CodeWatch

Dirscalate Tool Update – NTLM, Basic, Digest, and Cookie Auth

I have updated my dirscalate tool to now include support for NTLM, BASIC, Digest, or cookie based authentication to the web application with the directory traversal vulnerability. If you are unfamiliar with the tool, see my post here.

Previously, if the site required authentication, you would have had to proxy dirscalate through something like Burp to add authentication. Now, you can pass credentials to dirscalate and it will handle the authentication to the site. It’s not a huge update, but it is nice to have if the vulnerability resides on a page that requires authentication.

The new options are:

  --ntlmuser NTLMUSER     use NTLM authentication with this username 
                          (format of domain \ username) (default: None)
  --ntlmpass NTLMPASS     use NTLM authentication with this password 
                          (default: None)
  --basicuser BASICUSER   use BASIC authentication with this username 
                          (default: None)
  --basicpass BASICPASS   use BASIC authentication with this password 
                          (default: None)
  --digestuser DIGESTUSER use DIGEST authentication with this username 
                          (default: None)
  --digestpass DIGESTPASS use DIGEST authentication with this password 
                          (default: None)
  --cookie COOKIE         use a previously established session cookie 
                          (default: None)

 
You can get the latest version of the tool on GitHub here.

Josh Berry

, , ,
, ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: