-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Praveen Kavinda edited this page Mar 19, 2025
·
2 revisions
## Welcome to the PathSeeker Wiki
**PathSeeker** is a multi-threaded, Python-based tool designed to detect path traversal vulnerabilities in web applications. This wiki provides detailed documentation to help you understand, use, and extend PathSeeker effectively.
Developed by [Praveen Kavinda](https://prav33n.me), PathSeeker is built for security researchers and penetration testers who need a fast, flexible way to test endpoints for potential security flaws.
> **Legal Notice**: Use PathSeeker only on systems you own or have explicit permission to test. Unauthorized testing may violate laws and ethical standards.
---
## Table of Contents
- [Overview](#overview)
- [Key Features](#key-features)
- [Getting Started](#getting-started)
- [Documentation](#documentation)
- [Contributing](#contributing)
- [Support](#support)
## Overview
PathSeeker automates the process of testing web applications for path traversal vulnerabilities (e.g., accessing files like `/etc/passwd` or `C:\Windows\win.ini`). It uses a combination of multi-threading, random user agents, and a customizable payload list to efficiently probe endpoints. When vulnerabilities are detected, PathSeeker provides interactive options to continue testing or save results.
For more details, see the [GitHub README](https://github.com/praveenkavi5/PathSeeker).
## Key Features
- **Multi-Threading**: Speeds up scans with configurable thread counts.
- **Randomized Headers**: Evades detection with rotating user agents and IP spoofing.
- **Payload Flexibility**: Supports default and custom wordlists.
- **Smart Parameter Handling**: Targets specific query parameters without breaking URLs.
- **Result Saving**: Exports findings to a file for analysis.
---
## Getting Started
To install and run PathSeeker:
1. Clone the repository:
```bash
git clone https://github.com/praveenkavi5/PathSeeker.git
cd PathSeeker- Install dependencies:
pip install requests
- Run the tool:
python pathseeker.py
See Usage for detailed examples.
Explore these pages for in-depth information:
- Usage: How to run PathSeeker with examples.
- Payloads: Understanding and customizing the payload list.
- FAQ: Common questions and troubleshooting tips.
We welcome contributions! To get involved:
- Fork the repository.
- Create a feature branch (
git checkout -b feature/your-feature). - Submit a pull request with your changes.
Check the Contributing section in the README for guidelines.
- Issues: Report bugs or suggest features on GitHub Issues.
- Contact: Reach out via prav33n.me.
Happy testing with PathSeeker!
---
### Suggested Additional Wiki Pages
Here are outlines for additional pages you can create in the wiki. You can copy these into separate `.md` files (e.g., `Usage.md`, `Payloads.md`, `FAQ.md`) when setting up the wiki.
#### Usage.md
```markdown
# Usage
This page explains how to use PathSeeker effectively.
## Basic Usage
Run PathSeeker and follow the prompts:
```bash
python pathseeker.py
-
Base URL: Enter the target URL (e.g.,
https://example.com/page?url=test&w=256). -
Parameter: Specify the parameter to test (e.g.,
url). - Custom Wordlist: (Optional) Path to a payload file.
- Max Threads: (Optional) Number of threads (default: 10).
Testing a URL with the url parameter:
Enter the base URL: https://topads.lk/_next/image?url=TEST&w=256&q=75
Enter the parameter to test: url
Enter custom wordlist file path:
Enter max threads: 5
Output:
[>] https://topads.lk/_next/image?url=../&w=256&q=75 | Status: 400 | Length: 26 | "url" parameter is invalid
- Use a custom wordlist for specific targets (e.g.,
payloads.txt). - Increase threads for faster scans on robust servers.
#### Payloads.md
```markdown
# Payloads
PathSeeker uses a default wordlist for path traversal testing. This page explains how it works and how to customize it.
## Default Payloads
The default list includes common traversal patterns:
- `../`, `..\\`, `/etc/passwd`
- Encoded variants: `%2e%2e%2f`, `%252e%252e%252f`
- Null byte injections: `../../etc/passwd%00`
## Custom Payloads
Create a text file with one payload per line:
../../secret.txt ../config.ini %2e%2e%2fadmin.php
Specify the file path when prompted.
## Tips
- Tailor payloads to the target OS (Linux/Windows).
- Experiment with encoding to bypass filters.
# FAQ
Common questions about PathSeeker.
## Why do I get a 400 Bad Request?
The server might be validating inputs. Try different payloads or parameters.
## How do I avoid detection?
PathSeeker rotates user agents and headers. For more stealth, consider adding proxy support (future feature).
## Can I test multiple parameters?
Currently, PathSeeker tests one parameter at a time. Multi-parameter testing is planned for a future release.