pip install ptuploader
If you're unable to invoke the script from your terminal, it's likely because it's not included in your PATH. You can resolve this issue by executing the following commands, depending on the shell you're using:
For Bash Users
echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrcFor ZSH Users
echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.zshrc
source ~/.zshrcPTUPLOADER -u http://example.com/upload.php -r requestfile.txt -P file -s http://www.example.com/uploads/ -ts EXT
-v --version Show script version and exit
-h --help Show this help message and exit
-j --json Output in JSON format
-vv --verbose Enable verbose mode
-ua --user-agent <user-agent> Set User-Agent header
-c --cookie <cookie> Set Cookie(s)
-t --threads <threads> Set thread count (default: 10)
-H --headers <header:value> Set custom header(s)
-p --proxy <proxy> Set Proxy
-u --url <url> Target upload URL
-f --file <filename> File to upload
-sz --size <size> Size of uploaded file
-n --number <number> Number of uploaded files
-e --extensions <extensions> Extensions of uploaded files
-l --language <language> Target language (PHP, ASP, JSP, NET, PY, JS)
-r --request <request> Raw request file or base64 request (headers included)
-d --data <data> Custom request data
-P --parameter <parameter> Parameter to test (e.g. file, upload, POST param)
-s --storage <url_to_dir> URL to uploaded files directory
-sy --string-yes <string> Required string in response for success
-sn --string-no <string> Forbidden string in response for success
-ts --tests <test> Select test type:
ANTIVIR Detect antivirus presence
MAXSIZE Max file size limit
COUNT Max file count limit
EXT Allowed extensions (+ execution test)
CHARS Allowed filename characters
EXEC Execution bypass techniques
ADS Alternate Data Streams
TRAVERSAL Path traversal vulnerability
CONTENT File content validation
CT Content-Type validation
XXE XXE vulnerability
ZIPBOMB Zip bomb vulnerability
ptlibs
None at this moment.
Copyright (c) 2025 Penterep Security s.r.o.
ptuploader is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
ptuploader is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with ptuploader. If not, see https://www.gnu.org/licenses/.
You are only allowed to run the tool against the websites which you have been given permission to pentest. We do not accept any responsibility for any damage/harm that this application causes to your computer, or your network. Penterep is not responsible for any illegal or malicious use of this code. Be Ethical!
