- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Vailyn is a multi-phased vulnerability analysis and exploitation tool for path traversal/directory climbing vulnerabilities. It is built to make it as performant as possible and to offer a wide arsenal of filter evasion techniques.
How does it work?
Vailyn operates in 2 phases. First, it checks if the vulnerability is present. It does so by trying to access /etc/passwd, with all of its evasive payloads. Analyzing the response, payloads that worked are separated from the others.
Why phase separation?
The separation in several phases is new in this version. It is done to hugely improve the performance of the tool. In previous versions, every file-directory combination was checked with every payload. This resulted in a huge overhead due to payloads being always used again, despite they are not working for the current server.
Changelog v1.5.1-3
[New Features]
Tor support now for Windows, too. Tor service must be started manually beforehand.
[Bug Fixes]
fixed an issue on Windows, where the tool would crash for targets with custom port or BasicAuth, because : is not an allowed directory character
fixed terminal output flood during attack by providing an extra progress function
color output should work now on Windows, please report back if it still doesn’t