Skip to content
/ ptscanner Public

🦖 PTScanner is a powerful tool for detecting Path Traversal and Local File Inclusion (LFI) vulnerabilities. developed as part of the ApachSAL project, it has been fully ported to Node.js, featuring significant enhancements and extended capabilities for modern penetration testing workflows.

www.npmjs.com/package/@odaysec/ptscanner
8 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

opsysdebug/ptscanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github
.github
 
 
assets
assets
 
 
src
src
 
 
README.md
README.md
 
 
hasil.txt
hasil.txt
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
payloads.json
payloads.json
 
 
results.txt
results.txt
 
 

Repository files navigation

PTScanner - Advanced Path Traversal Vulnerability Scanner

Node.js npm version npm downloads License GitHub Issues GitHub Stars

PTScanner adalah alat profesional untuk mendeteksi kerentanan Path Traversal/Local File Inclusion (LFI), di-porting dari ApachSAL versi Python ke Node.js dengan berbagai peningkatan performa dan fitur.

Fitur Utama

  • 20+ Payload Spesifik - Koleksi payload Path Traversal yang terus diperbarui
  • Deteksi Akurat - Menggunakan pola regex dan signature khusus
  • Multi-Platform - Mendeteksi kerentanan di Unix, Windows, dan aplikasi web
  • CLI Powerful - Antarmuka command-line yang mudah digunakan
  • Output Terstruktur - Hasil scan dalam format yang mudah dibaca

Instalasi

Instalasi Global (Direkomendasikan):

npm install -g ptscanner

Instalasi Lokal:

npm install ptscanner

Via GitHub:

git clone https://github.com/odaysec/ptscanner.git
cd ptscanner
npm install
npm link

Penggunaan Dasar

Scan target URL:

ptscanner scan --url "http://target.com/vulnerable.php?file=" --output hasil.txt

Opsi Command:

Opsi Deskripsi Default
-u, --url URL target (harus mengandung parameter) Required
-o, --output File output untuk menyimpan hasil results.txt
-v, --verbose Mode verbose (debugging) false

Demo Penggunaan

Scan dasar dengan output default:

ptscanner scan -u "http://example.com/page.php?document="

Scan dengan output custom:

ptscanner scan -u "http://testphp.vulnweb.com/showimage.php?file=" -o lfi_results.txt

Demo Output:

[+] Memulai scan: http://testphp.vulnweb.com/showimage.php?file=
[+] Memuat 20 payload...
[✔] VULN: Basic Directory Traversal (Unix) - Status: 200
[✔] VULN: Null Byte Injection - Status: 200

Scan selesai! Hasil disimpan di: lfi_results.txt

Format Output

File output akan berisi:

[VULNERABILITY FOUND]
URL: http://testphp.vulnweb.com/showimage.php?file=../../../../etc/passwd
Payload: Basic Directory Traversal (Unix)
Status Code: 200
Detection Pattern: root:x:

---
[VULNERABILITY FOUND] 
URL: http://testphp.vulnweb.com/showimage.php?file=....//....//....//....//etc/passwd
Payload: Double Encoding
Status Code: 200
Detection Pattern: root:x:

Customisasi Payload

Anda dapat menambahkan payload custom dengan mengedit file payloads.json:

{
  "name": "Custom Payload",
  "path": "custom/traversal/payload",
  "pattern": "custom_pattern"
}

Lisensi

Proyek ini dilisensikan di bawah MIT License.

Star History Chart

About

🦖 PTScanner is a powerful tool for detecting Path Traversal and Local File Inclusion (LFI) vulnerabilities. developed as part of the ApachSAL project, it has been fully ported to Node.js, featuring significant enhancements and extended capabilities for modern penetration testing workflows.

www.npmjs.com/package/@odaysec/ptscanner

Topics

vulnerability-detection directory-traversal lfi-exploitation lfi-detection path-traversal-exploitation ptscanner

Resources

Readme
Activity

Stars

8 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Sponsor this project

Packages

No packages published

Languages