Skip to main content

Tool for synchronized multi-request race-condition checks

Project description

penterepTools

ptmultirequest — Race Condition Tester

ptmultirequest sends two or more identical HTTP requests at the exact same moment to help identify race condition vulnerabilities.

Use cases

  • Can a user make two payments simultaneously when balance allows only one?
  • Can two accounts be registered with the same login at the exact same time?

How it works

All requests are dispatched in parallel threads synchronized by a barrier — every thread waits until all are ready, then fires at once.

Responses are compared across all requests:

Field What is checked
Status code Are all responses the same HTTP status?
Response length Does content length differ between responses?
Page title Does the HTML <title> differ?
Keywords Are error, warning, notice, or sql present in any response?

Any difference may indicate a race condition — manual review is always recommended.

Installation

pip install ptmultirequest

Usage

ptmultirequest -u https://example.com/pay -c 2
ptmultirequest -u https://example.com/register -d "login=admin" -c 2
ptmultirequest --request-file ./request.txt -c 5

Options

Flag Description
-u, --url <url> Target URL
-d, --data <post-data> POST body (switches method to POST)
--request-file <file|base64> Raw HTTP request from file or base64
-c, --count <n> Number of synchronized requests (default: 2)
-p, --proxy <proxy> Proxy URL (e.g. http://127.0.0.1:8080)
-T, --timeout <seconds> Request timeout (default: 10)
--cookie <cookie> Cookie header
-a, --user-agent <agent> User-Agent header
-H, --headers <header:value> Additional custom headers
-r, --redirects Follow redirects
-j, --json Output results as JSON
-v, --version Show version
-h, --help Show help

Dependencies

License

Copyright (c) 2026 Penterep Security s.r.o.

ptmultirequest is free software licensed under the GNU General Public License v3.0 or later.

Legal notice

Only run this tool against targets you are explicitly authorized to test. Penterep bears no responsibility for unauthorized or malicious use. Be ethical.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ptmultirequest-0.0.1.tar.gz (19.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ptmultirequest-0.0.1-py3-none-any.whl (20.2 kB view details)

Uploaded Python 3

File details

Details for the file ptmultirequest-0.0.1.tar.gz.

File metadata

  • Download URL: ptmultirequest-0.0.1.tar.gz
  • Upload date:
  • Size: 19.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptmultirequest-0.0.1.tar.gz
Algorithm Hash digest
SHA256 7657777f4cf81e1028c124a68774bbdc290cc508ac3362148ced0954234e4d7b
MD5 2866818d350647a5d18fd0d6911add53
BLAKE2b-256 df7dbdf23aa39cae5659b154df3c5e6954303bbc5bd3a1ed8b76ab588646f3ba

See more details on using hashes here.

File details

Details for the file ptmultirequest-0.0.1-py3-none-any.whl.

File metadata

  • Download URL: ptmultirequest-0.0.1-py3-none-any.whl
  • Upload date:
  • Size: 20.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptmultirequest-0.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 f92bb189de7fcf4b97d00b1930a5f2cccbddec660ff6a0182f8240c4b6caf23d
MD5 6d5f784718ffcb6f69177038719d0c52
BLAKE2b-256 60a778a78c543cb73eb1bb995f3081fda2e79272c9e3399f53ef458b94825862

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page