performing-directory-traversal-testing

What problem does it solve?

This Skill helps security testers identify and verify directory traversal and Local File Inclusion (LFI) vulnerabilities by exercising file-related parameters, detecting file content indicators, and demonstrating possible escalation paths such as log poisoning and PHP wrapper abuse.

Core Features & Use Cases

• Automated payload testing: Injects a wide range of traversal payloads (plain, encoded, double-encoded, UTF-8 overlong, Windows backslashes) against detected file parameters.
• Bypass and escalation techniques: Tests null-byte injection, path truncation, PHP wrapper protocols, and log poisoning approaches to escalate LFI to remote code execution where possible.
• Evidence-driven reporting: Captures response indicators (e.g., /etc/passwd patterns, win.ini markers), generates a concise report, and includes suggestions for remediation.
• Use Case: Authorized penetration testers or red teamers audit download/view/include endpoints and APIs that accept file or path arguments to discover exposed configuration, credentials, or executable inclusion paths.

Quick Start

Run the agent against a target URL containing a file parameter to automatically test traversal payloads, wrappers, and null-byte bypasses and receive a summarized evidence report.