DAVTest

DAVTest is designed for penetration testers to quickly assess the exploitability of WebDAV enabled servers. The tool uploads test files with different extensions such as .asp, .cgi, .txt, .pl, .jsp, .cfm, .aspx, .jhtml, .php, .html, and .shtml, then verifies if these files can be executed on the server. This helps identify misconfigurations that could allow remote code execution or other malicious actions directly on the target.

Use cases include security assessments of web servers with WebDAV enabled, identifying dangerous file upload permissions, and discovering servers that execute unexpected file types. The tool creates a temporary directory on the target, uploads test files, and optionally cleans up afterwards.

It provides detailed output showing which file types can be uploaded (PUT SUCCEED/FAIL) and which can be executed (EXEC SUCCEED/FAIL), making it easy to spot vulnerabilities.

DAVTest establishes a connection to the WebDAV server using the HTTP DAV protocol. It creates a unique temporary directory (e.g., DavTestDir_B0yG9nhdFS8gox) via MKCOL, then attempts to PUT upload test files with various extensions containing harmless content. After uploads, it checks for execution by attempting to access the uploaded files via GET or other methods to see if the server processes them as executables. Results are summarized showing successful PUT and EXEC operations with full URLs.