Hi there,
I’m working on fidb - a file inclusion database tool. It allows you to harvest paths from owned systems (e.g. HTB machines), save them and query for them using specific filters like “only windows paths”, or “paths containing passwords”, or “apache2 paths”.
Let’s say you have a file inclusion vulnerability that only works with relative paths, but you know you’re in /var/www/html
- you can use fidb to automatically make the queried paths relative to your current directory.
More things you can do with fidb:
- query for windows paths with an .exe extension
- query for linux paths in the
/etc
directory but in the format of “{path}%00” - query for paths relative to
/var/www/html
- …
If you’re interested you can check it out on Github:
Thanks and happy hacking!