DotDotPwn v3.0 - Directory Traversal fuzzer - Hacking Tools Download Download Hacking Tools at 'Tools Yard': DotDotPwn v3.0 - Directory Traversal fuzzer

DotDotPwn v3.0 - Directory Traversal fuzzer

Labels:
, ,



It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module. It's written in perl programming language and can be run either under *NIX or Windows platforms. Fuzzing modules supported in this version:- HTTP - HTTP URL - FTP - TFTP - Payload (Protocol independent) - STDOUT

Changes / Enhancements / Features:
  • -X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. - http://en.wikipedia.org/wiki/Bisection_method
  • -M switch to specify another method different from the default (GET) when the http module is used.
  • Other HTTP methods are [POST | HEAD | COPY | MOVE]
  • -e switch to specify the file extension to be appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
DotDotPwn is now included in the Backtrack R2. To install the tool, just need to complete the following command: apt-get install dotdotpwn



Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Friday, June 08, 2012  

The Hacker News - Daily Updates