Dirscalate Tool Update – NTLM, Basic, Digest, and Cookie Auth
I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here.
Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp to add authentication. Now, you can pass credentials to dirscalate and it will handle the authentication to the site. It’s not a huge update, but it is nice to have if the vulnerability resides on a page that requires authentication.
The new options are:
--ntlmuser NTLMUSER use NTLM authentication with this username (format of domain \ username) (default: None) --ntlmpass NTLMPASS use NTLM authentication with this password (default: None) --basicuser BASICUSER use BASIC authentication with this username (default: None) --basicpass BASICPASS use BASIC authentication with this password (default: None) --digestuser DIGESTUSER use DIGEST authentication with this username (default: None) --digestpass DIGESTPASS use DIGEST authentication with this password (default: None) --cookie COOKIE use a previously established session cookie (default: None)
You can get the latest version of the tool on GitHub here.
Search Posts
Security Categories
- Android
- Apache Security
- Burp
- CodeWatch
- Deadrop
- Java
- Linux
- Metasploit
- OWASP 2010 A1
- OWASP 2010 A10
- OWASP 2010 A2
- OWASP 2010 A3
- OWASP 2010 A4
- OWASP 2010 A5
- OWASP 2010 A6
- OWASP 2010 A7
- OWASP 2010 A9
- OWASP 2013 A9
- Penetration Testing
- Phishing
- PHP Security
- PowerShell
- Python
- Social Engineering
- Unix
- Windows
Top Tags
ASVS 3.1 ASVS 3.2 ASVS 3.3 ASVS 3.4 ASVS 3.5 ASVS 3.6 ASVS 3.7 ASVS 3.8 ASVS 3.9 ASVS 3.10 ASVS 3.11 ASVS 3.12 ASVS 3.13 ASVS 11.4 bcrypt Burp Suite Pro CodeWatch CryptoPP Hashcat Hyperion Java Linux Metasploit Meterpreter mimikatz msfencode msfpayload Ophcrack OWASP 2010 A1 - Injection OWASP 2010 A2 - Cross-Site Scripting (XSS) OWASP 2010 A3 - Broken Authentication and Session Management Penetration Testing Phishing PHP Powershell Python SET Shellcodeexec Social Engineering Unix Veil VirusTotal WAF Web App Pentesting Windows