利用Request模块遍历网站目录
import requests #这是这个程序中最主要的Python第三方模块
import os
import sys
import threading #引入多线程以加快遍历的速度
import termcolor # 显示更加多彩
class DirectoryBruteforcer: #利用基于对象的开发思想
"""
args:
target_url: 目标网站的起始URL
filepath: 目录名称字典,Kali Linux本身带有很多这样的字典可以利用
"""
def __init__(self, target_url, filepath):
if target_url.endswith('/'):
self.target_url = target_url
else:
self.target_url = target_url + '/' #如果用户输入的URL没有包含/则加上去
if not self.target_url.startswith('http://'):
self.target_url = "http://" + self.target_url #如果用户输入的起始URL没有http://,则添加上去
self.filepath = filepath
def access_url(self, url):
try:
response = requests.get(url)
print(termcolor.colored("Directory Found: %s" % url, 'blue'))
except requests.exceptions.ConnectionError:
pass #如果连接错误,那么表明该目录在网站上不存在
def brute_forcer(self):
try:
with open(self.filepath, 'r') as f:
for line in f.readlines():
url = self.target_url + line.strip()
t = threading.Thread(target=self.access_url, args=(url,))
t.start()
except KeyboardInterrupt:
print("Exit the program...")
sys.exit()
if __name__ == '__main__':
banner = """
****************************
Web Brute Forcer By Jason
****************************
"""
print(banner)
target_url = input("Enter URL of Target to Walk Through: ") # start url of target web application
if target_url is None:
print("Enter correct url of target!") # if user doesn't input anything, then exits the program
sys.exit()
filepath = input("Enter Path of Directory Name List: ")
if not os.path.exists(filepath):
print("Enter correct path of file!") # if the file doesn't exit, then exits the program
print("Exit the program.....")
sys.exit()
directory_bruteforcer = DirectoryBruteforcer(target_url, filepath)
directory_bruteforcer.brute_forcer()
