├── BappDescription.html
├── Blind_detection_of_path_traversal-vulnerable_file_uploads.pdf
├── Java
├── build.xml
├── manifest.mf
├── psychoPATH.jar
└── src
│ ├── burp
│ ├── BinaryPayloadIssue.java
│ ├── BuildUnencodedRequest.java
│ ├── BurpExtender.java
│ ├── DirectScannerCheck.java
│ ├── Menu.java
│ ├── PsychoPATHScannerCheck.java
│ └── PsychoPATHScannerIssue.java
│ └── uk
│ └── co
│ └── pentest
│ ├── IntruderPayloadGenerator.java
│ ├── IntruderPayloadGeneratorByte.java
│ ├── PayloadFactory.java
│ ├── PsychoPATH.java
│ ├── PsychoPanel2.form
│ ├── PsychoPanel2.java
│ ├── PsychoTab.java
│ ├── SimpleDocumentListener.java
│ └── psychoPayload.java
├── LICENSE
├── README.md
├── TODO
├── logo_by_Sponge_Nutter.png
├── perl
├── README
├── get_docroots.pl
└── sample_results.txt
├── screenshots
├── after_propagation.png
├── docroot_groups.png
├── first_run.png
├── intruder_attack_setup.png
├── lfi_hunting_one_1.png
├── lfi_hunting_one_2.png
├── lfi_hunting_one_3.png
├── lfi_hunting_one_4.png
├── lfi_hunting_one_5.png
├── lfi_hunting_three.png
├── lfi_hunting_two.png
├── new_ui.png
├── new_ui2.png
├── new_ui3.png
├── new_ui4.png
├── new_ui5.png
├── new_ui6.png
├── new_ui7.png
├── payload_generators.png
├── payload_one_setting.png
├── payload_two_setting.png
├── propagate.png
├── results_0.png
├── results_1.png
├── verification_case_2_step_1.png
├── verification_case_2_step_2.png
├── verification_case_2_step_3.png
├── verification_case_3_step_1.png
├── verification_case_3_step_2.png
├── verification_case_3_step_3.png
├── verification_step1.png
├── verification_step2.png
├── verification_step3.png
└── verification_step4.png
├── test_cases
├── LFI
│ ├── eight.php
│ ├── eleven.php
│ ├── five.php
│ ├── four.php
│ ├── nine.php
│ ├── one.php
│ ├── seven.php
│ ├── six.php
│ ├── ten.php
│ ├── three.php
│ └── two.php
├── no_traversal_unusual_webroot
│ └── UploadServlet.java
├── uploadbare_traversal_inside_webroot
│ └── UploadServlet.java
└── uploadbare_traversal_outside_webroot
│ ├── META-INF
│ └── MANIFEST.MF
│ ├── UploadServlet.class
│ ├── UploadServlet.java
│ ├── WEB-INF
│ ├── UploadServlet.class
│ └── web.xml
│ ├── do_war.sh
│ ├── images
│ └── 404
│ ├── message.jsp
│ ├── upload.jsp
│ └── uploadbare_traversal_outside_webroot.war
└── usage_examples.pdf
/BappDescription.html:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/BappDescription.html
--------------------------------------------------------------------------------
/Blind_detection_of_path_traversal-vulnerable_file_uploads.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Blind_detection_of_path_traversal-vulnerable_file_uploads.pdf
--------------------------------------------------------------------------------
/Java/build.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/build.xml
--------------------------------------------------------------------------------
/Java/manifest.mf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/manifest.mf
--------------------------------------------------------------------------------
/Java/psychoPATH.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/psychoPATH.jar
--------------------------------------------------------------------------------
/Java/src/burp/BinaryPayloadIssue.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/BinaryPayloadIssue.java
--------------------------------------------------------------------------------
/Java/src/burp/BuildUnencodedRequest.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/BuildUnencodedRequest.java
--------------------------------------------------------------------------------
/Java/src/burp/BurpExtender.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/BurpExtender.java
--------------------------------------------------------------------------------
/Java/src/burp/DirectScannerCheck.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/DirectScannerCheck.java
--------------------------------------------------------------------------------
/Java/src/burp/Menu.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/Menu.java
--------------------------------------------------------------------------------
/Java/src/burp/PsychoPATHScannerCheck.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/PsychoPATHScannerCheck.java
--------------------------------------------------------------------------------
/Java/src/burp/PsychoPATHScannerIssue.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/burp/PsychoPATHScannerIssue.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/IntruderPayloadGenerator.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/IntruderPayloadGenerator.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/IntruderPayloadGeneratorByte.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/IntruderPayloadGeneratorByte.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/PayloadFactory.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/PayloadFactory.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/PsychoPATH.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/PsychoPATH.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/PsychoPanel2.form:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/PsychoPanel2.form
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/PsychoPanel2.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/PsychoPanel2.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/PsychoTab.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/PsychoTab.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/SimpleDocumentListener.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/SimpleDocumentListener.java
--------------------------------------------------------------------------------
/Java/src/uk/co/pentest/psychoPayload.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/Java/src/uk/co/pentest/psychoPayload.java
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/LICENSE
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/README.md
--------------------------------------------------------------------------------
/TODO:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/TODO
--------------------------------------------------------------------------------
/logo_by_Sponge_Nutter.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/logo_by_Sponge_Nutter.png
--------------------------------------------------------------------------------
/perl/README:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/perl/README
--------------------------------------------------------------------------------
/perl/get_docroots.pl:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/perl/get_docroots.pl
--------------------------------------------------------------------------------
/perl/sample_results.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/perl/sample_results.txt
--------------------------------------------------------------------------------
/screenshots/after_propagation.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/after_propagation.png
--------------------------------------------------------------------------------
/screenshots/docroot_groups.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/docroot_groups.png
--------------------------------------------------------------------------------
/screenshots/first_run.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/first_run.png
--------------------------------------------------------------------------------
/screenshots/intruder_attack_setup.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/intruder_attack_setup.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_one_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_one_1.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_one_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_one_2.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_one_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_one_3.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_one_4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_one_4.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_one_5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_one_5.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_three.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_three.png
