Path Traverser – a new Path Traversal tool

New development by me 🙂

Path Traverser is a tool for security testing of web applications. It operates as a middleman between your web application to its host server, giving you the abillity to test the actual files as found in your host server against the application, according to their relevant path.

How does it work?

After you have provided the relevant details, Path Traverser will connect (FTP) to your host server in order to pull out (ls -R) the list of files.

Then, it will manipulate the list taken from the file system so it will fit the web application by changing their path. How? Lets say that your application could be found at: http://mysrvr:777/home and the application files could be found in the file system under: myapps/demoapp/client/version/lastversion. Each file in the files system will receive its relevant path, so the files under: /myapps/demoapp/client/version/1.1/ will be created as: http://mysrvr:777/home/../1.1/ and requests for files under /myapp/differentapp/files/ will be created as: http://mysrvr:777/home/../../../../differentapp/files/, etc.

After that, the Path Traverser will start sending these requests one by one. You will be able to follow via the progress bar or the log file. If something goes worng, go to the Log Tab and try to figure up what when wrong, or contact me at: pt@appsec.it – I will gladly help!
Now its time to view the results, that could be found in the Results Tab. Each request that received one of the selected response codes from the server, will be displayed next to the code in the Results Tab. e.g.: [200]   http://http://mysrvr:777/home/../1.1/actions.log. They could also be found under in the file holding the relevant response code.

Where? appsec.it/pt – for more information!

for help: appsec.it/pt/help.html


Here are some screenshots:





Of course, all features and assistant could be found in the Path Traverser website:

http://appsec.it/pt

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: