Showing posts with label development. Show all posts
Showing posts with label development. Show all posts

Wednesday, September 17, 2014

DotDotPwn on GitHub and in the OWASP Testing Guide v4.0

It's an honour to be listed in the latest release of the OWASP Testing Guide 4.0 as one of the tools to test Web applications against the Path Traversal vulnerability. In other old news, DotDotPwn was included in Kali Linux and BlackArch Linux (an Arch-based distro for pentesters & researchers).

Since time ago, Eldar '@Wireghoul' Marcussen (http://www.justanotherhacker.com), has been supporting this project a lot by adding new functionalities and payloads as well as fixing some bugs. THANKS !!!

That said, we strongly recommend to download and use the latest enhanced DotDotPwn on steroids from his github repositoryat:


For the desperate:
$ git clone https://github.com/wireghoul/dotdotpwn.git
$ cd dotdotpwn
$ ./dotdotpwn.pl

Happy ../../../Path/../Traversal/../Fuzzing !
Ch33rs ! B-]
at
Labels: , , , , , , , , , , , , , , , , , , ,

Wednesday, March 27, 2013

New Contributions to DotDotPwn !

We're happy to announce these two great contributions to DotDotPwn - The Traversal Directory Fuzzer.

The 1st one was from Eldar 'Wireghoul' Marcussen (http://www.justanotherhacker.com), who added support for SSL, zlib compression and removed the HTTP::Lite dependancy.
You can get a copy from:

https://github.com/wireghoul/dotdotpwn


Today, 27/03/13, we received another contribution from Bryan Alexander (http://forelsec.blogspot.com), who added the -C feature to continue the fuzzing process instead of die() in case of the Web server doesn't respond any request.
You can get a copy from (it also includes the SSL feature by Wireghoul):

https://github.com/hatRiot/dotdotpwn

Thanks a lot for the support guys !

Happy ../../../directory/traversal/ Fuzzing

Cheers ! B-)
at
Labels: , , , , , , , , , , , , , ,
Subscribe to: Posts (Atom)