GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jcesarstef → Dotdotslash

jcesarstef / Dotdotslash

Licence: other
Search for Directory Traversal Vulnerabilities

Programming Languages

python
139335 projects - #7 most used programming language

Labels

security-toolspentest-toolpentest-scripts

Projects that are alternatives of or similar to Dotdotslash

Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+74.07%)
Mutual labels:  security-tools, pentest-tool, pentest-scripts
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+1548.82%)
Mutual labels:  pentest-tool, pentest-scripts, security-tools
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+282.49%)
Mutual labels:  security-tools, pentest-tool
Arl
ARL(Asset Reconnaissance Lighthouse)资产侦察灯塔系统旨在快速侦察与目标关联的互联网资产,构建基础资产信息库。 协助甲方安全团队或者渗透测试人员有效侦察和检索资产,发现存在的薄弱点和攻击面。
Stars: ✭ 1,357 (+356.9%)
Mutual labels:  security-tools, pentest-tool
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-56.23%)
Mutual labels:  security-tools, pentest-tool
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+160.94%)
Mutual labels:  security-tools, pentest-tool
Pompem
Find exploit tool
Stars: ✭ 786 (+164.65%)
Mutual labels:  security-tools, pentest-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-60.94%)
Mutual labels:  security-tools, pentest-tool
Blackmamba
C2/post-exploitation framework
Stars: ✭ 544 (+83.16%)
Mutual labels:  security-tools, pentest-tool
credcheck
Credentials Checking Framework
Stars: ✭ 50 (-83.16%)
Mutual labels:  pentest-scripts, pentest-tool
Zigdiggity
A ZigBee hacking toolkit by Bishop Fox
Stars: ✭ 169 (-43.1%)
Mutual labels:  security-tools, pentest-tool
wifibang
wifi attacks suite
Stars: ✭ 56 (-81.14%)
Mutual labels:  pentest-scripts, pentest-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+157.24%)
Mutual labels:  security-tools, pentest-tool
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (+145.12%)
Mutual labels:  security-tools, pentest-tool
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+263.3%)
Mutual labels:  security-tools, pentest-tool
Habu
Hacking Toolkit
Stars: ✭ 635 (+113.8%)
Mutual labels:  security-tools, pentest-tool
Catnip
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (-63.64%)
Mutual labels:  security-tools, pentest-tool
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+68.35%)
Mutual labels:  security-tools, pentest-tool
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+1041.75%)
Mutual labels:  security-tools, pentest-tool
Airmaster
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-49.49%)
Mutual labels:  security-tools, pentest-tool
View All Similar Projects ➔

dotdotslash

An tool to help you search for Directory Traversal Vulnerabilities

Benchmarks

Platforms that I tested to validate tool efficiency:

  • DVWA (low/medium/high)
  • bWAPP (low/medium/high)

Screenshots

Screenshot

Screenshot

Screenshot

Instalation

You can download the last version cloning this repository

git clone https://github.com/jcesarstef/dotdotslash/

This tool was made to work with Python3

Usage

> python3 dotdotslash.py --help
usage: dotdotslash.py [-h] --url URL --string STRING [--cookie COOKIE]
                      [--depth DEPTH] [--verbose]

dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.

optional arguments:
  -h, --help            show this help message and exit
  --url URL, -u URL     Url to attack.
  --string STRING, -s STRING
                        String in --url to attack. Ex: document.pdf
  --cookie COOKIE, -c COOKIE
                        Document cookie.
  --depth DEPTH, -d DEPTH
                        How deep we will go?
  --verbose, -v         Show requests

Example:

python3 dotdotslash.py \
--url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" \
--string "a.txt" \
--cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"

Let Me Know What You Think

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].