Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Go

Ruby

R

Scala

HTML

Kotlin

CSS

Haskell

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Racket

Perl

Scala

Elm

Zig

R

Shell

Groovy

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇰🇲 Comoros

🇧🇳 Brunei

🇯🇲 Jamaica

🇲🇦 Morocco

🇻🇺 Vanuatu

🇩🇰 Denmark

🇬🇷 Greece

🇰🇼 Kuwait

All Countries Compare Countries

jcesarstef/dotdotslash

Stars
394
Rank 108,655 (Top 3 %)
Language
Python
License
Other
Created over 6 years ago
Updated 3 months ago

jcesarstef/dotdotslash

jcesarstef

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Search for Directory Traversal Vulnerabilities

dotdotslash

An tool to help you search for Directory Traversal Vulnerabilities

Benchmarks

Platforms that I tested to validate tool efficiency:

DVWA (low/medium/high)
bWAPP (low/medium/high)

Screenshots

Instalation

You can download the last version cloning this repository

git clone https://github.com/jcesarstef/dotdotslash/

This tool was made to work with Python3

Usage

> python3 dotdotslash.py --help
usage: dotdotslash.py [-h] --url URL --string STRING [--cookie COOKIE]
                      [--depth DEPTH] [--verbose]

dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.

optional arguments:
  -h, --help            show this help message and exit
  --url URL, -u URL     Url to attack.
  --string STRING, -s STRING
                        String in --url to attack. Ex: document.pdf
  --cookie COOKIE, -c COOKIE
                        Document cookie.
  --depth DEPTH, -d DEPTH
                        How deep we will go?
  --verbose, -v         Show requests

Example:

python3 dotdotslash.py \
--url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" \
--string "a.txt" \
--cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"

Let Me Know What You Think

My Twitter: https://twitter.com/jcesarstef
My Linkedin: https://www.linkedin.com/in/jcesarstef
My Blog(Brazilian Portuguese only for now): http://www.inseguro.com.br

ghhdb-Github-Hacking-Database

Github Hacking Database - My personal collection of Github Dorks to search for Confidential Information (Yes, it's a Github version of Google Dorks)

python-crawl

Library to crawl and extract internal links from domain

seosint

Search Engine Open Source Intelligence

gem_eyes

Little python3 script to search for vulnerabilities and out-dated dependencies in rubygems

Ethereum-Smart-Contracts

My personal Ethereum-based Smart Contracts

python-registrobr

A tiny python3 library to handle with RegistroBR whois queries

scripts

scripts that are useful (or not)

commentsHunter

Script to hunt comments in URL's