Ivan Marković

Security consultant and researcher

Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company.

Contact via Linkedin or read interesting staff on Twitter.

DFF (Default files and folders) Scanner

One of Best Path traversal and PRL attack tools by TS/SCI Security (year 2008). Also tool is included on BackTrack 4 and OWASP Phoenix/Tools Project.

-= Description:

DFF (Default File & Folder) scanner is tool for finding path of predictable resource 
locations, that is common names of files and folders on web servers.
There is many options that can help in scanning like: detecting error pages, proxy 
usage, distionary attack, etc ...

DFF is writen in PHP and have two script files. The first one (dff.main.class.php) 
is main class with all logic and second one (dff.files.class.php) is extension
for files scanning. DFF scanner needs cURL library for working.

Download from here: http://security-net.biz/files/dff/DFF.zip. Readme file: http://security-net.biz/files/dff/dff-scanner-readme.txt.

http://www.tssci-security.com/archives/2008/01/23/day-10-itsm-vulnerability-assessment-techniques/
https://www.owasp.org/index.php/Phoenix/Tools#HTTP_general_testing_.2F_fingerprinting
https://www.backtrack-linux.org/
https://github.com/Ivan-Markovic/DFF

Ivan Marković

DFF (Default files and folders) Scanner

DFF Scanner