Skip to content

wireghoul/dotdotpwn

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 1 tag
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
DotDotPwn
Payload for detecting traversal in nodejs 8.5.0 added
September 28, 2022 12:51
Reports
Cludge to woork around git not allowing empty directories in order to f…
July 12, 2016 19:33
AUTHORS.txt
Change http-uri in http-url
July 30, 2013 13:39
CHANGELOG.txt
Setting version to 3.0.2
November 9, 2016 13:00
EXAMPLES.txt
Import of dotdotpwon v3.0 release
February 10, 2012 12:29
LICENSE.txt
Import of dotdotpwon v3.0 release
February 10, 2012 12:29
README.md
docs: fix typo
September 9, 2019 20:22
TODO.txt
Documentation update and credits for SSL implementation
February 4, 2013 23:37
dotdotpwn.pl
Setting version to 3.0.2
November 9, 2016 13:00
payload_sample_1.txt
Import of dotdotpwon v3.0 release
February 10, 2012 12:29
payload_sample_2.txt
Import of dotdotpwon v3.0 release
February 10, 2012 12:29
DESCRIPTION REQUIREMENTS EXAMPLES CONTACT AUTHORS CHANGE HISTORY LICENSE

README.md

DESCRIPTION

DotDotPwn - The Directory Traversal Fuzzer

It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc.

Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

It's written in perl programming language and can be run either under OS X, *NIX or Windows platforms. It's the first Mexican tool included in BackTrack Linux (BT4 R2).

Fuzzing modules supported in this version:

  • HTTP
  • HTTP URL
  • FTP
  • TFTP
  • Payload (Protocol independent)
  • STDOUT

REQUIREMENTS

Perl modules:

  • Net::FTP
  • TFTP (only required if fuzzing TFTP)
  • Time::HiRes
  • Socket
  • IO::Socket
  • Getopt::Std

You can easily install the missing modules doing the following as root:

# perl -MCPAN -e "install <MODULE_NAME>"

or

# cpan 
cpan> install <MODULE_NAME>

EXAMPLES

Read EXAMPLES.txt

CONTACT

Official Website: http://dotdotpwn.sectester.net Official Email: dotdotpwn@sectester.net Bugs / Contributions / Improvements: dotdotpwn@sectester.net

AUTHORS

 Christian Navarrete aka chr1x         Alejandro Hernandez H. aka nitr0us
   http://twitter.com/chr1x              http://twitter.com/nitr0usmx
      chr1x@sectester.net                  nitrousenador@gmail.com
                                         http://www.brainoverflow.org

 CubilFelino Security Research Lab     Chatsubo [(in)Security Dark] Labs
   http://chr1x.sectester.net          http://chatsubo-labs.blogspot.com

CHANGE HISTORY

Read CHANGELOG.txt

LICENSE

DotDotPwn - The Directory Traversal Fuzzer
Copyright (C) 2012 Christian Navarrete and Alejandro Hernandez H.

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>

About

DotDotPwn - The Directory Traversal Fuzzer

dotdotpwn.blogspot.com/

Topics

security perl traversal penetration-testing fuzzer

Resources

Readme

License

GPL-3.0 license
Activity

Stars

905 stars

Watchers

36 watching

Forks

183 forks
Report repository

Releases 1

DotDotPwn v3.0.2 Latest
Nov 9, 2016

Packages

No packages published

Contributors 5

Languages