forked from wireghoul/dotdotpwn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.txt
96 lines (65 loc) · 2.67 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
=== DESCRIPTION ===
DotDotPwn - The Directory Traversal Fuzzer
It's a very flexible intelligent fuzzer to discover traversal
directory vulnerabilities in software such as HTTP/FTP/TFTP
servers, Web platforms such as CMSs, ERPs, Blogs, etc.
Also, it has a protocol-independent module to send the desired
payload to the host and port specified. On the other hand, it
also could be used in a scripting way using the STDOUT module.
It's written in perl programming language and can be run
either under OS X, *NIX or Windows platforms. It's the first Mexican
tool included in BackTrack Linux (BT4 R2).
Fuzzing modules supported in this version:
- HTTP
- HTTP URL
- FTP
- TFTP
- Payload (Protocol independent)
- STDOUT
=== REQUIREMENTS ===
- Perl (http://www.perl.org)
Programmed and tested on Perl 5.8.8 and 5.10
- Nmap (http://www.nmap.org)
Only if you plan to use the OS detection feature
(needs root priviledges)
Perl modules:
- Net::FTP
- TFTP (only required if fuzzing TFTP)
- Time::HiRes
- Socket
- IO::Socket
- Getopt::Std
You can easily install the missing modules doing the
following as root:
# perl -MCPAN -e "install <MODULE_NAME>"
or
# cpan
cpan> install <MODULE_NAME>
=== EXAMPLES ===
Read EXAMPLES.txt
=== CONTACT ===
Official Website: http://dotdotpwn.sectester.net
Official Email: [email protected]
Bugs / Contributions / Improvements: [email protected]
=== AUTHORS ===
Christian Navarrete aka chr1x Alejandro Hernandez H. aka nitr0us
http://twitter.com/chr1x http://twitter.com/nitr0usmx
http://www.brainoverflow.org
CubilFelino Security Research Lab Chatsubo [(in)Security Dark] Labs
http://chr1x.sectester.net http://chatsubo-labs.blogspot.com
=== CHANGE HISTORY ===
Read CHANGELOG.txt
=== LICENSE ===
DotDotPwn - The Directory Traversal Fuzzer
Copyright (C) 2012 Christian Navarrete and Alejandro Hernandez H.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>