timing_attack Logo

timing_attack

0
Free
Visit Website

Profile web applications, sorting inputs into two categories based on discrepancies in the application's response time. This tool can be used to test and develop known-vulnerable applications. Installation: gem install timing_attack. Usage: timing_attack [options] -u <target> <inputs> -u, --url URL URL of endpoint to profile. 'INPUT' will be replaced with the attack string. -n, --number NUM Requests per input (default: 50). -c, --concurrency NUM Number of concurrent requests (default: 15). -t, --threshold NUM Minimum threshold, in seconds, for meaningfulness (default: 0.025). -p, --post Use POST, not GET. -q, --quiet Quiet mode (don't display progress bars). -b, --brute-force Brute force mode. -i, --inputs-file FILE Read inputs from specified file, one per line. --parameters STR JSON hash of URL parameters. 'INPUT' will be replaced with the attack string. --parameters-file FILE Name of file containing parameters as with --parameters. --headers STR JSON hash of headers. 'INPUT' will be replaced with the attack string. --headers-file FILE Name of file containing headers as with --headers. --body STR JSON hash of parameters to be included in the request body. 'INPUT'

FEATURES

ALTERNATIVES

Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.

A free book providing design and implementation guidelines for writing secure programs in various languages.

An open-source modern Dependency Walker for Windows developers.

CSRF crumb generation and validation tool for hapi framework.

Enhance your Android experience with the AMAaaS Agent APK for better performance and improved user experience.

Detect users' operating systems and perform redirection with Apache mod_rewrite.

Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.

A tool for brute-forcing GET and POST parameters to discover potential vulnerabilities in web applications.