Published on November 11th, 2016 📆 | 2496 Views ⚑
0Directory Traversal Fuzzer: DotDotPwn
It’s a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.
It’s written in perl programming language and can be run either under OS X, *NIX or Windows platforms.
Fuzzing modules supported in this version:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
Requirements:
- Perl (https://www.perl.org) – Programmed and tested on Perl 5.8.8 and 5.10
- Nmap (https://www.nmap.org) – Only if you plan to use the OS detection feature (needs root priviledges)
Perl modules:
- Net::FTP
- TFTP (only required if fuzzing TFTP)
- Time::HiRes
- Socket
- IO::Socket
- Getopt::Std
[adsense size='1']
You can easily install the missing modules doing the following as root:
# perl -MCPAN -e "install <MODULE_NAME>"
or
cpan cpan> install <MODULE_NAME>
https://github.com/wireghoul/dotdotpwn
Gloss