timing_attack Logo

timing_attack

0
Free
Visit Website

Profile web applications, sorting inputs into two categories based on discrepancies in the application's response time. This tool can be used to test and develop known-vulnerable applications. Installation: gem install timing_attack. Usage: timing_attack [options] -u <target> <inputs> -u, --url URL URL of endpoint to profile. 'INPUT' will be replaced with the attack string. -n, --number NUM Requests per input (default: 50). -c, --concurrency NUM Number of concurrent requests (default: 15). -t, --threshold NUM Minimum threshold, in seconds, for meaningfulness (default: 0.025). -p, --post Use POST, not GET. -q, --quiet Quiet mode (don't display progress bars). -b, --brute-force Brute force mode. -i, --inputs-file FILE Read inputs from specified file, one per line. --parameters STR JSON hash of URL parameters. 'INPUT' will be replaced with the attack string. --parameters-file FILE Name of file containing parameters as with --parameters. --headers STR JSON hash of headers. 'INPUT' will be replaced with the attack string. --headers-file FILE Name of file containing headers as with --headers. --body STR JSON hash of parameters to be included in the request body. 'INPUT'

FEATURES

ALTERNATIVES

Search engine for open-source Git repositories with advanced features like case sensitivity and regular expressions.

A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.

A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.

A CSP plugin for hapi with per-route configuration options.

A honeypot trap for Symfony2 forms to reduce spam submissions.

A free book providing design and implementation guidelines for writing secure programs in various languages.

Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.

A tool for identifying and extracting parameters from HTTP requests and responses

PINNED