描述
- 通过读取字典中的关键字,拼接成url,来测试目标站点文件目录结构
代码
- 设置了一个resume参数,如果因为网络等问题导致扫描中断,重新启动扫描时可以将resume设置为上次扫描到的位置,从而继续进行扫描
import queue
import requests
import threading
import sys
AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
EXTENSIONS = [".php", ".bak", ".orig", "inc"]
TARGET = "http://testphp.vulnweb.com"
THREADS = 50
WORDLIST = "/usr/share/wordlist"
def get_words(resume=None):
def extent_words(word):
if "." in word:
words.put(f"/{word}")
else:
words.put(f"/{word}/")
for extension in EXTENSIONS:
words.put(f"/{word}{extension}")
with open(WORDLIST) as f:
raw_words = f.read()
found_resume = False
words = queue.Queue()
for word in raw_words.split():
if resume is not None:
if found_resume:
extent_words(word)
elif word == resume:
found_resume = True
print(f"Resuming wordlist from: {resume}")
else:
extent_words()
return words
def dir_bruter(words):
headers = {'User-Agent': AGENT}
while not words.empty():
url = f"{TARGET}{words.get()}"
try:
r = requests.get(url, headers=headers)
except requests.exceptions.ConnectionError:
sys.stderr.write('x')
sys.stderr.flush()
continue
if r.status_code == 200:
print(f"\nSuccess ({r.status_code}: {url})")
elif r.status_code == 404:
sys.stderr.write(".")
sys.stderr.flush()
else:
print(f"{r.status_code} => {url}")
if __name__ == "__main__":
words = get_words()
print("Press return to continue.")
sys.stdin.readline()
for _ in range(THREADS):
t = threading.Thread(Target=dir_bruter, args=(words,))
t.start()
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
· Pantheons:用 TypeScript 打造主流大模型对话的一站式集成库