Python开发网站目录扫描器的实现

时间:2022-04-20 23:37:33

有人问为什么要去扫描网站目录:懂的人自然懂

这个python脚本的特点:

1.基本完善

2.界面美观(只是画了个图案)

3.可选参数增加了线程数

4.user agent细节处理

5.多线程显示进度

扫描目标:metasploitable linux

代码:webdirscanner.py:

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
# -*- coding:utf-8 -*-
__author__ = "yiqing"
import sys
import threading
import random
from queue import queue
from optparse import optionparser
 
try:
  import requests
except exception:
  print "[!] you need to install requests module!"
  print "[!] usage:pip install requests"
  exit()
 
 
class webdirscan:
  """
  web目录扫描器
  """
 
  def __init__(self, options):
    self.url = options.url
    self.file_name = options.file_name
    self.count = options.count
 
  class dirscan(threading.thread):
    """
    多线程
    """
 
    def __init__(self, queue, total):
      threading.thread.__init__(self)
      self._queue = queue
      self._total = total
 
    def run(self):
      while not self._queue.empty():
        url = self._queue.get()
        # 多线程显示进度
        threading.thread(target=self.msg).start()
        try:
          r = requests.get(url=url, headers=get_user_agent(), timeout=5)
          if r.status_code == 200:
            sys.stdout.write('\r' + '[+]%s\t\t\n' % url)
            # 保存到本地文件,以html的格式
            result = open('result.html', 'a+')
            result.write('<a href="' + url + '" rel="external nofollow" target="_blank">' + url + '</a>')
            result.write('\r\n</br>')
            result.close()
        except exception:
          pass
 
    def msg(self):
      """
      显示进度
      :return:none
      """
      per = 100 - float(self._queue.qsize()) / float(self._total) * 100
      percent = "%s finished| %s all| scan in %1.f %s" % (
        (self._total - self._queue.qsize()), self._total, per, '%')
      sys.stdout.write('\r' + '[*]' + percent)
 
  def start(self):
    result = open('result.html', 'w')
    result.close()
    queue = queue()
    f = open('dict.txt', 'r')
    for i in f.readlines():
      queue.put(self.url + "/" + i.rstrip('\n'))
    total = queue.qsize()
    threads = []
    thread_count = int(self.count)
    for i in range(thread_count):
      threads.append(self.dirscan(queue, total))
    for thread in threads:
      thread.start()
    for thread in threads:
      thread.join()
 
