<>
Thursday, February 7, 2013

DotDotPwn v3.0.1 - The Directory Traversal Fuzzer released


The latest version of DotDotPwn v3.0.1 released.
DotDotPwn is a flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. It's written in perl programming language and can be run either under *NIX or Windows platforms. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

Supported modules are HTTP, HTTP, URL, FTP , TFTP , Payload (Protocol independent) and STDOUT.


Download from here
CHANGELOG
This file contains the history of the changes made to DotDotPwn since it's conception. 
DotDotPwn v3.0.1 
Release date: 24/01/2013
Changes / Enhancements / Features:- 

HTTP::Lite dependancy removed (Replaced with LWP core modules) 
* -S switch enables SSL for the http module 
* http-uri module supports SSL via https:// url 
* More dot encodings to bypass string replace and blacklist filters
Requirements - - Perl (http://www.perl.org) Programmed and tested on Perl 5.8.8 and 5.10
- Nmap (http://www.nmap.org) Only if you plan to use the OS detection feature (needs root privileges) 
 Perl modules: - Net::FTP 
- TFTP 
- Time::HiRes 
- Socket 
- IO::Socket 
- Getopt::Std 
- Switch
You can easily install the missing modules doing the following as root:

# perl -MCPAN -e "install <MODULE_NAME>" 
or 
# cpan cpan> install <MODULE_NAME> 

Examples - 
Read EXAMPLES.txt

Sources-
https://github.com/wireghoul/dotdotpwn

0 comments:

Post a Comment

:) :)) ;(( :-) =)) ;( ;-( :d :-d @-) :p :o :>) (o) [-( :-? (p) :-s (m) 8-) :-t :-b b-( :-# =p~ $-) (b) (f) x-) (k) (h) (c) cheer
Click to see the code!
To insert emoticon you must added at least one space before the code.

Welcome Back Visitor! Your Last Visit Was on Tues, Sep 23, 2025 12:19:13 AM
 
TOP