🕳️ Directory Traversal Tester – AutoPentesting Recon

A modular and automation-friendly framework for directory traversal vulnerability testing. It combines recon, GPT-powered payload generation, login-aware fuzzing, and detailed reporting—all in one tool with both CLI and GUI support.

---

🔧 Features

• 🔍 Contextual Reconnaissance — Crawls the target for environment context (OS, server type, inputs)
• 🤖 LLM-Based Payload Generation — Uses fine-tuned GPT models to generate traversal payloads
• 🧼 Post-Processing — Cleans and adapts payloads to the target structure
• 🔐 Login-Aware Fuzzing — Supports session-based fuzzing using credentials
• 📊 Report Generation — Generates structured reports in JSON
• 💡 Recommendations — Provides remediation suggestions
• 🖥️ Interactive CLI and Argument-Based CLI
• ✅ Pytest-Ready with CI Integration

---

📁 Project Structure

traversal_tester/
├── cli_args.py               # CLI that accepts command-line arguments
├── main.py                   # Interactive CLI (no args)
├── recon.py                  # Crawler + Context builder
├── payload_gen.py            # GPT-based payload generator
├── payload_postprocess.py    # Payload cleaner/enhancer
├── fuzzer.py                 # Login + Fuzzing logic
├── reporter.py               # Generates JSON reports
├── recommender.py            # Suggests fixes based on findings

tests/
└── test_smoke_scan.py        # End-to-end test with monkeypatched modules

.github/
└── workflows/
    └── ci.yml                # GitHub Actions CI workflow

---

🛠️ Installation

git clone https://github.com/yourusername/autopentesting-recon.git
cd autopentesting-recon
python -m venv venv
source venv/bin/activate  # or venv\Scripts\activate on Windows
pip install -r requirements.txt
pip install -e .

---

🚀 Usage

🟢 Interactive CLI

Launch and fill in each field interactively:

python -m traversal_tester.main

⚡ Argument-Based CLI

Run a full scan with one command:

python -m traversal_tester.cli_args \
  http://localhost:8000 \
  --model-dir finetuned_gpt_v2 \
  --num-payloads 5 \
  --max-pages 3 \
  --threads 2 \
  --timeout 5 \
  --username admin \
  --password admin

---

✅ Testing

Run unit and smoke tests:

pytest

Monkeypatched tests simulate recon, payload generation, login, fuzzing, and reporting.

---

🔁 CI/CD (GitHub Actions)

This project includes a CI pipeline under:

.github/workflows/ci.yml

📋 Pipeline Steps

1. Checkout Repo
2. Set up Python 3.10
3. Install Dependencies
4. Run Tests using Pytest

Static analysis (e.g. Ruff, Bandit, Black) not yet implemented

---

📦 Requirements

• Python 3.10+
• Dependencies:
  • click
  • transformers
  • torch
  • requests
  • dash
  • pytest

Install them with:

pip install -r requirements.txt

---

📊 Output

• ✅ Report: Saved as JSON in the root folder
• 💡 Recommendations: Printed in console after report generation

---

👤 Author

Muhammad Wasif
BSc Computer Science, ITU

---

🛡️ Disclaimer

This tool is intended for educational and authorized penetration testing only. Do not use on systems you do not own or have explicit permission to test.

---

📮 Feedback

Feel free to open issues or contribute pull requests to improve the framework.