View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003879||Kali Linux||Queued Tool Addition||public||2017-02-14 04:13||2020-12-01 11:13|
|Priority||normal||Severity||minor||Reproducibility||have not tried|
|Summary||0003879: timing_attack - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in|
I just released 0.5.3, which relaxes the version constraints of timing_attack to be compatible with a current Kali install. 0.5.3 builds fine for me on my Kali VM with gem2deb and installs, runs, etc as expected. I'm happy to maintain the package as part of the release process on timing_attack - just point me at the documentation for PRs, your workflow, etc.
timing_attack itself is a gem that I built to enumerate timing vulnerabilities in web applications. It's been used for Real Work, though it's not the sort of thing that's going to have interesting whitepapers written about it. My main goal in writing it was being able to quickly test whether a couple known vulnerabilities had been fixed, so ease-of-use was paramount. I think it'd be a good addition to Kali, especially since its only two runtime dependencies are already included. Its brute-force mode isn't all that useful unless the app is doing some really weird hashing (it of course doesn't have resolution down to the handful of nanoseconds required), but enumeration mode works great for e.g. telling if entries exist in the application's database.
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
@kali-team, please could this be packaged up.
|2017-02-14 04:13||fsf||New Issue|
|2018-01-29 10:33||g0tmi1k||Summary||I'd like to include the timing_attack gem in Kali => timing_attack gem in Kali|
|2018-01-29 15:15||g0tmi1k||Note Added: 0008489|
|2018-02-17 17:36||fsf||Note Added: 0008691|
|2019-12-09 13:30||g0tmi1k||Severity||tweak => feature|
|2020-03-30 14:36||g0tmi1k||Note Added: 0012564|
|2020-03-30 14:36||g0tmi1k||Status||new => acknowledged|
|2020-03-30 14:36||g0tmi1k||Category||New Tool Requests => Queued Tool Addition|
|2020-03-30 14:36||g0tmi1k||Summary||timing_attack gem in Kali => timing_attack|
|2020-06-17 14:58||g0tmi1k||Severity||feature => minor|
|2020-12-01 11:13||g0tmi1k||Summary||timing_attack => timing_attack - Profiles web application endpoints and sorts according to response time to reveal timing differences and aid in|