Docker-based network traffic generation, security validation, and performance testing tool with a web UI. Designed for NGFW PoCs, SD-WAN demos, and network testing. Two containers — client and server — deploy in minutes.
Server VM:
docker run -d --name vortex-server \
-p 80:80 -p 443:443 \
-p 5201:5201 -p 5201:5201/udp \
-p 5202:5202 -p 5202:5202/udp \
-p 5203:5203 -p 5203:5203/udp \
-p 9999:9999 -p 53:53/udp \
-p 21:21 -p 21100-21110:21100-21110 \
-p 2222:2222 \
-p 8082:8082 -p 8443:8443 \
--restart unless-stopped \
ajaymare/vortex-server:latestClient VM:
docker run -d --name vortex-client \
--cap-add NET_ADMIN --cap-add NET_RAW \
-p 8080:8080 -p 8443:8443 \
-e SERVER_HOST=<server-vm-ip> \
--restart unless-stopped \
ajaymare/vortex-client:latestAccess:
- Client dashboard:
https://<client-ip>:8443orhttp://<client-ip>:8080 - Server dashboard:
https://<server-ip>:8443orhttp://<server-ip>:8082
Separate VMs:
# Server VM
docker compose -f docker-compose.server.yml up -d
# Client VM
SERVER_HOST=<server-ip> docker compose -f docker-compose.client.yml up -dSame host (local testing):
docker compose up -d- Client:
https://localhost:8443orhttp://localhost:8080 - Server:
https://localhost:18443orhttp://localhost:8082
| Protocol | Tool | Description |
|---|---|---|
| HTTPS | ab / requests / Playwright | High-CPS mode (default), standard requests, or browser mode with HTTP/2 support |
| HTTP (Plain) | ab / requests / Playwright | High-CPS mode (default) on port 9999, standard requests, or browser mode |
| UDP | Python sockets | Raw UDP datagram generator with PPS control, DSCP, and ramping |
| iperf3 | iperf3 CLI | TCP/UDP bandwidth testing with parallel streams and reverse mode |
| hping3 | hping3 CLI | ICMP, TCP SYN/ACK/FIN, UDP, Traceroute with flood mode |
| DNS | dig | DNS queries to configurable domains via built-in DNS server |
| FTP | ftplib | Continuous file download/upload with progress logging |
| SSH | paramiko | Repeated command execution over SSH |
| External HTTPS | requests / Playwright | Multi-URL round-robin to external sites |
- Connections-per-second testing using Apache Bench (
ab) for HTTP and HTTPS - New TCP connection per request (no keepalive) — measures real connection setup rate
- Ramping: Gradually increase CPS from start value to target in configurable steps
- Per-chunk stats every 5 seconds: CPS, avg latency, P99 latency, request count, errors
- Configurable concurrency (parallel workers)
- Raw Python UDP sockets with precise PPS (packets-per-second) rate control
- Per-second logging: PPS, Mbps, total packets, errors
- DSCP marking, configurable packet size
- Ramping support: step-based PPS increase over time
- 30+ attack simulations across 6 categories:
- Web Attacks: SQLi, XSS, Command Injection, Path Traversal, Log4Shell, XXE, SSRF, and more
- Malware/Threats: EICAR download (HTTP/HTTPS/ZIP), C2 callback, malicious User-Agent
- URL Filtering: PAN-DB category test URLs (malware, phishing, hacking, proxy)
- DNS Attacks: DNS tunneling, DGA detection, DNS rebinding
- Protocol Abuse: SSH brute force, FTP bounce, HTTP smuggling, Slowloris
- File-Based Threats: PDF with JS, Office macros, PE executable download
- Automated pass/fail verdicts based on connection resets, block pages, and response analysis
- Edit any test (built-in or custom), add custom attack patterns
- See Security Testing Guide for details
- Real browser traffic using Chromium, Firefox, or WebKit (all pre-installed)
- Authentic TLS fingerprints and L7 headers
- Available on HTTPS, HTTP Plain, and External HTTPS cards
- Browser rotation: specific engine or random per burst cycle
- Per-protocol traceroute (TCP/UDP) showing SD-WAN path differences
- vis.js network graph with animated traffic flow, latency labels, and router health status
- Enterprise SVG icons: client, server, router, hops, timeout markers
- Connect to Linux routers via SSH — apply tc/netem impairment on real interfaces
- Three modes: Healthy, Impaired (latency/jitter/loss/bandwidth), Link Down
- Presets: Degraded WAN (300ms/5%), Voice SLA (200ms/2%), Video SLA (150ms/3%)
- Multiple routers, independent control per router
- Server dashboard (
http://<server>:8082) manages multiple client instances - Add clients by name + URL — each gets a full control tab
- All API calls proxied through server for centralized management
- Duration control (default 15 min), rate control (PPS), burst mode
- Up to 20 parallel flows per protocol
- DSCP marking on all protocols (EF, AF, CS classes)
- Random data sizes, select-all / bulk start-stop
- Global HTTP/SOCKS5 proxy with optional auth
- Per-protocol override: Global, On, Off, or Custom
- Works with all modes including Playwright browser mode
- Simulate multiple clients using IP aliases on a single container
- Socket-level binding for authentic multi-client traffic
- Requires
NET_ADMINcapability
| Port | Service |
|---|---|
| 80 | HTTP (nginx) |
| 443 | HTTPS (self-signed cert, HTTP/2) |
| 5201-5203 | iperf3 (3 instances) |
| 9999 | HTTP echo server + security test endpoints |
| 53 | DNS server |
| 21 | FTP (passive: 21100-21110) |
| 2222 | SSH |
| 8082 | Server Dashboard |
| 8443 | Dashboard HTTPS |
- SSH:
testuser/testpass - FTP:
anonymous(no password) orftpuser/ftppass
Pre-built images (linux/amd64) on Docker Hub:
ajaymare/vortex-client:latestajaymare/vortex-server:latest
docker stop vortex-client vortex-server
docker rm vortex-client vortex-server