 
def get_user_agent():
  """
  user agent的细节处理
  :return:
  """
  user_agent_list = [
    {'user-agent': 'mozilla/4.0 (mozilla/4.0; msie 7.0; windows nt 5.1; fdm; sv1; .net clr 3.0.04506.30)'},
    {'user-agent': 'mozilla/4.0 (compatible; msie 8.0; windows nt 6.0; en) opera 11.00'},
    {
      'user-agent': 'mozilla/5.0 (x11; u; linux i686; de; rv:1.9.0.2) gecko/2008092313 ubuntu/8.04 (hardy) firefox/3.0.2'},
    {
      'user-agent': 'mozilla/5.0 (x11; u; linux i686; en-gb; rv:1.9.1.15) gecko/20101027 fedora/3.5.15-1.fc12 firefox/3.5.15'},
    {
      'user-agent': 'mozilla/5.0 (x11; u; linux i686; en-us) applewebkit/534.10 (khtml, like gecko) chrome/8.0.551.0 safari/534.10'},
    {'user-agent': 'mozilla/5.0 (x11; u; linux i686; en-us; rv:1.9.0.2) gecko/2008092809 gentoo firefox/3.0.2'},
    {
      'user-agent': 'mozilla/5.0 (x11; u; linux x86_64; en-us) applewebkit/534.10 (khtml, like gecko) chrome/7.0.544.0'},
    {'user-agent': 'opera/9.10 (windows nt 5.2; u; en)'},
    {
      'user-agent': 'mozilla/5.0 (iphone; u; cpu os 3_2 like mac os x; en-us) applewebkit/531.21.10 (khtml, like gecko)'},
    {'user-agent': 'opera/9.80 (x11; u; linux i686; en-us; rv:1.9.2.3) presto/2.2.15 version/10.10'},
    {
      'user-agent': 'mozilla/5.0 (windows; u; windows nt 5.1; ru-ru) applewebkit/533.18.1 (khtml, like gecko) version/5.0.2 safari/533.18.5'},
    {'user-agent': 'mozilla/5.0 (windows; u; windows nt 5.1; ru; rv:1.9b3) gecko/2008020514 firefox/3.0b3'},
    {
      'user-agent': 'mozilla/5.0 (macintosh; u; ppc mac os x 10_4_11; fr) applewebkit/533.16 (khtml, like gecko) version/5.0 safari/533.16'},
    {
      'user-agent': 'mozilla/5.0 (macintosh; u; intel mac os x 10_6_6; en-us) applewebkit/534.20 (khtml, like gecko) chrome/11.0.672.2 safari/534.20'},
    {
      'user-agent': 'mozilla/4.0 (compatible; msie 8.0; windows nt 6.1; wow64; trident/4.0; slcc2; .net clr 2.0.50727; infopath.2)'},
    {'user-agent': 'mozilla/4.0 (compatible; msie 6.0; x11; linux x86_64; en) opera 9.60'},
    {
      'user-agent': 'mozilla/5.0 (macintosh; u; intel mac os x 10_6_2; en-us) applewebkit/533.4 (khtml, like gecko) chrome/5.0.366.0 safari/533.4'},
    {'user-agent': 'mozilla/5.0 (windows nt 6.0; u; en; rv:1.8.1) gecko/20061208 firefox/2.0.0 opera 9.51'}
  ]
 
  return random.choice(user_agent_list)
 
 
def main():
  """
  主函数
  :return: none
  """
  print '''
   ____ _   ____        
  | _ \(_)_ __/ ___| ___ __ _ _ __
  | | | | | '__\___ \ / __/ _` | '_ \
  | |_| | | |  ___) | (_| (_| | | | |
  |____/|_|_| |____/ \___\__,_|_| |_|
 
  welcome to webdirscan
  version:1.0 author: %s
  ''' % __author__
  parser = optionparser('python webdirscanner.py -u <target url> -f <dictionary file name> [-t <thread_count>]')
  parser.add_option('-u', '--url', dest='url', type='string', help='target url for scan')
  parser.add_option('-f', '--file', dest='file_name', type='string', help='dictionary filename')
  parser.add_option('-t', '--thread', dest='count', type='int', default=10, help='scan thread count')
  (options, args) = parser.parse_args()
  if options.url and options.file_name:
    dirscan = webdirscan(options)
    dirscan.start()
    sys.exit(1)
  else:
    parser.print_help()
    sys.exit(1)
 
 
if __name__ == '__main__':
  main()

需要一个字典文件:

我存进去了一些,一部分是确定存在的目录

dict.txt

?
1
2
3
4
5
6
7
index.php
login
dvwa
phpmyadmin
dav
twiki
login.php

结果:得到一个html文件:

?
1
2
3
4
5
6
7
<a href="http://192.168.232.129/twiki" rel="external nofollow" target="_blank">http://192.168.232.129/twiki</a>
 
</br><a href="http://192.168.232.129/index.php" rel="external nofollow" target="_blank">http://192.168.232.129/index.php</a>
 
</br><a href="http://192.168.232.129/phpmyadmin" rel="external nofollow" target="_blank">http://192.168.232.129/phpmyadmin</a>
 
</br>

脚本的使用:

Python开发网站目录扫描器的实现

以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持服务器之家。

原文链接:https://www.cnblogs.com/xuyiqing/p/10313775.html