DFF is a PHP-based scanner designed to identify predictable file and folder paths on web servers.
One of Best Path traversal and PRL attack tools by TS/SCI Security (year 2008). Also tool is included on BackTrack 4 and OWASP Phoenix/Tools Project.
This tool is primarily used by security professionals to discover potential vulnerabilities in web applications by scanning for common file and folder names. It is particularly useful for penetration testers and security auditors looking to assess the security posture of web servers.
Ensure to test the tool in a controlled environment, as scanning can trigger alerts on web servers. Always have permission before scanning any web application.
Ensure PHP is installed on your server.
Make sure the cURL library is enabled in your PHP installation.
Download the DFF tool files from the repository.
Include the base classes in your script using require_once.require_once 'dff.files.class.php';
Includes the main class for the DFF scanner.
$dff = new dffFiles();
Creates a new instance of the DFF scanner.
$dff->url = 'http://www.security-net.biz/';
Sets the target URL for scanning.
$dff->names_by_letter = array('w','a','t','b');
Specifies the first letters to use in the scanning process.
$dff->custom_names = array('admin', 'blog', 'forum', 'crm');
Defines custom names to search for during the scan.
$dff->use_dic_file = 'MERGE_CUSTOM';
Specifies the mode for using a dictionary file.
$dff->dic_file = 'dic.txt';
Sets the path to the dictionary file used for scanning.
$dff->scan_it();
Initiates the scanning process.