An tool to help you search for Directory Traversal Vulnerabilities
Platforms that I tested to validate tool efficiency:
You can download the last version cloning this repository
git clone https://github.com/jcesarstef/dotdotslash/
This tool was made to work with Python3
> python3 dotdotslash.py --help
usage: dotdotslash.py [-h] --url URL --string STRING [--cookie COOKIE]
[--depth DEPTH] [--verbose]
dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.
optional arguments:
-h, --help show this help message and exit
--url URL, -u URL Url to attack.
--string STRING, -s STRING
String in --url to attack. Ex: document.pdf
--cookie COOKIE, -c COOKIE
Document cookie.
--depth DEPTH, -d DEPTH
How deep we will go?
--verbose, -v Show requests
Example:
python3 dotdotslash.py \
--url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" \
--string "a.txt" \
--cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"
- My Twitter: https://twitter.com/jcesarstef
- My Linkedin: https://www.linkedin.com/in/jcesarstef
- My Blog(Brazilian Portuguese only for now): http://www.inseguro.com.br