• Stars
    star
    414
  • Rank 104,550 (Top 3 %)
  • Language
    Python
  • License
    Other
  • Created almost 7 years ago
  • Updated 6 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Search for Directory Traversal Vulnerabilities

dotdotslash

An tool to help you search for Directory Traversal Vulnerabilities

Benchmarks

Platforms that I tested to validate tool efficiency:

  • DVWA (low/medium/high)
  • bWAPP (low/medium/high)

Screenshots

Screenshot

Screenshot

Screenshot

Instalation

You can download the last version cloning this repository

git clone https://github.com/jcesarstef/dotdotslash/

This tool was made to work with Python3

Usage

> python3 dotdotslash.py --help
usage: dotdotslash.py [-h] --url URL --string STRING [--cookie COOKIE]
                      [--depth DEPTH] [--verbose]

dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.

optional arguments:
  -h, --help            show this help message and exit
  --url URL, -u URL     Url to attack.
  --string STRING, -s STRING
                        String in --url to attack. Ex: document.pdf
  --cookie COOKIE, -c COOKIE
                        Document cookie.
  --depth DEPTH, -d DEPTH
                        How deep we will go?
  --verbose, -v         Show requests

Example:

python3 dotdotslash.py \
--url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" \
--string "a.txt" \
--cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"

Let Me Know What You Think