DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool

Use Netsparker


A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on sites such as exploit-db, but those advisories just reported some (1 or 2) traversal strings with a difference with DotDotPwn which detected between 10 or 20 different attack strings on those vulnerable servers.

Features

  • Detects Directory traversal vulnerabilities on remote HTTP/FTP server systems.
  • DotDotPwn checks the presence of boot.ini on the vulnerable systems through Directory traversal vulnerabilities, so it is assumed that the tested systems are Windows based HTTP/FTP servers.
  • Currently, the traversal database holds 871 attack payloads. Use the -update flag to perform an online fresh update.

Requirements

Perl with support of HTTP::Lite and Net::FTP modules

The full README file is available here.

You can download DotDotPwn v1.0 here:

ddpwn.tar.gz

Or read more here.

Posted in: Hacking Tools, Web Hacking

, , , , , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.