Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Failed to load latest commit information.
=== DESCRIPTION === DotDotPwn - The Directory Traversal Fuzzer It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under OS X, *NIX or Windows platforms. It's the first Mexican tool included in BackTrack Linux (BT4 R2). Fuzzing modules supported in this version: - HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT === REQUIREMENTS === - Perl (http://www.perl.org) Programmed and tested on Perl 5.8.8 and 5.10 - Nmap (http://www.nmap.org) Only if you plan to use the OS detection feature (needs root priviledges) Perl modules: - Net::FTP - TFTP (only required if fuzzing TFTP) - Time::HiRes - Socket - IO::Socket - Getopt::Std You can easily install the missing modules doing the following as root: # perl -MCPAN -e "install <MODULE_NAME>" or # cpan cpan> install <MODULE_NAME> === EXAMPLES === Read EXAMPLES.txt === CONTACT === Official Website: http://dotdotpwn.sectester.net Official Email: email@example.com Bugs / Contributions / Improvements: firstname.lastname@example.org === AUTHORS === Christian Navarrete aka chr1x Alejandro Hernandez H. aka nitr0us http://twitter.com/chr1x http://twitter.com/nitr0usmx email@example.com firstname.lastname@example.org http://www.brainoverflow.org CubilFelino Security Research Lab Chatsubo [(in)Security Dark] Labs http://chr1x.sectester.net http://chatsubo-labs.blogspot.com === CHANGE HISTORY === Read CHANGELOG.txt === LICENSE === DotDotPwn - The Directory Traversal Fuzzer Copyright (C) 2012 Christian Navarrete and Alejandro Hernandez H. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>