The last DDoS tool was built in 2012. We just built the next one.
GoldenEye. SlowLoris. LOIC. hping3. All built before 2015. All designed for a world where the target was a web server. The target is no longer a web server.
Last updated 2017. HTTP GET/POST flood only. No API awareness. No AI awareness. Blocked by every CDN.
Written in 2009. Slow header exhaustion. Defeated by any modern web server with connection timeouts.
Peak era: 2010. Volumetric flooding. You can't out-bandwidth Cloudflare with a Python script.
Zero new availability testing tools in over a decade. Meanwhile: LLMs, RAG systems, AI agents, inference compute, token budgets. An entirely new attack surface. Nobody built for it.
KRAKEN covers traditional network flooding through to AI-native compute exhaustion. Every technique built from scratch in pure Python. Zero external tool dependencies.
UDP Flood, TCP SYN/ACK, ICMP, IP Fragmentation, DNS/NTP/SSDP/Memcached Amplification, BGP Hijack Simulation.
HTTP GET/POST Flood, HTTP/2 Rapid Reset (CVE-2023-44487), HTTP/3 QUIC, Slowloris, Slow POST, Slow Read, Cache Bypass/Poisoning, SSL/TLS Flood, WebSocket Flood.
REST API Flood, GraphQL Depth/Alias/Introspection, XML Bomb, JSON Bomb, Regex DoS, OAuth Token Flood, Webhook Flood, gRPC Stream Flood.
LLM Inference Cost Attack. Context Window Maximiser. RAG Retrieval Flood. Multi-Agent Fan-Out. Token Budget Exhaustion. Agentic Loop Induction. Model Cascade Attack. Nobody else has built these.
Rotating Vector Attack. Threshold Probing. Timing Attack. Geographic Distribution. Protocol Confusion. Never presents the same attack pattern twice.
KRAKEN doesn't run scripted attacks. It thinks. NEMESIS plans the engagement based on recon output — selects techniques, calculates sequencing, adapts in real time, escalates when defences respond.
Phase 1: Recon — fingerprint target, detect CDN/WAF/rate limiting, discover AI endpoints.
Phase 2: Plan — NEMESIS selects optimal techniques from 55 available.
Phase 3: Execute — PHANTOM swarm deploys multiple vectors simultaneously.
Phase 4: Measure — real-time availability scoring, response time, error rate.
Phase 5: Report — Ed25519 signed RESTRICTED report with MITRE ATT&CK mapping.
Every destructive operation is Ed25519 signed, scope-locked to an allowed targets file, and auto-locks after 30 minutes. Authorised penetration testing only.
Default mode. Reconnaissance only. Fingerprint target. Map attack surface. Zero attack traffic sent.
--override flag. Ed25519 signature required. Plans the full attack. Shows projected impact. No execution.
--override --confirm-destroy. Full autonomous attack against authorised targets only. 30-minute auto-lock. RESTRICTED report generated.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS SIGNED AND LOGGED.
55 techniques. NEMESIS reasoning. PHANTOM swarm coordination. The first availability testing tool built for the AI era. Pure Python. Zero dependencies.