Wreckuests – Tool To Run DDoS Attacks With HTTP-Flood

Wreckuests is a script, which enables you to run DDoS attacks with HTTP-flood. It’s composed in unadulterated Python and utilization proxy servers as bots. This script isn’t all inclusive and you can’t simply drop Pentagon/NSA/whatever site with only a solitary mouse click. Each attack is one of a kind, and for every site you’d have to look for vulnerabilities and glory them.

Warning: This content is distributed for educational purposes as it were! Creator will acknowledge no obligation regarding any outcomes, harm or misfortune which may result from utilize.

Also Read Homoglyphs – Get Similar Letters, Convert To ASCII, Detect Possible Languages & UTF-8 Group

Wreckuests Features

  1. Cache bypass with URL parameters randomization
  2. CloudFlare detection and notification of
  3. Automatic gzip/deflate toggling
  4. HTTP Authentication bypass
  5. UserAgent substitution
  6. Referers randomizer
  7. HTTP proxy support


  • Python 3.5+
  • Requests 2.10.0 or higher
  • Netaddr tested with 0.7.19


Just clone repository in the desired directory and run the installation script:

chmod +x install.sh


Type under sudo mode:

python3 wreckuests.py -v <target url> -a <login:pass> -t <timeout>

Possible parameters:

-h or --help:

Prints a message with possible parameters.

-v or --victim:

Specifies a link to the victim’s site page. It could be the website’s main page, someone’s profile, .php-file or even image. Everything that has a lot of weight or is hard for server to give. The choice is yours.

-a or --auth:

Parameter for bypassing authentication. Your victim could enable basic HTTP authentication and his website will ask you to enter login and password in popup window. Victim may previously publish login and password data for his users in VK/FB/Twitter and whatever social network.

-t or --timeout(default: 10):

Parameter to control connection ‘n’ read timeout. This option also controls terminating time.

Note: if you set timeout=1 or somewhere about 2-3 seconds, the slow proxies will not have any time to even connect to your victim’s website and will not even hit it. If you sure your proxies are fast enough