pentest-race-conditions
Installation
SKILL.md
Pentest Race Conditions
Purpose
Exploit applications that fail to handle concurrent requests atomically — enabling double-spend, limit bypass, privilege escalation through parallel requests. Absent from standard WSTG categories but critical in real-world assessments.
Prerequisites
Authorization Requirements
- Written authorization with explicit scope for concurrency testing
- Test accounts with balances, quotas, or limited-use resources
- Rollback plan for financial or state-mutating operations
- Rate limit awareness — confirm acceptable burst volume with target owner
Environment Setup
- Burp Suite Professional with Turbo Intruder extension
- Python 3.x with asyncio/aiohttp for parallel request scripting
- GNU parallel or xargs for shell-based concurrency
- Multiple authenticated sessions (separate cookies/tokens)