Description
dotdotpwn is an intelligent directory traversal fuzzer. It generates traversal payloads with multiple encoding techniques and tests them against HTTP, FTP, TFTP, and PAYLOAD modules. It automatically determines OS type and tests for known sensitive file paths.
Installation
BASH
# Kali (pre-installed)
dotdotpwn -h
# From source
git clone https://github.com/wireghoul/dotdotpwn.git
cd dotdotpwn
cpan install Net::FTP HTTP::Lite
# Perl dependencies
sudo apt install libnet-ftp-perl libhttp-lite-perlBasic Usage
BASH
# HTTP directory traversal
dotdotpwn -m http -h target.com
# FTP directory traversal
dotdotpwn -m ftp -h target.com
# Test specific URL parameter
dotdotpwn -m http-url -u "https://target.com/view?file=TRAVERSAL"Advanced Usage
BASH
# Custom depth
dotdotpwn -m http -h target.com -d 8
# Custom file to retrieve
dotdotpwn -m http -h target.com -f /etc/shadow
# Target specific OS files
dotdotpwn -m http -h target.com -o windows # targets win.ini, boot.ini
dotdotpwn -m http -h target.com -o unix # targets /etc/passwd
# Custom port
dotdotpwn -m http -h target.com -p 8080
# Use SSL
dotdotpwn -m http -h target.com -s
# Quiet mode - only show vulnerable
dotdotpwn -m http -h target.com -q
# Keyword detection (custom success string)
dotdotpwn -m http-url -u "https://target.com/view?file=TRAVERSAL" -k "root:"Common Workflows
BASH
# Test a file download endpoint
dotdotpwn -m http-url -u "https://target.com/download?file=TRAVERSAL" -k "root:" -d 10 -q
# FTP traversal testing
dotdotpwn -m ftp -h target.com -U anonymous -P anonymous@
# Test with encoding bypass
dotdotpwn -m http-url -u "https://target.com/read?path=TRAVERSAL" -k "[fonts]" -d 8
# Tests: ../, %2e%2e/, ..%2f, %2e%2e%2f, ....// etc.