Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/wireghoul/dotdotpwn
DotDotPwn - The Directory Traversal Fuzzer
https://github.com/wireghoul/dotdotpwn
fuzzer penetration-testing perl security traversal
Last synced: 10 days ago
JSON representation
DotDotPwn - The Directory Traversal Fuzzer
- Host: GitHub
- URL: https://github.com/wireghoul/dotdotpwn
- Owner: wireghoul
- License: gpl-3.0
- Created: 2012-02-10T01:28:05.000Z (over 12 years ago)
- Default Branch: master
- Last Pushed: 2022-09-28T02:51:18.000Z (about 2 years ago)
- Last Synced: 2024-10-13T11:23:23.288Z (26 days ago)
- Topics: fuzzer, penetration-testing, perl, security, traversal
- Language: Perl
- Homepage: http://dotdotpwn.blogspot.com/
- Size: 85.9 KB
- Stars: 981
- Watchers: 37
- Forks: 176
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.txt
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-bugbounty-tools - dotdotpwn - DotDotPwn - The Directory Traversal Fuzzer (Exploitation / Directory Traversal)
- WebHackersWeapons - dotdotpwn - The Directory Traversal Fuzzer ||[`path-traversal`](/categorize/tags/path-traversal.md)|[](/categorize/langs/Perl.md)| (Weapons / Tools)
- awesome-termux-hacking - dotdotpwn - DotDotPwn - The Directory Traversal Fuzzer.[](https://github.com/wireghoul/dotdotpwn/stargazers/) (Uncategorized / Uncategorized)
README
### DESCRIPTION ###
DotDotPwn - The Directory Traversal Fuzzer
It's a very flexible intelligent fuzzer to discover traversal
directory vulnerabilities in software such as HTTP/FTP/TFTP
servers, Web platforms such as CMSs, ERPs, Blogs, etc.
Also, it has a protocol-independent module to send the desired
payload to the host and port specified. On the other hand, it
also could be used in a scripting way using the STDOUT module.
It's written in perl programming language and can be run
either under OS X, *NIX or Windows platforms. It's the first Mexican
tool included in BackTrack Linux (BT4 R2).
Fuzzing modules supported in this version:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
### REQUIREMENTS ###
- Perl (http://www.perl.org)
Programmed and tested on Perl 5.8.8 and 5.10
- Nmap (http://www.nmap.org)
Only if you plan to use the OS detection feature
(needs root privileges)
Perl modules:
- Net::FTP
- TFTP (only required if fuzzing TFTP)
- Time::HiRes
- Socket
- IO::Socket
- Getopt::Std
You can easily install the missing modules doing the
following as root:
```
# perl -MCPAN -e "install "
```
or
```
# cpan
cpan> install
```
### EXAMPLES ###
Read EXAMPLES.txt
### CONTACT ###
Official Website: http://dotdotpwn.sectester.net
Official Email: [email protected]
Bugs / Contributions / Improvements: [email protected]
### AUTHORS ###
```
Christian Navarrete aka chr1x Alejandro Hernandez H. aka nitr0us
http://twitter.com/chr1x http://twitter.com/nitr0usmx
[email protected] [email protected]
http://www.brainoverflow.org
CubilFelino Security Research Lab Chatsubo [(in)Security Dark] Labs
http://chr1x.sectester.net http://chatsubo-labs.blogspot.com
```
### CHANGE HISTORY ###
Read CHANGELOG.txt
### LICENSE ###
```
DotDotPwn - The Directory Traversal Fuzzer
Copyright (C) 2012 Christian Navarrete and Alejandro Hernandez H.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see
```