets a specified URL with multiple concurrent connections to determine if the web server can be compromised under load.

The tool is particularly useful for identifying vulnerabilities in web servers related to resource exhaustion from sustained HTTP requests. By using parallel workers and sockets, it mimics high-traffic scenarios that could lead to service denial.

This package requires root privileges for effective testing and is part of Kali Linux's suite for penetration testing.

How It Works

GoldenEye operates by establishing numerous concurrent sockets and workers to send HTTP requests using Keep Alive and NoCache headers, overwhelming the target web server. It supports GET, POST, or random HTTP methods and can bypass SSL certificate verification. The attack vector exploits persistent connections to exhaust server resources without closing sockets prematurely.

Installation

bash

sudo apt install goldeneye

Flags

-u, --useragentsFile with user-agents to use (default: randomly generated)

-w, --workersNumber of concurrent workers (default: 10)

-s, --socketsNumber of concurrent sockets (default: 500)

-m, --methodHTTP Method to use 'get' or 'post' or 'random' (default: get)

-n, --nosslcheckDo not verify SSL Certificate (default: True)

-d, --debugEnable Debug Mode [more verbose output] (default: False)

-h, --helpShows this help

Examples

Displays the help menu showing all options and usage

goldeneye -h

Basic test against a URL using default settings (10 workers, 500 sockets, GET method)

goldeneye http://example.com

Tests with 20 workers and 1000 sockets for higher load

goldeneye https://example.com -w 20 -s 1000

Uses POST method instead of default GET

goldeneye http://example.com -m post

Skips SSL certificate verification for HTTPS targets

goldeneye https://example.com -n

Uses custom user-agents file with debug output enabled

goldeneye http://example.com -u useragents.txt -d

Random HTTP methods with 50 concurrent workers

goldeneye http://example.com -m random -w 50

Updated 2026-04-16kali.org ↗