dotdotslash is an automated Python3 tool designed to detect directory traversal vulnerabilities by testing URL parameters for path traversal exploits.
Search for Directory Traversal Vulnerabilities
This tool is primarily used by security professionals and penetration testers to identify directory traversal vulnerabilities in web applications by automating the testing of URL parameters. It helps validate the security posture of web platforms by simulating attacks that attempt to access unauthorized files through path traversal techniques.
The tool requires Python3 and does not specify additional dependencies. Users should ensure they have permission to test target systems to avoid legal issues. Using the --depth option allows control over the extent of traversal attempts, balancing thoroughness and speed. Verbose mode is useful for debugging or understanding request flows.
Clone the repository using: git clone https://github.com/jcesarstef/dotdotslash/
Ensure Python3 is installed on your system
Run the tool using Python3 (no additional dependencies mentioned)python3 dotdotslash.py --help
Displays help information and usage options for the tool.
python3 dotdotslash.py --url "http://192.168.58.101/bWAPP/directory_traversal_1.php?page=a.txt" --string "a.txt" --cookie "PHPSESSID=089b49151627773d699c277c769d67cb; security_level=3"
Runs the directory traversal test against the specified URL and parameter, using provided cookies for session authentication.