I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here.
Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp to add authentication. Now, you can pass credentials to dirscalate and it will handle the authentication to the site. It’s not a huge update, but it is nice to have if the vulnerability resides on a page that requires authentication.
The new options are:
--ntlmuser NTLMUSER use NTLM authentication with this username
(format of domain \ username) (default: None)
--ntlmpass NTLMPASS use NTLM authentication with this password
(default: None)
--basicuser BASICUSER use BASIC authentication with this username
(default: None)
--basicpass BASICPASS use BASIC authentication with this password
(default: None)
--digestuser DIGESTUSER use DIGEST authentication with this username
(default: None)
--digestpass DIGESTPASS use DIGEST authentication with this password
(default: None)
--cookie COOKIE use a previously established session cookie
(default: None)
You can get the latest version of the tool on GitHub here.
If you enjoyed this article, please consider sharing it!
