How DotDotPwn Tool Works?

There are a large amount of data permutations onto the targeted domain. DotDotPwn tool mainly works on these permutations. When the request is done through the inputted data to the web application DotDotPwn tool checks and analyzes the response to the request. The information returned is considered vulnerable when the feedback given to the program is analyzed.

When the output returned by the target domain is improper or unusual then there are most chances that the target may be vulnerable to the specific flaw. For example, there is a Security Flaw named SQLi (SQL Injection) which works by inserting malicious queries into the database or back end; if this query is executed then the response we receive is something improper so we get an idea that there must be SQLi flaw due to lack of validation.

Note: Make Sure You have Perl Installed on your System, as this is a Perl-based tool. Click to check the Installation process: Perl Installation Steps on Linux

Directories in the Web-based application hold various information about the functionalities of the website. Some directories can be common or usual, but some of the directories are attractive or important directories that can contain some important information. Like /etc/passwd can contain the information about the Linux server. Traversing this directory is challenging work for every tester, so there is an automated script developed in the PERL language named as DotDotPwn. DotDotPwn fuzzes the directories from the target server and also performs some basic recon on the domain. DotDotPwn has various modules like :

• HTTP
• HTTP URL
• FTP
• TFTP
• Payload (Protocol independent)
• STDOUT

All these modules have their work or functionality. DotDotPwn tool is an automated tool, it’s openly available on the internet and is free to use.