Friday, February 3, 2012

NEW RELEASE: DotDotPwn v3.0

We are pleased to present the new version of our Directory Traversal fuzzer!

DotDotPwn v3.0

Version: DotDotPwn v3.0
Release date: 03/Feb/2012 (Release at BugCon Security Conferences 2012)

Changes / Enhancements / Features:

  1. -X switch that implements the Bisection Algorithm in order to detect the exact deepness once a directory traversal vulnerability has been found. -
  2. -M switch to specify another method different from the default (GET) when the http module is used.
  3. Other HTTP methods are [POST | HEAD | COPY | MOVE]
  4. -e switch to specify the file extension to be appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
  5. New dots & slashes encodings (fuzz patterns) based on:,_locale_and_Unicode and
Supported modules:
- Payload (Protocol independent)

Feel free to download this new release from the following sites: