Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Start Depth #5

Open
Chalco1712 opened this issue Mar 23, 2020 · 3 comments
Open

Start Depth #5

Chalco1712 opened this issue Mar 23, 2020 · 3 comments

Comments

@Chalco1712
Copy link

It would be really cool if the tool could have a way to start it at a certain depth. Instead of starting at depth zero everytime

@Zamanry
Copy link

Zamanry commented Apr 7, 2023

I may start contributing to this tool. Could you explain further what you mean? Wouldn't your provided URL already specify the depth you're looking for? Such as:

python dotdotslash.py --url 'http://192.168.210.16/cgi-bin/%2e%2e/%2e%2e/etc/passwd' --string 'etc/passwd'

In this case, dotdotslash.py would start brute forcing before the etc. I guess I don't understand the user case.

@justgu3st
Copy link

python2 dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png
Traceback (most recent call last):
File "dotdotslash.py", line 7, in
from http.cookies import SimpleCookie
ImportError: No module named http.cookies

python dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png
[+] Depth: 0
Traceback (most recent call last):
File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 114, in
forloop()
File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 61, in forloop
fullrewrite = re.sub(arguments.string, rewrite, arguments.url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 185, in sub
return _compile(pattern, flags).sub(repl, string, count)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 317, in _subx
template = _compile_repl(template, pattern)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/init.py", line 308, in _compile_repl
return _parser.parse_template(repl, pattern)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/re/_parser.py", line 1078, in parse_template
raise s.error('bad escape %s' % this, len(this)) from None
re.error: bad escape \w at position 2

@Zamanry
Copy link

Zamanry commented Apr 7, 2023

python2 dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png Traceback (most recent call last): File "dotdotslash.py", line 7, in from http.cookies import SimpleCookie ImportError: No module named http.cookies

python dotdotslash.py --url http://example.com/dirtrav/example2.php?file=/var/www/files/hacker.png --string /var/www/files/hacker.png [+] Depth: 0 Traceback (most recent call last): File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 114, in forloop() File "/home/kali/Desktop/tools/dotdotslash/dotdotslash.py", line 61, in forloop fullrewrite = re.sub(arguments.string, rewrite, arguments.url) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 185, in sub return _compile(pattern, flags).sub(repl, string, count) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 317, in _subx template = _compile_repl(template, pattern) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/init.py", line 308, in _compile_repl return _parser.parse_template(repl, pattern) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/re/_parser.py", line 1078, in parse_template raise s.error('bad escape %s' % this, len(this)) from None re.error: bad escape \w at position 2

This tool doesn't support Python 2.X. Also, see #6 to fix the \w issue.

@github-staff github-staff deleted a comment Apr 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants