利用Python线程池模块ThreadPoolExecutor实现网站文件暴力遍历

   本代码需要结合两个字典:

    1. 常见的文件扩展名列表(比如.php, .asp)

    2. 文件名字典

 1 import requests
 2 import sys
 3 import optparse
 4 from concurrent.futures import ThreadPoolExecutor
 5 import os
 6 
 7 
 8 
 9 class WebFilesEnumerator:
10     def __init__(self) -> None:
11         self.url = self.url_prefix_formatter(self.url_suffix_formatter(self.get_params()[0]))
12         self.extensions = self.get_params()[1]
13         self.wordlist = self.get_params()[2]
14         self.headers = {
15             'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0'
16         }
17 
18     def get_params(self):
19         parser = optparse.OptionParser('Usage: < Program > -u website url -e extension file -w file wordlist')
20         parser.add_option('-u', '--url', dest='url', type='string', help='Specify website url to brute force')
21         parser.add_option('-e', '--extension', dest='extensions', type='string', help='Specify extension list ')
22         parser.add_option('-w', '--wordlist', dest='wordlist', type='string', help='Specify wordlist to brue force')
23         options, args = parser.parse_args()
24         if options.url is None or options.extensions is None or options.wordlist is None:
25             print(parser.usage)
26             sys.exit(0)
27         if not os.path.exists(options.extensions):
28             print("Extension file does not exist")
29             sys.exit(0)
30         if not os.path.exists(options.wordlist):
31             print('Wordlist does not exist')
32             sys.exit(0)     
33 
34         return options.url, options.extensions, options.wordlist
35 
36 
37     def url_prefix_formatter(self, url):
38         if url.startswith('http://'):
39             return url
40         elif url.startswith('https://'):
41             return url
42         else:
43             return 'http://' + url
44     
45     def url_suffix_formatter(self,url):
46         if url.endswith('/'):
47             return url
48         else:
49             return url+'/'
50     
51     def request_page(self, url):
52         try:
53             response = requests.get(url=url, headers=self.headers)
54             if response.status_code == 200:
55                 print(url)
56                 
57         except:
58             pass
59     
60 
61     def run(self):
62         with ThreadPoolExecutor(30) as t:
63             with open(self.wordlist, 'r') as wf:
64                 for wline in wf.readlines():
65                     if wline.startswith('#'):
66                         continue
67                     with open(self.extensions, 'r') as ef:
68                         for line in ef.readlines():
69                             filename = wline.strip()+line.strip()
70                             t.submit(self.request_page, url=self.url+filename)
71 
72 
73 
74 if __name__ == '__main__':
75     webbruter = WebFilesEnumerator()
76     webbruter.run()77

 

posted @ 2022-05-29 16:35  Jason_huawen  阅读(72)  评论(0编辑  收藏  举报