It's an honour to be listed in the latest release of the OWASP Testing Guide 4.0 as one of the tools to test Web applications against the Path Traversal vulnerability . In other (削除) old (削除ここまで) news, DotDotPwn was included in Kali Linux and BlackArch Linux (an Arch-based distro for pentesters & researchers).

Since time ago, Eldar '@Wireghoul' Marcussen (http://www.justanotherhacker.com), has been supporting this project a lot by adding new functionalities and payloads as well as fixing some bugs. THANKS !!!

That said, we strongly recommend to download and use the latest enhanced DotDotPwn (削除) on steroids (削除ここまで) from his github repositoryat:


For the desperate:
$ git clone https://github.com/wireghoul/dotdotpwn.git
$ cd dotdotpwn
$ ./dotdotpwn.pl

Happy ../../../Path/../Traversal/../Fuzzing !
Ch33rs ! B-]

We're happy to announce these two great contributions to DotDotPwn - The Traversal Directory Fuzzer.

The 1st one was from Eldar 'Wireghoul' Marcussen (http://www.justanotherhacker.com), who added support for SSL, zlib compression and removed the HTTP::Lite dependancy.
You can get a copy from:

https://github.com/wireghoul/dotdotpwn


Today, 27/03/13, we received another contribution from Bryan Alexander (http://forelsec.blogspot.com), who added the -C feature to continue the fuzzing process instead of die() in case of the Web server doesn't respond any request.
You can get a copy from (it also includes the SSL feature by Wireghoul):

https://github.com/hatRiot/dotdotpwn

Thanks a lot for the support guys !

Happy ../../../directory/traversal/ Fuzzing

Cheers ! B-)