View Issue Details

IDProjectCategoryView StatusLast Update
0005486Kali Linux[All Projects] Kali Package Improvementpublic2020-02-10 17:39
Reporterg0tmi1k Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0005486: dotdotpwn - Fix up help
Description```
g0tmi1k@kali-dev:~$ dotdotpwn
#################################################################################
# #
# CubilFelino Chatsubo #
# Security Research Lab and [(in)Security Dark] Labs #
# chr1x.sectester.net chatsubo-labs.blogspot.com #
# #
# pr0udly present: #
# #
# ________ __ ________ __ __________ #
# \______ \ ____ _/ |_\______ \ ____ _/ |_\______ \__ _ __ ____ #
# | | \ / _ \\ __\| | \ / _ \\ __\| ___/\ \/ \/ // \ #
# | ` \( <_> )| | | ` \( <_> )| | | | \ /| | \ #
# /_______ / \____/ |__| /_______ / \____/ |__| |____| \/\_/ |___| / #
# \/ \/ \/ #
# - DotDotPwn v3.0.2 - #
# The Directory Traversal Fuzzer #
# http://dotdotpwn.sectester.net #
# dotdotpwn@sectester.net #
# #
# by chr1x & nitr0us #
#################################################################################

Usage: ./dotdotpwn.pl -m <module> -h <host> [OPTIONS]
    Available options:
    -m Module [http | http-url | ftp | tftp | payload | stdout]
    -h Hostname
    -O Operating System detection for intelligent fuzzing (nmap)
    -o Operating System type if known ("windows", "unix" or "generic")
    -s Service version detection (banner grabber)
    -d Depth of traversals (e.g. deepness 3 equals to ../../../; default: 6)
    -f Specific filename (e.g. /etc/motd; default: according to OS detected, defaults in TraversalEngine.pm)
    -E Add @Extra_files in TraversalEngine.pm (e.g. web.config, httpd.conf, etc.)
    -S Use SSL for HTTP and Payload module (not needed for http-url, use a https:// url instead)
    -u URL with the part to be fuzzed marked as TRAVERSAL (e.g. http://foo:8080/id.php?x=TRAVERSAL&y=31337)
    -k Text pattern to match in the response (http-url & payload modules - e.g. "root:" if trying /etc/passwd)
    -p Filename with the payload to be sent and the part to be fuzzed marked with the TRAVERSAL keyword
    -x Port to connect (default: HTTP=80; FTP=21; TFTP=69)
    -t Time in milliseconds between each test (default: 300 (.3 second))
    -X Use the Bisection Algorithm to detect the exact deepness once a vulnerability has been found
    -e File extension appended at the end of each fuzz string (e.g. ".php", ".jpg", ".inc")
    -U Username (default: 'anonymous')
    -P Password (default: 'dot@dot.pwn')
    -M HTTP Method to use when using the 'http' module [GET | POST | HEAD | COPY | MOVE] (default: GET)
    -r Report filename (default: 'HOST_MM-DD-YYYY_HOUR-MIN.txt')
    -b Break after the first vulnerability is found
    -q Quiet mode (doesn't print each attempt)
    -C Continue if no data was received from host
g0tmi1k@kali-dev:~$
```


Could `./` and `.pl` be removed?

Activities

g0tmi1k

2020-02-10 17:39

administrator   ~0012145

Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling <= 2019.2), these legacy versions are no longer supported.
We will be closing this ticket due to inactivity.

Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/?

If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing, and also give information about your setup?
For more information, please read: https://kali.training/topic/filing-a-good-bug-report/

Issue History

Date Modified Username Field Change
2019-06-02 19:10 g0tmi1k New Issue
2020-02-10 17:39 g0tmi1k Note Added: 0012145
2020-02-10 17:39 g0tmi1k Status new => closed