Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/TheNittam/RPOscanner
Relative Path Overwrite Vulnerability Scanner
https://github.com/TheNittam/RPOscanner
Last synced: 21 days ago
JSON representation
Relative Path Overwrite Vulnerability Scanner
- Host: GitHub
- URL: https://github.com/TheNittam/RPOscanner
- Owner: TheNittam
- License: cc0-1.0
- Created: 2020-09-10T13:26:06.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2022-05-11T09:10:57.000Z (over 2 years ago)
- Last Synced: 2024-08-05T17:34:19.822Z (4 months ago)
- Language: Python
- Size: 56.6 KB
- Stars: 22
- Watchers: 2
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - TheNittam/RPOscanner - Relative Path Overwrite Vulnerability Scanner (Python)
README
# RPOscanner By [@TheNittam](https://twitter.com/TheNittam)
Relative Path Overwrite Vulnerability Scanner - Version 1
Follow : [@CryptoGenNepal](https://twitter.com/cryptogennepal)
[![python](https://img.shields.io/badge/python-3.7-blue.svg?logo=python&labelColor=yellow)](https://www.python.org/downloads/) [![GitHub license](https://img.shields.io/github/license/TheNittam/RPOscanner)](https://github.com/TheNittam/RPOscanner/blob/master/LICENSE) [![platform](https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-green.svg)](https://github.com/TheNittam/RPOscanner/)
![RPO Scanner](RPO.png)
## Ever heard about **RPO Attack**?
If not here is the [video](https://www.youtube.com/watch?v=VrHkG5choM4) about **Relative Path Overwrite (RPO) Attack**. It's a lesser-known web-based vulnerability yet a very cool vulnerability. File descriptor was rewarded with 6000$ for his sweet exploit on this from Google. I have explained about this attack along with the mitigation techniques in our own language (**NEPALI** ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82e3a63c-4813-11e6-9430-6015d98aeaab.png)). It might be fruitful for not only security enthusiastic but also for developers.
## Reference
Title | Researcher | Link
------|------------|-----
RPO Gadget | [@filedescriptor](https://twitter.com/filedescriptor) | https://blog.innerht.ml/rpo-gadgets/
Detecting And Exploiting PRSSI | [James Kettle](https://twitter.com/albinowax) | https://portswigger.net/research/detecting-and-exploiting-path-relative-stylesheet-import-prssi-vulnerabilities## How to use?
```python3 rpo.py ```## Required Module
```pip3 install requests```