# Install slowhttptest with Homebrew, apt, MacPorts, Nix, pacman

Simulates application layer denial of service attacks. Version 1.9.0 via Homebrew; verified 2026-05-12.

## Install

```sh
sudo av install brew:slowhttptest
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install slowhttptest
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install slowhttptest
```

  Evidence: MacPorts ports tree: www/slowhttptest/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install slowhttptest
```

  Evidence: Debian stable package indexes: slowhttptest from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#slowhttptest
```

  Evidence: nixpkgs package indexes: pkgs/by-name/sl/slowhttptest/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S slowhttptest
```

  Evidence: Arch Linux sync databases: slowhttptest from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

## Package facts

- **Package key:** brew:slowhttptest
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/slowhttptest>
- **Version:** 1.9.0
- **Source summary:** Simulates application layer denial of service attacks
- **Homepage:** <https://github.com/shekyan/slowhttptest>
- **Repository:** <https://github.com/shekyan/slowhttptest>
- **Upstream docs:** <https://github.com/shekyan/slowhttptest#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/shekyan/slowhttptest/archive/refs/tags/v1.9.0.tar.gz>
- **Last updated:** 2026-05-12T21:46:12Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- slowhttptest (cli)
- slowhttptest (alias)

## Dependencies

- openssl@4

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.9.0
- Package-manager updated: 2026-05-12
- Local data: ok
- Upstream repository: https://github.com/shekyan/slowhttptest
- Upstream latest detected: v1.9.0 (current)
## Project history and usage

SlowHTTPTest is a command-line security testing tool that simulates application-layer denial-of-service attacks by prolonging HTTP connections in several ways. Its README frames it as a configurable way to test web servers for DoS vulnerability or connection-handling limits.

### Project history

The official GitHub wiki says the project moved from Google Code. The wiki timeline records the first version on 2011-08-24, version 1.1 for Apache Range header testing on 2011-08-27, version 1.3 with Slow Read support on 2011-12-28, version 1.4 with `poll()` support on 2012-01-28, and version 1.6 on 2013-11-25.

The GitHub release list preserves that migration history: v1.6 is named as from the Google Code period, v1.7 as the first post-Google Code release, and later releases include v1.8 in 2019, v1.8.2 in 2020, and v1.9.0 in 2022.

### Adoption history

SlowHTTPTest became a standard small-package security tool because it wraps slowloris, Slow HTTP POST, Slow Read, and Apache Range-style tests into one CLI. The input facts list it in Homebrew, Debian, Ubuntu, MacPorts, Nix, and pacman-family systems.

Homebrew's formula API reported 277 installs-on-request over 365 days for the batch's lookup window, matching a specialist tool that is installed when a user needs to test a web server rather than kept as a daily shell utility.

### How it is used

The official README describes testing web servers for DoS vulnerabilities or determining how many concurrent connections they can handle. It says the tool works on many Linux platforms, OS X, and Cygwin, and points to the wiki for installation and usage details.

The wiki explains that the tool sends partial HTTP requests or reads responses slowly to exercise server resource handling. Its usage should be limited to systems the user is authorized to test.

### Why package nerds care

SlowHTTPTest is package-nerd significant because it keeps a historically important class of HTTP DoS tests available as a reproducible CLI package instead of scattered proof-of-concept scripts.

It also shows how security tooling often survives package-manager adoption after project hosting moves: Google Code history, GitHub releases, distro packages, and Homebrew all preserve the same operational utility.

### Timeline

- 2011: First version of slowhttptest released.
- 2011: Version 1.3 added Slow Read DoS support.
- 2012: Version 1.4 added `poll()` support and a man page.
- 2013: Version 1.6 released during the Google Code era.
- 2016: GitHub releases list v1.7 as the first post-Google Code release.
- 2022: GitHub release v1.9.0 published.

### Related projects

- The official wiki discusses slowloris, Slow HTTP POST, Slow Read, and Apache Range Header attack testing as related attack classes.
- The tool is often packaged alongside other web and network security testing utilities in operating-system and developer package managers.

### Sources

- <https://api.github.com/repos/shekyan/slowhttptest/releases>
- <https://formulae.brew.sh/api/formula/slowhttptest.json>
- <https://github.com/shekyan/slowhttptest>
- <https://github.com/shekyan/slowhttptest/wiki>
- <https://raw.githubusercontent.com/shekyan/slowhttptest/master/README.md>
- <https://raw.githubusercontent.com/wiki/shekyan/slowhttptest/Home.md>
- source_facts.repo


## Security Notes

No matching local secret-handling manifest was found for slowhttptest. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** slowhttptest
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Debian apt - slowhttptest - 1.9.0-1+b1: normalized package name match | Debian stable package indexes: slowhttptest from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | application layer Denial of Service attacks simulation tool | https://github.com/shekyan/slowhttptest
- Nix - slowhttptest: normalized package name match | nixpkgs package indexes: pkgs/by-name/sl/slowhttptest/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - slowhttptest - 1.9.0-1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: slowhttptest from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | application layer Denial of Service attacks simulation tool | https://github.com/shekyan/slowhttptest
- pacman - slowhttptest - 1.9.0-2: normalized package name match | Arch Linux sync databases: slowhttptest from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Highly configurable tool that simulates some Application Layer Denial of Service (DoS) attacks | https://github.com/shekyan/slowhttptest
- MacPorts - slowhttptest: normalized package name match | MacPorts ports tree: www/slowhttptest/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [openssl@4](https://www.automicvault.com/pkg/brew/openssl-4/) - Runtime dependency declared by Homebrew.
- [afl++](https://www.automicvault.com/pkg/brew/afl/) - Shares av.db curated category or tags: cli, security, security-testing, testing.
- [echidna](https://www.automicvault.com/pkg/brew/echidna/) - Shares av.db curated category or tags: cli, security, security-testing, testing.
- [wuppiefuzz](https://www.automicvault.com/pkg/brew/wuppiefuzz/) - Shares av.db curated category or tags: cli, security, security-testing, testing.
- [jwt-hack](https://www.automicvault.com/pkg/brew/jwt-hack/) - Shares av.db curated category or tags: cli, security, testing.
- [legba](https://www.automicvault.com/pkg/brew/legba/) - Shares av.db curated category or tags: cli, security, testing.
- [sqlmap](https://www.automicvault.com/pkg/brew/sqlmap/) - Shares av.db curated category or tags: cli, security, testing.
- [arjun](https://www.automicvault.com/pkg/brew/arjun/) - Shares av.db curated category or tags: cli, http, security.
- [dnsgen](https://www.automicvault.com/pkg/brew/dnsgen/) - Shares av.db curated category or tags: cli, security, security-testing.
- [easy-rsa](https://www.automicvault.com/pkg/brew/easy-rsa/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, openssl, openssl-4, security.

## Combined YAML source

View the package source record on GitHub. [combined/slowhttptest.yml](https://github.com/automic-vault/db/blob/main/combined/slowhttptest.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
