目录遍历fuzz工具 - DotDotPwn

DotDotPwn是一款非常灵活智能的fuzz工具,主要用于挖掘Web(web平台软件如CMS、ERP、博客等)/FTP/TFTP服务器软件中的目录遍历漏洞。DotDotPwn使用perl编写,可工作在*NIX和windows平台。DotDotPwn 3.0主要特点:
-X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. – http://en.wikipedia.org/wiki/Bisection_method
-M switch to specify another method different from the default (GET) when the http module is used.
Other HTTP methods are [POST | HEAD | COPY | MOVE]
-e switch to specify the file extension to be appended at the end of each fuzz string (e.g. “.php”, “.jpg”, “.inc”)
New dots & slashes encodings (fuzz patterns) based on: https://www.owasp.org/index.php/Canonicalization,_locale_and_Unicode and http://wikisecure.net/security/uri-encoding-to-bypass-idsips

工具下载:http://www.brainoverflow.org/code/dotdotpwn-v3.0.tar.gz

标签: 无
返回文章列表 文章二维码
本页链接的二维码
打赏二维码