dotdotslash
dotdotslash copied to clipboard
Start Depth
It would be really cool if the tool could have a way to start it at a certain depth. Instead of starting at depth zero everytime
I may start contributing to this tool. Could you explain further what you mean? Wouldn't your provided URL already specify the depth you're looking for? Such as:
python dotdotslash.py --url 'http://192.168.210.16/cgi-bin/%2e%2e/%2e%2e/etc/passwd' --string 'etc/passwd'
In this case, dotdotslash.py
would start brute forcing before the etc
. I guess I don't understand the user case.
python2 dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png
Traceback (most recent call last):
File "dotdotslash.py", line 7, in
python dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png
[+] Depth: 0
Traceback (most recent call last):
File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 114, in
python2 dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png Traceback (most recent call last): File "dotdotslash.py", line 7, in from http.cookies import SimpleCookie ImportError: No module named http.cookies
python dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png [+] Depth: 0 Traceback (most recent call last): File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 114, in forloop() File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 61, in forloop fullrewrite = re.sub(arguments.string, rewrite, arguments.url) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 185, in sub return _compile(pattern, flags).sub(repl, string, count) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 317, in _subx template = _compile_repl(template, pattern) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 308, in _compile_repl return _parser.parse_template(repl, pattern) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 1078, in parse_template raise s.error('bad escape %s' % this, len(this)) from None re.error: bad escape \w at position 2
This tool doesn't support Python 2.X. Also, see #6 to fix the \w
issue.