Skip to content
Search for Directory Traversal Vulnerabilities
Branch: master
Clone or download
Latest commit 066fec9 Dec 10, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Create LICENSE Apr 4, 2018
README.md
dotdotslash.py Update dotdotslash.py Dec 7, 2018
match.py false positive fix Mar 10, 2018
poc1.png First Commit Feb 26, 2018
poc2.png update poc2 Feb 26, 2018
poc3.png Add files via upload Feb 27, 2018
requirements.txt Create requirements.txt Jun 1, 2018

README.md

dotdotslash

An tool to help you search for Directory Traversal Vulnerabilities

Benchmarks

Platforms that I tested to validate tool efficiency:

  • DVWA (low/medium/high)
  • bWAPP (low/medium/high)

Screenshots

Screenshot

Screenshot

Screenshot

Instalation

You can download the last version cloning this repository

git clone https://github.com/jcesarstef/dotdotslash/

This tool was made to work with Python3

Usage

> python3 dotdotslash.py --help
usage: dotdotslash.py [-h] --url URL --string STRING [--cookie COOKIE]
                      [--depth DEPTH] [--verbose]

dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.

optional arguments:
  -h, --help            show this help message and exit
  --url URL, -u URL     Url to attack.
  --string STRING, -s STRING
                        String in --url to attack. Ex: document.pdf
  --cookie COOKIE, -c COOKIE
                        Document cookie.
  --depth DEPTH, -d DEPTH
                        How deep we will go?
  --verbose, -v         Show requests

Example:

python3 dotdotslash.py \
--url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" \
--string "a.txt" \
--cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"

Let Me Know What You Think

You can’t perform that action at this time.