DotDotPwn – Directory Traversal Fuzzing

What’s DotDotPwn?

DotDotPwn is essentially a Directory Traversal fuzzer that allows you to identify directory traversal vulnerabilities on various services. These services range from web servers (HTTP, HTTP URLs, FTP and TFTP Protocols!) Cool huh?


What’s Fuzzing?

Fuzzing testing is essentially a quality assurance technique used to discover coding errors and security loopholes in software, operating systems, or networks. It involves inputting massive amounts of random data, called fuzz, to test whether it will crash or give out unexpected responses. This can be done by feeding different permutations of data into a target program until one of those permutations reveals a vulnerability. In other words, you are inputting huge amounts of data into the service and you are trying to get it to crash or get potential memory leaks or weird outputs.


What the heck is a Directory traversal vulnerability?

A directory traversal/path traversal consists of exploiting insufficient security validation, or sanitization of user input file names. The goal of this attack is to use an affected application to gain unauthorized access to the file system. you are trying to get access to files on the files system using the vulnerability. This is popular on the FTP protocol and web servers, where you can get directories like the password directories etc.


DotDotPwn comes in pre-installed into Kali Linux. If you don’t have Kali Linux installed, here is my video for it:

This tool is popular for automating the fuzzing process for directory traversal. Many web application penetration testers will vouch for this and it’s, for some reason a tool kept in the dark, or kept secret, as I mentioned, because its popular for automating the whole fuzzing process! This is so cool!

If you don’t understand anything I’m saying, don’t be worried, why else am I here!

How do I use this amazing tool!?

The command:

dotdotpwn –help

Will bring you the help menu!

Simple Command:

./ -m <module> -h <host> [OPTIONS]

  • The hostname is the IP or the target URL
  • Operating System Detection uses NMAP scripts.
  • We won’t look at all of these, but feel free to try these out yourself!
  • I recommend leaving the depth of traversals to default!

Let’s try it on my metasploitable machine!

Let’s try dotdotpwn on my machine:

dotdotpwn -m HTTP <-d> -h

I prefer to leave the depth at default.

Thanks for reading guys.

Keep reading. Keep learning. Keep hacking


Leave a Reply