利用 python 实现对web服务器的目录探测

一、python
Python是一种解释型、面向对象、动态数据类型的高级程序设计语言。
python 是一门简单易学的语言,并且功能强大也很灵活,在渗透测试中的应用广泛,让我们一起打造属于自己的渗透测试工具

二、web服务器的目录探测脚本打造

1、在渗透时如果能发现web服务器中的webshell,渗透是不是就可以变的简单一点尼
通常情况下御剑深受大家的喜爱,但是今天在测试的时候webshell不知道为什么御剑扫描不到
仔细查看是webshell有防爬功能,是检测User-Agent头,如果没有就回返回一个自己定义的404页面 利用 python 实现对web服务器的目录探测

1、先来看看工具效果
利用 python 实现对web服务器的目录探测

2、利用python读取扫描的目录字典

def get_url(path): with open(path, "r", encoding='ISO-8859-1') as f: for url in f.readlines(): url_list.append(url.strip()) return url_list

3、利用 python 的 requests 库对web目标服务器进行目录探测

  1.  
    def Go_scan(url):
  2.  
        while not queue.empty():
  3.  
            url_path = queue.get(timeout=1)
  4.  
            new_url = url + url_path
  5.  
            res = requests.get(new_url, headers=headers, timeout=5)
  6.  
            #print(res.status_code)
  7.  
            status_code = "[" + str(res.status_code) + "]"
  8.  
            if str(res.status_code) != "404":
  9.  
                print(get_time(), status_code, new_url)

4、利用 python 的 threading 库对探测进行线程的设置

  1.  
    def thread(Number,url):
  2.  
        threadlist = []
  3.  
        for pwd in url_list:
  4.  
            queue.put(pwd)
  5.  
     
  6.  
        for x in range(Number):
  7.  
            t = threading.Thread(target=Go_scan, args=(url,))
  8.  
            threadlist.append(t)
  9.  
     
  10.  
        for t in threadlist:
  11.  
            t.start()

5、利用 python 的 argparse 库进行对自己的工具进行封装

  1.  
    def main():
  2.  
        if len(sys.argv) == 1:
  3.  
            print_banner()
  4.  
            exit(1)
  5.  
     
  6.  
        parser = argparse.ArgumentParser(
  7.  
            formatter_class=argparse.RawTextHelpFormatter,
  8.  
            epilog='''\
  9.  
    use examples:
  10.  
      python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  11.  
      python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  12.  
      ''')
  13.  
        parser.add_argument("-u","--url", help="scan target address", dest='url')
  14.  
        parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
  15.  
        parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
  16.  
            dest="Dictionaries")

总结
各位大哥有意见或者建议尽管提,文章哪里不对的话会改的,小弟定会虚心学习最后附上全部源码供大佬指教

  1.  
    #!/usr/bin/python
  2.  
    # -*- coding: utf-8 -*-
  3.  
     
  4.  
    import requests
  5.  
    import threading
  6.  
    import argparse,sys
  7.  
    import time,os
  8.  
    from queue import Queue
  9.  
     
  10.  
    url_list = []
  11.  
    queue = Queue()
  12.  
     
  13.  
    headers = {
  14.  
        'Connection':'keep-alive',
  15.  
        'Accept':'*/*',
  16.  
        'Accept-Language': 'zh-CN',
  17.  
        'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0'
  18.  
    }
  19.  
     
  20.  
    def print_banner():
  21.  
        banner = r"""
  22.  
        .___.__            __________________     _____    _______  
  23.  
      __| _/|__|_______   /   _____/\_   ___ \   /  _  \   \      \ 
  24.  
     / __ | |  |\_  __ \  \_____  \ /    \  \/  /  /_\  \  /   |   \
  25.  
    / /_/ | |  | |  | \/  /        \\     \____/    |    \/    |    \
  26.  
    \____ | |__| |__|    /_______  / \______  /\____|__  /\____|__  /
  27.  
         \/                      \/         \/         \/         \/
  28.  
     
  29.  
    [*] Very fast directory scanning tool.
  30.  
    [*] try to use -h or --help show help message
  31.  
        """
  32.  
        print(banner)
  33.  
     
  34.  
    def get_time():
  35.  
        return '[' + time.strftime("%H:%M:%S", time.localtime()) + '] '
  36.  
     
  37.  
    def get_url(path):
  38.  
        with open(path, "r", encoding='ISO-8859-1') as f:
  39.  
            for url in f.readlines():
  40.  
                url_list.append(url.strip())
  41.  
            return url_list
  42.  
     
  43.  
     
  44.  
    def Go_scan(url):
  45.  
        while not queue.empty():
  46.  
            url_path = queue.get(timeout=1)
  47.  
            new_url = url + url_path
  48.  
            res = requests.get(new_url, headers=headers, timeout=5)
  49.  
            #print(res.status_code)
  50.  
            status_code = "[" + str(res.status_code) + "]"
  51.  
            if str(res.status_code) != "404":
  52.  
                print(get_time(), status_code, new_url)
  53.  
     
  54.  
    def thread(Number,url):
  55.  
        threadlist = []
  56.  
        for pwd in url_list:
  57.  
            queue.put(pwd)
  58.  
     
  59.  
        for x in range(Number):
  60.  
            t = threading.Thread(target=Go_scan, args=(url,))
  61.  
            threadlist.append(t)
  62.  
     
  63.  
        for t in threadlist:
  64.  
            t.start()
  65.  
     
  66.  
     
  67.  
    def main():
  68.  
        if len(sys.argv) == 1:
  69.  
            print_banner()
  70.  
            exit(1)
  71.  
     
  72.  
        parser = argparse.ArgumentParser(
  73.  
            formatter_class=argparse.RawTextHelpFormatter,
  74.  
            epilog='''\
  75.  
    use examples:
  76.  
      python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  77.  
      python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  78.  
      ''')
  79.  
        parser.add_argument("-u","--url", help="scan target address", dest='url')
  80.  
        parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
  81.  
        parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
  82.  
            dest="Dictionaries")
  83.  
        args = parser.parse_args()
  84.  
        Number =args.thread
  85.  
        url = args.url
  86.  
        url_path = args.Dictionaries
  87.  
        print_banner()
  88.  
        get_url(url_path)
  89.  
        print(get_time(), "[INFO] Start scanning----\n")
  90.  
        time.sleep(2)
  91.  
        thread(Number,url)
  92.  
     
  93.  
    if __name__ == '__main__':
  94.  
        main()
上一篇:Python +selenium自动化环境的搭建


下一篇:滚动轮播效果,.net 没得混看来只能去写js 了