Analysis updated 2026-07-04 · repo last pushed 2026-06-30
Test your web app to confirm users cannot access protected files through manipulated paths.
Run a quick security check on a website to find path traversal vulnerabilities before attackers do.
Verify that file-download features in your application properly restrict access to authorized files only.
| michael-reissp/path-traversal-scan | 0xhassaan/nn-from-scratch | a-little-hoof/dsr | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | Python | Python | Python |
| Last pushed | 2026-06-30 | — | — |
| Maintenance | Active | — | — |
| Setup difficulty | easy | moderate | hard |
| Complexity | 2/5 | 4/5 | 5/5 |
| Audience | developer | developer | researcher |
Figures from each repo's GitHub metadata at analysis time.
Requires Python and one external web requests library, which can be installed with pip in a single command.
Path Traversal Scanner is a security testing tool that checks whether a website has a common vulnerability called "path traversal." This flaw lets attackers trick a web application into revealing files it shouldn't, such as sensitive system files. For anyone running a website or building a web app, using a tool like this helps you find and fix that security hole before malicious hackers can exploit it. The tool works by sending a series of automated test inputs to a web address you provide. These test inputs try to manipulate the website's file paths, essentially asking the site to hand over protected files like the classic Unix password file. You give the scanner a target web address, tell it how many test attempts to make, and specify what success looks like, such as a particular response code the server gives when it successfully finds a file. It then systematically tries different path manipulations, adjusting how deep into the directory structure it reaches, up to 30 levels. This would be useful for security auditors, developers testing their own applications, or anyone responsible for a website's safety who wants to verify that their file-access controls are working properly. For example, if you have a web app that lets users download files, you could run this tool to confirm that a clever user couldn't type a manipulated path and access something off-limits. The project is built in Python and relies on a single external library for making web requests. It's a straightforward, focused tool, described by its author as an early project, that does one specific job rather than trying to be a comprehensive security suite. The README doesn't go into detail about advanced features like generating reports or handling authentication, so it's best suited for quick, targeted checks rather than deep security audits.
A Python tool that scans websites for path traversal vulnerabilities by sending automated test requests that try to access protected files. It helps developers and security auditors find and fix this common security flaw before attackers can exploit it.
Mainly Python. The stack also includes Python.
Active — commit in last 30 days (last push 2026-06-30).
No license information is provided in the repository, so usage rights are unclear.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.