Panoptic - Tool For Exploiting Path Traversal Vulnerabilities

Panoptic - Pen-testing Tool For Exploiting Path Traversal Vulnerabilities

Panoptic is an open source penetration testing tool that is capable of exploiting path traversal vulnerabilities.

"Occasionally during a penetration test, I encounter a path traversal vulnerability which cannot be converted to an RFI and exploited easily. This can be quite a frustrating vulnerability to escalate your access with when you don't have a large database of the default locations of known configurations, logs or other important files. It was out of this frustration that Panoptic was born. With the collaboration and invaluable help of Miroslav Stampar, we wrote a tool that searches for commonly known files through LFI vulnerabilities." Roberto Salgado (developer).

Note: Panoptic requires Python 2.6 or later.

Usage: --url TARGET [options]

-h/--help             show this help message and exit
-v/--verbose          display extra output information
-u/--url=URL          set target URL
-p/--param=PARAM      set parameter name to test for (e.g. "page")
-d/--data=DATA        set data for HTTP POST request (e.g. "page=default")
-t/--type=TYPE        set type of file to look for ("conf" or "log")
-o/--os=OS            set filter name for OS (e.g. "*NIX")
-s/--software=SOFT..  set filter name for software (e.g. "PHP")
-c/--category=CATE..  set filter name for category (e.g. "FTP")
-l/--list=GROUP       list available filters for group (e.g. "software")
-a/--auto             avoid user interaction by using default options
-w/--write-files      write content of retrieved files to output folder
-x/--skip-parsing     skip special tests if *NIX passwd file is found
--load=LISTFILE       load and try user provided list from a file
--ignore-proxy        ignore system default HTTP proxy
--proxy=PROXY         set proxy (e.g. "socks5://")
--user-agent=UA       set HTTP User-Agent header value
--random-agent        choose random HTTP User-Agent header value
--cookie=COOKIE       set HTTP Cookie header value (e.g. "sid=foobar")
--header=HEADER       set a custom HTTP header (e.g. "Max-Forwards=10")
--prefix=PREFIX       set prefix for file path (e.g. "../")
--postfix=POSTFIX     set postfix for file path (e.g. "")
--multiplier=MULTI..  set multiplication number for prefix (default: 1)
--bad-string=STRING   set a string occurring when file is not found
--replace-slash=RE..  set replacement for char / in paths (e.g. "/././")
--threads=THREADS     set number of threads (default: 1)
--update              update Panoptic from official repository


./ --url "http://localhost/include.php?file=test.txt"
./ --url "http://localhost/include.php?file=test.txt&id=1" --param file
./ --url "http://localhost/include.php" --data "file=test.txt&id=1"
--param file

./ --list software
./ --list category
./ --list os

./ -u "http://localhost/include.php?file=test.txt" --os Windows
./ -u "http://localhost/include.php?file=test.txt" --software WAMP

No comments

Powered by Blogger.