Skip to content

MatheusBrunheroto/gorace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
display
display
 
 
input
input
 
 
request
request
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
lista.txt
lista.txt
 
 
main.go
main.go
 
 

Repository files navigation

gorace

Web race condition testing tool written in Go NOT FINISHED YET

Works like ffuf, but instead of instantly activating a request, makes a queue that fire all the requests at the same time

Installation

Go Installer

go install NOT WORKING YET

AUR package

yay -S NOT WORKING YET

Manual (Building)

git clone https://github.com/MatheusBrunheroto/gorace.git
cd gorace
chmod +x install.sh
./install.sh
NOT WORKING

Usage

Usage Example:

gorace -u 'https://website.com' -H '{h1_key:h1_value, h2_key:WORDLIST1}' -c {WORDLIST2:WORDLIST3} -t 50

Manual Page

GORACE(1)

NAME
    gorace — tool for testing web race conditions through concurrent HTTP requests

SYNOPSIS
    gorace [OPTIONS]

DESCRIPTION
    gorace is a command-line tool designed to test for race conditions in web applications.
    It sends multiple concurrent HTTP requests to a target endpoint in order to detect timing vulnerabilities that occur when requests are processed simultaneously.

    The tool allows the user to configure HTTP methods, headers, cookies, request bodies, and the number of concurrent workers.
    All workers are synchronized so that requests are released at the same time, increasing the likelihood of triggering race conditions.

OPTIONS
    -U, --url URL
        Target URL.

    -X, --method METHOD
        HTTP method to use (GET, POST, PUT, PATCH, DELETE).

    -d, --data DATA
        Request body data.

    -H, --header HEADER
        Custom HTTP header. Can be used multiple times.

    -C, --cookie COOKIE
        Cookie to include in the request.

    -t, --threads NUMBER
        Number of concurrent workers.

    -w, --wordlist FILE
        Wordlist used to generate multiple requests.

    -i, --interactive
        Interactive mode for entering request parameters.

    -h, --help
        Display help information.

EXAMPLES
    Send 100 concurrent POST requests:

        gorace -U https://target.com/redeem -X POST -d "coupon=FREE100" -t 100

    Send requests with custom headers and cookies:

        gorace -U https://target.com/api -X POST -d "id=1" \
        -H "Authorization: Bearer TOKEN" \
        -C "session=abcd123"

EXIT STATUS
    0
        Successful execution.

    1
        Execution error.

SEE ALSO
    curl(1), ffuf(1), nmap(1)

AUTHOR
    Matheus Brunheroto

COPYRIGHT
    MIT License

Inspiration

This repository was created to explore the Race Condition challenges from PortSwigger Academy while learning Go. The CLI was inspired by one of the most powerful fuzzing tools available, FFUF.

About

CLI web race condition testing tool written in Go

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages