CrawlBox – Easy way to Brute-force Web Directory

CrawlBox is another tool that allow penetration tester to scan and run a path traversal attack against his target. Many website may include critical vulnerabilities to allow this type of attack where files and directories stored outside the web root folder.

CrawlBox - Easy way to Brute-force Web Directory
CrawlBox – Easy way to Brute-force Web Director

The tool will automate the exploitation by manipulating variables that reference files with ../ till it find a response from the web server which indicate that there is a path traversal vulnerability.

There are several option with this tool as the user may use internal worlist and run the scan or just to provide an external wordlist in case he wants to test a predefined strings.

You can read more and download the tool over here: https://github.com/abaykan/CrawlBox

Share