DotDotPwn v3.0 The Directory Traversal Fuzzer

13Feb/120

DotDotPwn v3.0 The Directory Traversal Fuzzer

Version: DotDotPwn v3.0
Release date: 03/Feb/2012 (Release at BugCon Security Conferences 2012)

Changes / Enhancements / Features:

-X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. - http://en.wikipedia.org/wiki/Bisection_method
-M switch to specify another method different from the default (GET) when the http module is used.
Other HTTP methods are [POST | HEAD | COPY | MOVE]
-e switch to specify the file extension to be appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
New dots & slashes encodings (fuzz patterns) based on: https://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode and http://wikisecure.net/security/uri-encoding-to-bypass-idsips

Supported modules:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT

Feel free to download this new release from the following sites:

Download location #1

Download location #2

Source

Tagged as: Directory Traversal, Fuzzer, hacking, tools Leave a comment

Comments (0) Trackbacks (0) ( subscribe to comments on this post )

No comments yet.

Disclaimer

This website was created for educational purposes. The owner will not take any responsibility for any action you cause using the information shown in this website. Please do not contact me with blackhat type hacking requests. Thanks

lo0.ro cat /dev/null > stupidity – nobody is safe

DotDotPwn v3.0 The Directory Traversal Fuzzer

Leave a comment Cancel reply

Disclaimer

Categories

Tags

Meta