Skip to main content

No project description provided

Project description

penterepTools

PTUPLOADER - The Tool for testing uploads in web apps

Installation

pip install ptuploader

Adding to PATH

If you're unable to invoke the script from your terminal, it's likely because it's not included in your PATH. You can resolve this issue by executing the following commands, depending on the shell you're using:

For Bash Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrc

For ZSH Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.zshrc
source ~/.zshrc

Usage examples

PTUPLOADER -u http://example.com/upload.php -r requestfile.txt -P file -s http://www.example.com/uploads/ -ts EXT

Options

-v    --version                       Show script version and exit
-h    --help                          Show this help message and exit
-j    --json                          Output in JSON format
-vv   --verbose                       Enable verbose mode

-ua   --user-agent   <user-agent>     Set User-Agent header
-c    --cookie       <cookie>         Set Cookie(s)
-t    --threads      <threads>        Set thread count (default: 10)
-H    --headers      <header:value>   Set custom header(s)
-p    --proxy        <proxy>          Set Proxy

-u    --url          <url>            Target upload URL
-f    --file         <filename>       File to upload
-sz   --size         <size>           Size of uploaded file
-n    --number       <number>         Number of uploaded files
-e    --extensions   <extensions>     Extensions of uploaded files
-l    --language     <language>       Target language (PHP, ASP, JSP, NET, PY, JS)

-T    --type         <type>           Upload type: MULTIPART (default, others in development)
-ct   --content-type <mimetype>       Content-Type of uploaded file (e.g. image/jpeg)

-r    --request      <request>        Raw request file or base64 request (headers included)
-d    --data         <data>           Custom request data
-P    --parameter    <parameter>      Parameter to test (e.g. file, upload, POST param)

-s    --storage      <url_to_dir>     URL to uploaded files directory
-w    --wordlist     <file>           Custom wordlist file for storage path discovery
-sy   --string-yes   <string>         Required string in response for success
-sn   --string-no    <string>         Forbidden string in response for success

-ts   --tests        <test>           Select test type:
                                     ANTIVIR      Detect antivirus presence
                                     FINDSTORAGE  Find uploaded file via dictionary attack
                                     MAXSIZE      Max file size limit
                                     COUNT        Max file count limit
                                     EXT          Allowed extensions (+ execution test)
                                     CHARS        Allowed filename characters
                                     EXEC         Execution bypass techniques
                                     ADS          Alternate Data Streams
                                     TRAVERSAL    Path traversal vulnerability
                                     CONTENT      File content validation
                                     CT           Content-Type validation
                                     XXE          XXE vulnerability
                                     ZIPBOMB      Zip bomb vulnerability
                                     LISTTYPE     Detect whitelist vs. blacklist extension filtering

Dependencies

ptlibs

External tools

None at this moment.

License

Copyright (c) 2025 Penterep Security s.r.o.

ptuploader is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ptuploader is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with ptuploader. If not, see https://www.gnu.org/licenses/.

Warning

You are only allowed to run the tool against the websites which you have been given permission to pentest. We do not accept any responsibility for any damage/harm that this application causes to your computer, or your network. Penterep is not responsible for any illegal or malicious use of this code. Be Ethical!

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ptuploader-0.0.9.tar.gz (46.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ptuploader-0.0.9-py3-none-any.whl (62.3 kB view details)

Uploaded Python 3

File details

Details for the file ptuploader-0.0.9.tar.gz.

File metadata

  • Download URL: ptuploader-0.0.9.tar.gz
  • Upload date:
  • Size: 46.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptuploader-0.0.9.tar.gz
Algorithm Hash digest
SHA256 3d82820d25796143d4fbb0904683a002a0d84591a4ba18dc9e538d1f5c7b075f
MD5 27d84d041b4570d769ca0e615842e5b7
BLAKE2b-256 d81dc5bc31182ced5bca6ac68e4615f28f306aff51f5a5919ec2fd93c3235a69

See more details on using hashes here.

File details

Details for the file ptuploader-0.0.9-py3-none-any.whl.

File metadata

  • Download URL: ptuploader-0.0.9-py3-none-any.whl
  • Upload date:
  • Size: 62.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.13

File hashes

Hashes for ptuploader-0.0.9-py3-none-any.whl
Algorithm Hash digest
SHA256 9ddb4c498fb0c506dbdca2daef5b0ec0de92ddfddbc5d9679a30f7a1e00564dd
MD5 4ba534640ceea675d22b28ba61b131ba
BLAKE2b-256 f0cbd8e94923a3cdcfb1c7350186e44bea1a7acc6dda4203d1442f5c7aa3ec5c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page