Skip to main content

Asynchronous path traversal mutation fuzzer

Project description

Ptmap img Logo An asynchronous path traversal fuzzer for discovering and testing path traversal vulnerabilities in web applications.

Ptmap

GitHub Release

ptmap is a powerful command-line tool designed for security professionals and penetration testers to identify path traversal vulnerabilities through intelligent payload generation and fuzzing. Built with Python 3.10+, it leverages async/await patterns for high-performance concurrent testing across multiple targets.

Features

  • 🚀 Asynchronous Fuzzing: Concurrent worker threads for efficient vulnerability testing
  • 🎯 Multiple Input Methods: Direct URLs, file-based target lists, or piped input
  • 🧬 Flexible Payload Generation: Built-in and custom payload mutators
  • 🔧 Configurable Traversal: Adjustable depth and payload size parameters
  • 🛡️ Multi-Platform Support: Optimized payloads for Linux and Windows targets
  • 📊 Rich CLI Output: Beautiful terminal output with real-time results

Installation

pip install ptmap

Requirements:

  • Python 3.10+
  • aiohttp >= 3.9.0
  • rich >= 13.0.0
  • typer >= 0.12.0
  • pyfiglet >= 1.0.0

Quick Start

Basic Usage

# Test a single URL
ptmap https://site.com/page?file=img.png

# Test multiple targets from a file
ptmap urls.txt

# Pipe targets from another tool
cat urls.txt | ptmap
katana https://example.com | ptmap

Usage Guide

Command Syntax

Usage: ptmap [OPTIONS] [TARGET]

Arguments:
  [TARGET]  Target URL or file containing newline-separated target URLs
            (e.g.: https://example.com:8080 or targets.txt)

Options

Option Short Type Default Description
--custom-payloads -cp TEXT - Path to a custom payload file. If omitted, built-in payload generation is used
--size -s INTEGER - Request payload size
--threads -t INTEGER 10 Number of concurrent worker threads
--max-depth -md INTEGER 10 Maximum traversal depth for payload generation
--platform -pf linux|windows linux Target operating system
--payloads -p TEXT traverse,urlencode Comma-separated list of payload mutators
--help - - - Show help message

Available Payload Mutators

  • traverse: Basic path traversal patterns
  • urlencode: URL encoding mutations
  • double_urlencode: Double URL encoding
  • overlong_utf8: UTF-8 encoding variations
  • nested_slashes: Nested slash patterns
  • encode_dots: Dot encoding mutations
  • nullbyte: Null byte injection
  • direct_path: Direct path patterns
  • all: Enable all available mutators

Input Methods

Method Example Description
Direct URL ptmap https://site.com/page?file=img.png Test a single target URL
File Input ptmap urls.txt Test targets from a newline-separated file
Piped Input cat urls.txt | ptmap Receive targets from stdin
Piped Tools katana https://example.com | ptmap Integrate with other security tools

Examples

Basic Path Traversal Test

ptmap https://vulnerable-site.com/download?file=document.pdf

Advanced Fuzzing with Custom Settings

ptmap targets.txt \
  --threads 20 \
  --max-depth 15 \
  --payloads all \
  --platform windows

Using Custom Payloads

ptmap https://example.com \
  --custom-payloads custom_payloads.txt \
  --threads 15

Integration with Reconnaissance Tools

# Find endpoints with katana, then fuzz with ptmap
katana -u https://example.com -d 3 | ptmap --threads 25

# Combine with URL filtering
cat urls.txt | grep "/download" | ptmap --payloads all

Targeting Windows Systems

ptmap windows_targets.txt \
  --platform windows \
  --max-depth 12

Configuration

Custom Payload File Format

Create a custom payload file with newline-separated payloads:

../../../etc/passwd
..\\..\\..\\windows\\system32\\config\\sam
%2e%2e%2f%2e%2e%2fetc%2fpasswd

Requirements

  • Python: 3.10 or higher
  • aiohttp: Asynchronous HTTP client library
  • rich: Terminal output formatting
  • typer: CLI framework
  • pyfiglet: ASCII art generation

License

This project is licensed under the GNU General Public License v3 (GPLv3) - see the LICENSE file for details.

Author

AmianDevSec
Email: amiandevsec@gmail.com

Support & Community

If you find ptmap helpful in your security research, consider supporting the project:

  • Star the repository on GitHub to show appreciation
  • 🐛 Report bugs and suggest features via GitHub Issues
  • 🔀 Contribute improvements through pull requests
  • 📝 Share feedback and use cases with the community
  • 💬 Engage in discussions to help improve the tool

Your feedback and contributions help make ptmap better for everyone!


Disclaimer: This tool is intended for authorized security testing and educational purposes only. Unauthorized access to computer systems is illegal. Always obtain proper authorization before testing.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ptmap-1.1.0.tar.gz (50.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ptmap-1.1.0-py3-none-any.whl (38.4 kB view details)

Uploaded Python 3

File details

Details for the file ptmap-1.1.0.tar.gz.

File metadata

  • Download URL: ptmap-1.1.0.tar.gz
  • Upload date:
  • Size: 50.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ptmap-1.1.0.tar.gz
Algorithm Hash digest
SHA256 3d35a42de384db5360074ba6b79247282909137699edbc6000f217402912b93c
MD5 e280e232c08f9bcb161754b292256517
BLAKE2b-256 f5e6c035f311a728f35692440a66bb08172821bcc2c22d73df7303c3e45ea5a6

See more details on using hashes here.

Provenance

The following attestation bundles were made for ptmap-1.1.0.tar.gz:

Publisher: python-publish.yml on AmianDevSec/ptmap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ptmap-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: ptmap-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 38.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ptmap-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 ffcd29d13a8b9a96efd39dff95014133bfd2dc761b83230d4a20748e4b8ae979
MD5 dbcc47e9e9ffc757d922aef31fa730d3
BLAKE2b-256 eb35f514da44062e8fe54b09338ce983adeb0b66888b2d55bc887347ae3c013b

See more details on using hashes here.

Provenance

The following attestation bundles were made for ptmap-1.1.0-py3-none-any.whl:

Publisher: python-publish.yml on AmianDevSec/ptmap

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page