I think unless you want to send some money to a shady self-proclaimed hacker, you’d just go with a regular computer security company. They can do it and they’ll have people who know what to look for. You can’t do red-teaming without any of the background knowledge, it’s a proper job and takes lots of experience to get meaningful results. And before you yourself launch a large DDoS attack on “your” rented virtual server, contact your hoster and give them a heads-up, since that’s really their servers, their datacenter and netwoking infrastructure which might get affected.

If it’s a smaller website and not super critical, you might be fine hiring some single freelancer who know what they’re doing as well…

(And other than that… I’d just rent 10 AWS instances from Amazon, or the equivalent from Microsoft or any of the cloud providers. For all intents and purposes, that’s your proper botnet with a lot of bandwidth. But please don’t do this for nefarious purposes.)