攻防世界Web新手入门常用工具-dirsearch-Web路径扫描器-暴力破解Web服务器中的目录和文件
Dirsearch是一种成熟的命令行工具,旨在暴力破解Web服务器中的目录和文件。 相应的压缩包可在博主的资源中下载。
其中python代码如下:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
# Author: Mauro Soria
import os
import sys
if sys.version_info < (3, 0):
sys.stdout.write("Sorry, dirsearch requires Python 3.x\n")
sys.exit(1)
from lib.core import ArgumentParser
from lib.controller import Controller
from lib.output import CLIOutput, PrintOutput
class Program(object):
def __init__(self):
self.script_path = os.path.dirname(os.path.realpath(__file__))
self.arguments = ArgumentParser(self.script_path)
if self.arguments.quiet:
self.output = PrintOutput(self.arguments.color)
else:
self.output = CLIOutput(self.arguments.color)
self.controller = Controller(self.script_path, self.arguments, self.output)
if __name__ == "__main__":
main = Program()
以几道题目为例(随手开的容器):
在该脚本所在路径框中输入cmd打开终端后调用脚本。
第一题:
输入扫描参数和待扫描URL(网址),通过扫描后我们在子目录中发现了一个robots.txt
在URL中通过/访问他可以得到一个提示。
继续访问即可得到flag。
cyberpeace{48bd679fb223b8c69334e753d384d10b}
第二题:
这里给出常见的备份文件后缀名有: .git .svn .swp .svn .~ .bak .bash_history
扫描此网址,得到/index.php.bak。
访问此网址,得到文件下载。
下载完成后通过VSC打开。
得到flag。
Cyberpeace{855A1C4B3401294CB6604CCC98BDE334}