0009551: Nexus-Race - Kali Linux Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0009551	Kali Linux	New Tool Requests	public	2026-02-15 22:13	2026-02-16 08:44

Reporter	Adham Sabry	Assigned To	daniruiz
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	no change required

Summary	0009551: Nexus-Race
Description	Purpose: To automate the exploitation of race conditions with microsecond accuracy. The Problem with Current Tools Most currently available tools (such as Intruder in Burp Suite) rely on sending sequential requests across separate threads. This approach suffers from network jitter, where requests arrive at the server with time gaps, thus keeping the race window closed to the attacker. Solution: Last-Byte Synchronization The Nexus-Race tool doesn't rely on transmission speed, but rather on arrival timing. It employs a sophisticated offensive strategy: HTTP/2 Multiplexing: Instead of opening 50 TCP connections (causing unnecessary strain and handshake delays), it uses a single connection to send dozens of streams. The Last-Byte Technique: We send the complete data of all requests and store the last byte of each request in the program's cache. Single-Packet Trigger: Once all streams are ready, the tool sends a single pulsed packet containing the missing bits for all requests. This ensures that the server's kernel will pass all requests to the application layer at the exact same moment. Software Architecture Go was chosen to build the tool for the following reasons: Low-level Network Control: Go gives us complete control over TCP sockets and buffers. Concurrency (Goroutines): The ability to manage thousands of concurrent requests with minimal RAM consumption. Static Binary: The tool will be a single executable file, simplifying packaging for Debian and Kali Linux. Killer Features Smart Diffing Engine: An analysis engine that compares response length, response time, and status codes to automatically detect anomalies. Zero-Jitter Algorithm: An algorithm to calibrate network delays before initiating an attack to ensure the highest synchronization accuracy. Extensible Templates: Support for YAML files to define targeted endpoints (such as balance withdrawals, voting, password changes) Killer Features Smart Diffing Engine: An analysis engine that compares response length, response time, and status codes to automatically detect anomalies. Zero-Jitter Algorithm: An algorithm that calibrates network delays before initiating an attack to ensure the highest synchronization accuracy. Extensible Templates: Support for YAML files to define targeted endpoints (e.g., balance withdrawals, voting, password changes).

kali-bugreport 2026-02-16 07:14 reporter ~0021334	Kali team seems providing guidance/requirement to use a given template for requesting new tools here: https://www.kali.org/docs/tools/submitting-tools/

kali-bugreport 2026-02-16 07:17 reporter ~0021338	Is this really a valid request, looks more like a spam-like posting similar to others of the same user...

daniruiz 2026-02-16 08:44 manager ~0021347	Thank you for your interest in Kali but this bug report is not actionable. Please read https://www.kali.org/docs/community/submitting-issues-kali-bug-tracker/ first. We are a small team and we expect you to provide a much more detailed bug report. Once you have done the necessary research (possibly with the help of the community on https://forums.kali.org/, or on the Discord chat at https://discord.kali.org/, or on IRC #kali-linux on irc.oftc.net), feel free to re-open this bug with more information or to open a new report.

Date Modified	Username	Field	Change
2026-02-15 22:13	Adham Sabry	New Issue
2026-02-16 07:14	kali-bugreport	Note Added: 0021334
2026-02-16 07:17	kali-bugreport	Note Added: 0021338
2026-02-16 08:44	daniruiz	Note Added: 0021347
2026-02-16 08:44	daniruiz	Assigned To	=> daniruiz
2026-02-16 08:44	daniruiz	Status	new => closed
2026-02-16 08:44	daniruiz	Resolution	open => no change required