--------------------------------------------------------------------------------
/screenshots/lfi_hunting_two.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/lfi_hunting_two.png
--------------------------------------------------------------------------------
/screenshots/new_ui.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui.png
--------------------------------------------------------------------------------
/screenshots/new_ui2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui2.png
--------------------------------------------------------------------------------
/screenshots/new_ui3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui3.png
--------------------------------------------------------------------------------
/screenshots/new_ui4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui4.png
--------------------------------------------------------------------------------
/screenshots/new_ui5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui5.png
--------------------------------------------------------------------------------
/screenshots/new_ui6.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui6.png
--------------------------------------------------------------------------------
/screenshots/new_ui7.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/new_ui7.png
--------------------------------------------------------------------------------
/screenshots/payload_generators.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/payload_generators.png
--------------------------------------------------------------------------------
/screenshots/payload_one_setting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/payload_one_setting.png
--------------------------------------------------------------------------------
/screenshots/payload_two_setting.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/payload_two_setting.png
--------------------------------------------------------------------------------
/screenshots/propagate.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/propagate.png
--------------------------------------------------------------------------------
/screenshots/results_0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/results_0.png
--------------------------------------------------------------------------------
/screenshots/results_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/results_1.png
--------------------------------------------------------------------------------
/screenshots/verification_case_2_step_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_2_step_1.png
--------------------------------------------------------------------------------
/screenshots/verification_case_2_step_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_2_step_2.png
--------------------------------------------------------------------------------
/screenshots/verification_case_2_step_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_2_step_3.png
--------------------------------------------------------------------------------
/screenshots/verification_case_3_step_1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_3_step_1.png
--------------------------------------------------------------------------------
/screenshots/verification_case_3_step_2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_3_step_2.png
--------------------------------------------------------------------------------
/screenshots/verification_case_3_step_3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_case_3_step_3.png
--------------------------------------------------------------------------------
/screenshots/verification_step1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_step1.png
--------------------------------------------------------------------------------
/screenshots/verification_step2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_step2.png
--------------------------------------------------------------------------------
/screenshots/verification_step3.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_step3.png
--------------------------------------------------------------------------------
/screenshots/verification_step4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/screenshots/verification_step4.png
--------------------------------------------------------------------------------
/test_cases/LFI/eight.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/eight.php
--------------------------------------------------------------------------------
/test_cases/LFI/eleven.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/eleven.php
--------------------------------------------------------------------------------
/test_cases/LFI/five.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/five.php
--------------------------------------------------------------------------------
/test_cases/LFI/four.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/four.php
--------------------------------------------------------------------------------
/test_cases/LFI/nine.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/nine.php
--------------------------------------------------------------------------------
/test_cases/LFI/one.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/one.php
--------------------------------------------------------------------------------
/test_cases/LFI/seven.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/seven.php
--------------------------------------------------------------------------------
/test_cases/LFI/six.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/six.php
--------------------------------------------------------------------------------
/test_cases/LFI/ten.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/ten.php
--------------------------------------------------------------------------------
/test_cases/LFI/three.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/three.php
--------------------------------------------------------------------------------
/test_cases/LFI/two.php:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/LFI/two.php
--------------------------------------------------------------------------------
/test_cases/no_traversal_unusual_webroot/UploadServlet.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/no_traversal_unusual_webroot/UploadServlet.java
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_inside_webroot/UploadServlet.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_inside_webroot/UploadServlet.java
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/META-INF/MANIFEST.MF
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/UploadServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/UploadServlet.class
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/UploadServlet.java:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/UploadServlet.java
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/WEB-INF/UploadServlet.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/WEB-INF/UploadServlet.class
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/WEB-INF/web.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/WEB-INF/web.xml
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/do_war.sh:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/do_war.sh
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/images/404:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/message.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/message.jsp
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/upload.jsp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/upload.jsp
--------------------------------------------------------------------------------
/test_cases/uploadbare_traversal_outside_webroot/uploadbare_traversal_outside_webroot.war:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/test_cases/uploadbare_traversal_outside_webroot/uploadbare_traversal_outside_webroot.war
--------------------------------------------------------------------------------
/usage_examples.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/ewilded/psychoPATH/HEAD/usage_examples.pdf
--------------------------------------------------------------------------------