Loading...
Thursday, February 7, 2013

DotDotPwn v3.0.1 - The Directory Traversal Fuzzer released


The latest version of DotDotPwn v3.0.1 released.
DotDotPwn is a flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as HTTP/FTP/TFTP servers, Web platforms such as CMSs, ERPs, Blogs, etc. It's written in perl programming language and can be run either under *NIX or Windows platforms. Also, it has a protocol-independent module to send the desired payload to the host and port specified. On the other hand, it also could be used in a scripting way using the STDOUT module.

Supported modules are HTTP, HTTP, URL, FTP , TFTP , Payload (Protocol independent) and STDOUT.


Download from here
CHANGELOG
This file contains the history of the changes made to DotDotPwn since it's conception. 
DotDotPwn v3.0.1 
Release date: 24/01/2013
Changes / Enhancements / Features:- 

HTTP::Lite dependancy removed (Replaced with LWP core modules) 
* -S switch enables SSL for the http module 
* http-uri module supports SSL via https:// url 
* More dot encodings to bypass string replace and blacklist filters
Requirements - - Perl (http://www.perl.org) Programmed and tested on Perl 5.8.8 and 5.10
- Nmap (http://www.nmap.org) Only if you plan to use the OS detection feature (needs root privileges) 
 Perl modules: - Net::FTP 
- TFTP 
- Time::HiRes 
- Socket 
- IO::Socket 
- Getopt::Std 
- Switch
You can easily install the missing modules doing the following as root:

# perl -MCPAN -e "install <MODULE_NAME>" 
or 
# cpan cpan> install <MODULE_NAME> 

Examples - 
Read EXAMPLES.txt

Sources-
https://github.com/wireghoul/dotdotpwn

0 comments:

Post a Comment

 
TOP