{"id":16932051,"url":"https://github.com/cldrn/davtest","last_synced_at":"2025-07-10T09:33:36.343Z","repository":{"id":31408688,"uuid":"34971988","full_name":"cldrn/davtest","owner":"cldrn","description":"davtest (improved)- Exploits WebDAV folders","archived":false,"fork":false,"pushed_at":"2023-03-07T13:02:41.000Z","size":31,"stargazers_count":108,"open_issues_count":3,"forks_count":38,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-16T09:42:14.047Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cldrn.png","metadata":{"files":{"readme":"README.txt","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2015-05-03T03:10:26.000Z","updated_at":"2025-03-11T04:20:05.000Z","dependencies_parsed_at":"2022-09-08T21:00:42.655Z","dependency_job_id":"6cdc0907-90c3-4d3b-bd7d-3b416a17842f","html_url":"https://github.com/cldrn/davtest","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cldrn%2Fdavtest","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cldrn%2Fdavtest/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cldrn%2Fdavtest/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cldrn%2Fdavtest/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cldrn","download_url":"https://codeload.github.com/cldrn/davtest/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243992443,"owners_count":20380201,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T20:45:26.717Z","updated_at":"2025-03-17T07:32:07.866Z","avatar_url":"https://github.com/cldrn.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"#############################################################\nCopyright 2015 Websec, SC.\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program.  If not, see \u003chttp://www.gnu.org/licenses/\u003e.\n\nAuthor (1.0): Chris Sullo / csullo [at] sunera . com\nAuthor (1.1): Paulino Calderon / calderon [at] websec . mx\nAuthor (1.2): RewardOne\n\n#############################################################\nAbout\n\nThis program attempts to exploit WebDAV enabled servers by:\n- attempting to create a new directory (MKCOL)\n- attempting to put test files of various programming langauges (PUT)\n- optionally attempt to put files with .txt extension, then move to executable (MOVE)\n- optionally attempt to put files with .txt extension, then copy to executable (COPY)\n- check if files executed or were uploaded properly\n- optionally upload a backdoor/shell file for languages which execute\n\nAdditionally, this can be used to put an arbitrary file to remote systems.\n\n#############################################################\nRequirements\n\nThe following PERL modules are required from cpan.org:\n\tHTTP::DAV\n\tGetopt::Long\n\n#############################################################\nOptions\n\ndavtest.pl -url url [options]\n -auth+         Authorization like user:password. Supports Basic and Digest only, no NTLM (yet).\n -realm+        Authorization realm\n -cleanup       Delete everything uploaded except backdoor/shell files\n -directory+    Postfix of directory to create. This is always prefixed by 'DavTestDir_' and if not specified\n                is set to a random string.\n -debug+        HTTP::DAV debug level 1-3. Levels 2 and 3 log request/responses to /tmp/perldav_debug.txt.\n -move          PUT files as .txt and then try to MOVE them to the executable file extension\n -copy          PUT files as .txt and then try to COPY them to the executable file extension\n -nocreate      Don't create a directory, work at the -url level.\n -quiet         Only print out summary and serious (usually fatal) errors.\n -random name+  Use this string instead of a random string for filenames.\n -sendbd+       Send backdoor files (from backdoors/ directory). See each script's source for how to use it, if\n                it's not immediately obvious.\n                        auto - for any succeeded test\n                        ext - extension matching file name(s) in backdoors/ dir\n -uploadfile+   Upload this file to to the server. This option requires -uploadloc to specify the remote location.\n -uploadloc+    Upload -uploadfile to this location/name. This option requires -uploadfile.\n -url+          Url of the DAV location.\n\n#############################################################\nTest Files\n\nTests are used to determine if the server can execute a certain type of code. Each test may have a \ncorresponding backdoor file, but backdoor files *must* have a corresponding test to determine if \nthat file type can execute on the server. It is recommended a simple/basic operation for each language\nis used--by default, the supplied tests use mathematical calculations, if possible.\n\nTest files are located in the 'test/' directory. Files must be named according to\nthe type of program file they will become on the server. For example, a file named 'php.txt'\nwill be put to the server with a .php extension. \n\nEach file must have two lines, 'content' and 'execmatch'--the body put to the server and regex to \nmatch to see if it executed. For example, the php.txt contents are:\n\tcontent=\u003c?php print 7.8 * 6.4;?\u003e\n\texecmatch=49.92\n\nAdditionally, the token $$FILENAME$$ will be replaced (with the PUT file's name) in the content before\nit sent to the server. Embedded newlines (\\n) will be converted to actual newlines (to accommodate PERL).\n\n#############################################################\nBackdoor files\n\nBackdoor files are located in the 'backdoors/' directory. They must have the match extension for the type \nthey will be uploaded for. For example, a php backdoor must have a '.php' extension.\n\nA backdoor file can contain any code you desire, and multiple backdoor files may be used for a file type. \nIf multiple files exist for a type, each will be uploaded when appropriate.\n\nA backdoor type (e.g., php) *must* have a corresponding type in the 'tests/' directory, otherwise it will \nnever be tested/uploaded.\n\n#############################################################\nExamples\n\nExample: Test file uploads at this location url:\n\t\tdavtest.pl -url http://localhost/davdir\n\nExample: Test file uploads at this location url and send backdoors for any that succeed:\n\t\tdavtest.pl -url http://localhost/davdir -sendbd auto\n\nExample: Upload a file using authentication, send the perl_cmd.pl backdoor and call it perl.pl on the server:\n\t\tdavtest.pl -url http://localhost/davdir -auth user:pass -uploadfile backdoors/perl_cmd.pl -uploadloc perl.pl\n\n#############################################################\nTODO:\n\t- NTLM authentication\n\t- Backdoors for more languages \n\t- Validate jhtml test syntax\n\t- Add auth for COPY/MOVE uploads/backdoors\n\n#############################################################\nCHANGELOG\n\n1.1 - Fixes auth and adds realm support\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcldrn%2Fdavtest","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcldrn%2Fdavtest","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcldrn%2Fdavtest/lists"}