search

iSanchezL / inspathx

Automatically exported from code.google.com/p/inspathx
GNU General Public License v3.0
0 stars 0 forks source link

readme

Internal Path Discloser / Error Hunter

license: GPL released date: 2010-09-28 last update: 2011-10-02

(c) Aung Khant, http://yehg.net

YGN Ethical Hacker Group, Yangon, Myanmar

Check the update via svn checkout http://inspathx.googlecode.com/svn/trunk/ inspathx

Send bugs, suggestions, contributions to inspath at yehg .net

How's it useful?

Web application developers sometimes fail to add safe checks against authentications, file inclusion, which could lead to possible sensitive information disclosure when application URLs are directly requested. Sometimes, it's a clue to File Inclusion vulnerability. For open-source applications, source code can be downloaded and checked to find such information.

This script will do this job. First you have to download source archived file of your desired OSS. Second, extract it. Third, feed its path to inspathx.

The inspath can take the following options:

Required -d with source directory (of application like /src/webapp/phpmyadmin) -u with the target base URL (like http://localhost - not http://localhost/index.php)

Optional
-t with the number of threads concurrently to run (default is 10) -l with the language [one of php,asp,aspx,jsp,cfm,all] (default is all) -x with your desired extensions separated by comma(s) (default : php4,php5,php6,php,asp,aspx,jsp,jspx,cfm) -k, --keycert client key + cert PEM file -m/--method with http method (either get or post) -q/--data with http data ("a=1&b=2")
-h/--headers with http headers (format: "x-ping-back: %00\r\ncookie: %00)

-p/--param-array flag that makes inpathx identify parameters (a=1&b=2) in target url and submit with arrayified parameters (a[]=1&b[]=2)
-n/--null-cookie flag to send session cookies with null value
-f/--follow flag to indicate whether you want inpathx to follow http redirection

Check out EXAMPLES for more options and usage

See EXAMPLES for more information.

Read the related text: http://yehg.net/lab/pr0js/view.php/path_disclosure_vulnerability.txt

Alternatively use portable bash versions if you wish: http://www.pentesterscripting.com/discovery/web_requester http://www.pentesterscripting.com/exploitation/bash_web_parameter_fuzzer

Contribute your ideas/suggestions on various web languages (currently supported PHP, ASP(X), JSP(X), CFM)