vegeta
Load testing via HTTP request bombardment
TLDR
Launch an attack lasting 30 seconds
Launch an attack on a server with a self-signed HTTPS certificate
Launch an attack with a rate of 10 requests per second
Launch an attack and display a report
Launch an attack and plot the results on a graph (latency over time)
Launch an attack against multiple URLs from a file
SYNOPSIS
vegeta <command> [options] [arguments]
Common usage for load testing:
vegeta attack -targets=<file|url> -rate=<rate> -duration=<duration> [options]
vegeta report [options]
PARAMETERS
-targets string
Specifies the source of attack targets. This can be a file path containing one target per line, or a single URL directly. Targets can be simple URLs or more complex HTTP requests with headers and bodies.
-rate string
The request rate to send, expressed as 'requests/duration' (e.g., '500/1s' for 500 requests per second, or '100/1m' for 100 requests per minute). This defines the sustained attack rate.
-duration duration
The total duration of the attack (e.g., '10s', '5m', '1h'). The attack will stop after this duration, regardless of the number of requests sent.
-output string
File path to write the binary attack results to. If not specified, results are written to standard output (STDOUT), which is typically piped to another command like vegeta report.
-connections uint
Maximum number of concurrent connections the attacker can open. Defaults to 10000.
-timeout duration
Maximum time a single request is allowed to take. If a response is not received within this duration, the request is considered a timeout error. Defaults to 0 (no timeout).
-header string
Adds a custom HTTP header to all requests in the format 'Key: Value'. Can be specified multiple times for multiple headers.
-body string
Specifies the request body for POST/PUT requests. Can be a file path (prefixed with '@') or a string literal.
-insecure
When set, disables TLS certificate validation. Useful for testing services with self-signed certificates or during development.
-workers uint
The number of concurrent attack workers. More workers can generate higher loads, but also consume more local resources. Defaults to 10.
DESCRIPTION
vegeta is a versatile and high-performance HTTP load testing and API benchmarking tool. Written in Go, it excels at generating sustained request rates against web services and APIs, making it ideal for performance analysis, stress testing, and identifying bottlenecks. Users can define various attack parameters such as target URLs, request rate, and duration. vegeta provides a comprehensive set of output metrics including latency percentiles, request success rates, and throughput. Its binary output format can be piped to other vegeta sub-commands like report for human-readable summaries, dump for detailed request/response logs, or plot for generating graphical representations. It's renowned for its efficiency and ease of use, enabling developers and operations teams to quickly assess the resilience and performance characteristics of their applications under various loads. It's often chosen for its ability to simulate realistic traffic patterns with minimal resource overhead on the testing machine itself.
CAVEATS
vegeta is not a standard Linux distribution command; it needs to be installed separately, typically via Go or by downloading a pre-compiled binary.
For very high request rates, ensure the attacking machine has sufficient network bandwidth, CPU, and memory, as vegeta can be resource-intensive.
The raw output of the attack command is in a binary format, which requires piping to vegeta report, vegeta dump, or vegeta plot for human-readable or visual analysis. Neglecting this step can lead to confusion about results.
USAGE PATTERNS
The most common way to use vegeta is by chaining its sub-commands, typically attack and report, using a pipe. For instance, `vegeta attack -targets=targets.txt -rate=100/1s | vegeta report` performs an attack and immediately displays a summary report. Alternatively, results can be saved to a file (`vegeta attack > results.bin`) and analyzed later using `vegeta report < results.bin` or `vegeta dump < results.bin`.
TARGET DEFINITION
Targets for vegeta can be simple URLs or more complex definitions in a file, allowing specification of HTTP method, headers, and request body. For example, a targets.txt file can contain:
GET http://localhost:8080/path
POST http://localhost:8080/data
@payload.json
X-Custom-Header: value
HISTORY
vegeta was created by Tarek Ziade, a well-known figure in the open-source community, and is written in the Go programming language. It emerged as a high-performance alternative to existing load testing tools, leveraging Go's concurrency model to efficiently generate and manage a large number of concurrent HTTP requests. Since its initial release, it has gained significant traction among developers and SREs for its simplicity, speed, and comprehensive metrics, becoming a go-to tool for benchmarking and stress-testing HTTP services. The project is actively maintained on GitHub, benefiting from community contributions.