I think unless you want to send some money to a shady self-proclaimed hacker, you’d just go with a regular computer security company. They can do it and they’ll have people who know what to look for. You can’t do red-teaming without any of the background knowledge, it’s a proper job and takes lots of experience to get meaningful results. And before you yourself launch a large DDoS attack on “your” rented virtual server, contact your hoster and give them a heads-up, since that’s really their servers, their datacenter and netwoking infrastructure which might get affected.

If it’s a smaller website and not super critical, you might be fine hiring some single freelancer who know what they’re doing as well…

(And other than that… I’d just rent 10 AWS instances from Amazon, or the equivalent from Microsoft or any of the cloud providers. For all intents and purposes, that’s your proper botnet with a lot of bandwidth. But please don’t do this for nefarious purposes.)

I’d double check that it’s legal.

Also you’re giving money to people who usually does not do legal things.

if you have the skill set to run the tools you’ll need to run in order to perform this type of test I would advise just renting a bunch of low-cost VPS systems and configuring them as needed. You can rent computers monthly for just a couple of dollars on things like digitalocean or ovh or something like that and as long as you’re targeting your own stuff I mean you’re not going to call the cops on yourself so nothing to worry about. you can probably even just do it with something like AWS and you know just scale up and down as needed and it’ll be a lot more cost effective that way too.

I’d hire a cyber security firm. Most firms can test how your website handles under specific kinds of stress like ddos or malicious webscrapers. They can also advice you on the axtuak risks and how to mitigate them.

In cybersecurity, this is called red-hat or red-team work. Maybe the search terms will help you find what you need.

I don’t believe this is illegal as I’m targeting myself for education.

Difficult to know, and ofc depends a lot where you are. Better ask a lawyer.

Whitehat hacking is a common service that’s offered that you might be interested in. They’ll find every security hole and weakness and then give you a report on recommendations

Probably you will find offers in the darknet.

If you ask this kind of questions I recommend you to look up github and launch any ddos software you find there, if you host it at home your home router will 99% shut down if you don’t have rack router with ddos protection. If you shut down remote server router because you host in shitty provider that’s illegal. Anyways it’s stupid.

OP, you’re looking for something called “Bot as a Service”. There are more and more companies that cater to those needing a bot infrastructure. Bright data, ScrapingBee, ZenRows, and Apify are some of the more common services I typically work against that offer what you’re looking for.

*Edit: If you’re just looking for performance testing, you can use services like Loadster.

Couldn’t you simply rent a single server with like twice the bandwidth of your existing server? Unless you want to test automatic banning of IP addresses or something, having it spam your website with requests should have the exact same effect as using a botnet.

I don’t think you can rent botnets with some ready to use software to simulate web scraping or generate fake comments. You’d probably have to write that yourself anyway.