vegeta

Launch an attack lasting 30 seconds

$ echo "[GET https://example.com]" | vegeta attack -duration=[30s]

$ echo "[GET https://example.com]" | vegeta attack -insecure -duration=[30s]

$ echo "[GET https://example.com]" | vegeta attack -duration=[30s] -rate=[10]

$ echo "[GET https://example.com]" | vegeta attack -duration=[30s] | vegeta report

$ echo "[GET https://example.com]" | vegeta attack -duration=[30s] | vegeta plot > [path/to/results.html]

$ vegeta attack -duration=[30s] -targets=[requests.txt] | vegeta report

vegeta <command> [options] [arguments]

Common usage for load testing:
vegeta attack -targets=<file|url> -rate=<rate> -duration=<duration> [options]
vegeta report [options]

-targets string
    Specifies the source of attack targets. This can be a file path containing one target per line, or a single URL directly. Targets can be simple URLs or more complex HTTP requests with headers and bodies.

-rate string
    The request rate to send, expressed as 'requests/duration' (e.g., '500/1s' for 500 requests per second, or '100/1m' for 100 requests per minute). This defines the sustained attack rate.

-duration duration
    The total duration of the attack (e.g., '10s', '5m', '1h'). The attack will stop after this duration, regardless of the number of requests sent.

-output string
    File path to write the binary attack results to. If not specified, results are written to standard output (STDOUT), which is typically piped to another command like vegeta report.

-connections uint
    Maximum number of concurrent connections the attacker can open. Defaults to 10000.

-timeout duration
    Maximum time a single request is allowed to take. If a response is not received within this duration, the request is considered a timeout error. Defaults to 0 (no timeout).

-header string
    Adds a custom HTTP header to all requests in the format 'Key: Value'. Can be specified multiple times for multiple headers.

-body string
    Specifies the request body for POST/PUT requests. Can be a file path (prefixed with '@') or a string literal.

-insecure
    When set, disables TLS certificate validation. Useful for testing services with self-signed certificates or during development.

-workers uint
    The number of concurrent attack workers. More workers can generate higher loads, but also consume more local resources. Defaults to 10.

vegeta is a versatile and high-performance HTTP load testing and API benchmarking tool. Written in Go, it excels at generating sustained request rates against web services and APIs, making it ideal for performance analysis, stress testing, and identifying bottlenecks. Users can define various attack parameters such as target URLs, request rate, and duration. vegeta provides a comprehensive set of output metrics including latency percentiles, request success rates, and throughput. Its binary output format can be piped to other vegeta sub-commands like report for human-readable summaries, dump for detailed request/response logs, or plot for generating graphical representations. It's renowned for its efficiency and ease of use, enabling developers and operations teams to quickly assess the resilience and performance characteristics of their applications under various loads. It's often chosen for its ability to simulate realistic traffic patterns with minimal resource overhead on the testing machine itself.

vegeta is not a standard Linux distribution command; it needs to be installed separately, typically via Go or by downloading a pre-compiled binary.
For very high request rates, ensure the attacking machine has sufficient network bandwidth, CPU, and memory, as vegeta can be resource-intensive.
The raw output of the attack command is in a binary format, which requires piping to vegeta report, vegeta dump, or vegeta plot for human-readable or visual analysis. Neglecting this step can lead to confusion about results.

The most common way to use vegeta is by chaining its sub-commands, typically attack and report, using a pipe. For instance, `vegeta attack -targets=targets.txt -rate=100/1s | vegeta report` performs an attack and immediately displays a summary report. Alternatively, results can be saved to a file (`vegeta attack > results.bin`) and analyzed later using `vegeta report < results.bin` or `vegeta dump < results.bin`.

Targets for vegeta can be simple URLs or more complex definitions in a file, allowing specification of HTTP method, headers, and request body. For example, a targets.txt file can contain:
GET http://localhost:8080/path
POST http://localhost:8080/data
@payload.json
X-Custom-Header: value

vegeta was created by Tarek Ziade, a well-known figure in the open-source community, and is written in the Go programming language. It emerged as a high-performance alternative to existing load testing tools, leveraging Go's concurrency model to efficiently generate and manage a large number of concurrent HTTP requests. Since its initial release, it has gained significant traction among developers and SREs for its simplicity, speed, and comprehensive metrics, becoming a go-to tool for benchmarking and stress-testing HTTP services. The project is actively maintained on GitHub, benefiting from community contributions.

ab(1), wrk(1), siege(1), curl(1)