Path Traverser is a Python based tool for security testing of web applications. It operates as a middleman between your web application to its host server, giving you the abillity to test the actual files as found in your host server against the application, according to their relevant path.
Lets say that your application could be found at: http://mysrvr:777/home/ and the application files could be found in the file system under: /myapps/demoapp/client/version/lastversion/. After entering these details, you are ready to go! Each file in the files system will receive its relevant path, so the files under /myapps/demoapp/client/version/1.1/ will be sent as: http://mysrvr:777/home/../1.1/ and requests for files under /myapp/differentapp/files/ will be sent as: http://mysrvr:777/home/../../../../differentapp/files/, etc.
Done! now switch to the Results Tab and see where the holes are...
© Tal Melamed