利用 python 实现对web服务器的目录探测

时间:2022-04-17 23:00:51

一、python
Python是一种解释型、面向对象、动态数据类型的高级程序设计语言。
python 是一门简单易学的语言,并且功能强大也很灵活,在渗透测试中的应用广泛,让我们一起打造属于自己的渗透测试工具

二、web服务器的目录探测脚本打造

1、在渗透时如果能发现web服务器中的webshell,渗透是不是就可以变的简单一点尼
通常情况下御剑深受大家的喜爱,但是今天在测试的时候webshell不知道为什么御剑扫描不到
仔细查看是webshell有防爬功能,是检测User-Agent头,如果没有就回返回一个自己定义的404页面 利用 python 实现对web服务器的目录探测

1、先来看看工具效果
利用 python 实现对web服务器的目录探测

2、利用python读取扫描的目录字典

def get_url(path): with open(path, "r", encoding='ISO-8859-1') as f: for url in f.readlines(): url_list.append(url.strip()) return url_list

3、利用 python 的 requests 库对web目标服务器进行目录探测

  1. def Go_scan(url):
  2.     while not queue.empty():
  3.         url_path = queue.get(timeout=1)
  4.         new_url = url + url_path
  5.         res = requests.get(new_url, headers=headers, timeout=5)
  6.         #print(res.status_code)
  7.         status_code = "[" + str(res.status_code) + "]"
  8.         if str(res.status_code) != "404":
  9.             print(get_time(), status_code, new_url)

4、利用 python 的 threading 库对探测进行线程的设置

  1. def thread(Number,url):
  2.     threadlist = []
  3.     for pwd in url_list:
  4.         queue.put(pwd)
  5.     for x in range(Number):
  6.         t = threading.Thread(target=Go_scan, args=(url,))
  7.         threadlist.append(t)
  8.     for t in threadlist:
  9.         t.start()

5、利用 python 的 argparse 库进行对自己的工具进行封装

  1. def main():
  2.     if len(sys.argv) == 1:
  3.         print_banner()
  4.         exit(1)
  5.     parser = argparse.ArgumentParser(
  6.         formatter_class=argparse.RawTextHelpFormatter,
  7.         epilog='''\
  8. use examples:
  9.   python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  10.   python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  11.   ''')
  12.     parser.add_argument("-u","--url", help="scan target address", dest='url')
  13.     parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
  14.     parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
  15.         dest="Dictionaries")

总结
各位大哥有意见或者建议尽管提,文章哪里不对的话会改的,小弟定会虚心学习最后附上全部源码供大佬指教

  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. import requests
  4. import threading
  5. import argparse,sys
  6. import time,os
  7. from queue import Queue
  8. url_list = []
  9. queue = Queue()
  10. headers = {
  11.     'Connection':'keep-alive',
  12.     'Accept':'*/*',
  13.     'Accept-Language': 'zh-CN',
  14.     'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0'
  15. }
  16. def print_banner():
  17.     banner = r"""
  18.     .___.__            __________________     _____    _______  
  19.   __| _/|__|_______   /   _____/\_   ___ \   /  _  \   \      \ 
  20.  / __ | |  |\_  __ \  \_____  \ /    \  \/  /  /_\  \  /   |   \
  21. / /_/ | |  | |  | \/  /        \\     \____/    |    \/    |    \
  22. \____ | |__| |__|    /_______  / \______  /\____|__  /\____|__  /
  23.      \/                      \/         \/         \/         \/
  24. [*] Very fast directory scanning tool.
  25. [*] try to use -h or --help show help message
  26.     """
  27.     print(banner)
  28. def get_time():
  29.     return '[' + time.strftime("%H:%M:%S", time.localtime()) + '] '
  30. def get_url(path):
  31.     with open(path, "r", encoding='ISO-8859-1') as f:
  32.         for url in f.readlines():
  33.             url_list.append(url.strip())
  34.         return url_list
  35. def Go_scan(url):
  36.     while not queue.empty():
  37.         url_path = queue.get(timeout=1)
  38.         new_url = url + url_path
  39.         res = requests.get(new_url, headers=headers, timeout=5)
  40.         #print(res.status_code)
  41.         status_code = "[" + str(res.status_code) + "]"
  42.         if str(res.status_code) != "404":
  43.             print(get_time(), status_code, new_url)
  44. def thread(Number,url):
  45.     threadlist = []
  46.     for pwd in url_list:
  47.         queue.put(pwd)
  48.     for x in range(Number):
  49.         t = threading.Thread(target=Go_scan, args=(url,))
  50.         threadlist.append(t)
  51.     for t in threadlist:
  52.         t.start()
  53. def main():
  54.     if len(sys.argv) == 1:
  55.         print_banner()
  56.         exit(1)
  57.     parser = argparse.ArgumentParser(
  58.         formatter_class=argparse.RawTextHelpFormatter,
  59.         epilog='''\
  60. use examples:
  61.   python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  62.   python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  63.   ''')
  64.     parser.add_argument("-u","--url", help="scan target address", dest='url')
  65.     parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
  66.     parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
  67.         dest="Dictionaries")
  68.     args = parser.parse_args()
  69.     Number =args.thread
  70.     url = args.url
  71.     url_path = args.Dictionaries
  72.     print_banner()
  73.     get_url(url_path)
  74.     print(get_time(), "[INFO] Start scanning----\n")
  75.     time.sleep(2)
  76.     thread(Number,url)
  77. if __name__ == '__main__':
  78.     main()