timing-attack-recon

Official

Uncover hidden web attack surfaces via timing analysis.

Authordreadnode
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Traditional web fuzzing often misses hidden backend parameters, internal routing headers, and scoped SSRF vulnerabilities because all responses return uniform bodies, but server-side processing delays reveal these invisible attack surfaces.

Core Features & Use Cases

  • Hidden Parameter Discovery: Identifies unexposed backend parameters that trigger server-side logic (like database queries or debug modes) without altering response content.
  • Header Abuse Detection: Finds headers such as X-Forwarded-For that modify proxy routing or access control, enabling bypasses of IP-based restrictions.
  • Scoped SSRF Enumeration: Detects proxy endpoints that route to internal services by comparing response times for external domains versus internal IPs and subdomains.
  • Use Case: A red teamer testing a public API that returns 200 OK for all inputs can use this skill to find hidden admin endpoints or internal SSRF vectors that manual testing and body-based fuzzing would miss.

Quick Start

Use the timing-attack-recon skill to discover hidden parameters and scoped SSRF vectors on the target web application at https://target.com.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: timing-attack-recon
Download link: https://github.com/dreadnode/capabilities/archive/main.zip#timing-attack-recon

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.