利用 python 實現對web服務器的目錄探測

1、python Python是一種解釋型、面向對象、動態數據類型的高級程序設計語言。 python 是一門簡單易學的語言，而且功能強大也很靈活,在滲透測試中的應用普遍，讓咱們一塊兒打造屬於本身的滲透測試工具 2、web服務器的目錄探測腳本打造 一、在滲透時若是能發現web服務器中的webshell，滲透是否是就能夠變的簡單一點尼 一般狀況下御劍深受你們的喜好，可是今天在測試的時候webshell不知道爲何御劍掃描不到 仔細查看是webshell有防爬功能，是檢測User-Agent頭，若是沒有就回返回一個本身定義的404頁面   一、先來看看工具效果   二、利用python讀取掃描的目錄字典   1 2 3 4 5 def get_url(path):          with open (path, "r" , encoding = 'ISO-8859-1' ) as f:                  for url in f.readlines():                          url_list.append(url.strip())                  return url_list 三、利用 python 的 requests 庫對web目標服務器進行目錄探測   1 2 3 4 5 6 7 8 9 def Go_scan(url):      while not queue.empty():          url_path = queue.get(timeout = 1 )          new_url = url + url_path          res = requests.get(new_url, headers = headers, timeout = 5 )          #print(res.status_code)          status_code = "[" + str (res.status_code) + "]"          if str (res.status_code) ! = "404" :              print (get_time(), status_code, new_url) 四、利用 python 的 threading 庫對探測進行線程的設置   01 02 03 04 05 06 07 08 09 10 11 def thread(Number,url):      threadlist = []      for pwd in url_list:          queue.put(pwd)        for x in range (Number):          t = threading.Thread(target = Go_scan, args = (url,))          threadlist.append(t)        for t in threadlist:          t.start() 五、利用 python 的 argparse 庫進行對本身的工具進行封裝   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 def main():      if len (sys.argv) = = 1 :          print_banner()          exit( 1 )        parser = argparse.ArgumentParser(          formatter_class = argparse.RawTextHelpFormatter,          epilog = '''\ use examples:    python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt    python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt    ''' )      parser.add_argument( "-u" , "--url" , help = "scan target address" , dest = 'url' )      parser.add_argument( "-t" , "--thread" , help = "Number of threads" , default = "20" , type = int , dest = 'thread' )      parser.add_argument( "-d" , "--Dictionaries" , help = "Dictionary of Blasting Loading" ,          dest = "Dictionaries" ) 總結 各位大哥有意見或者建議儘管提，文章哪裏不對的話會改的，小弟定會虛心學習最後附上所有源碼供大佬指教   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 #!/usr/bin/python # -*- coding: utf-8 -*-   import requests import threading import argparse,sys import time,os from queue import Queue   url_list = [] queue = Queue()   headers = {      'Connection' : 'keep-alive' ,      'Accept' : '*/*' ,      'Accept-Language' : 'zh-CN' ,      'User-Agent' : 'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0' }   def print_banner():      banner = r """      .___.__            __________________     _____    _______      __| _/|__|_______   /   _____/\_   ___ \   /  _  \   \      \    / __ | |  |\_  __ \  \_____  \ /    \  \/  /  /_\  \  /   |   \ / /_/ | |  | |  | \/  /        \\     \____/    |    \/    |    \ \____ | |__| |__|    /_______  / \______  /\____|__  /\____|__  /       \/                      \/         \/         \/         \/   [*] Very fast directory scanning tool. [*] try to use -h or --help show help message      """      print (banner)   def get_time():      return '[' + time.strftime( "%H:%M:%S" , time.localtime()) + '] '   def get_url(path):      with open (path, "r" , encoding = 'ISO-8859-1' ) as f:          for url in f.readlines():              url_list.append(url.strip())          return url_list     def Go_scan(url):      while not queue.empty():          url_path = queue.get(timeout = 1 )          new_url = url + url_path          res = requests.get(new_url, headers = headers, timeout = 5 )          #print(res.status_code)          status_code = "[" + str (res.status_code) + "]"          if str (res.status_code) ! = "404" :              print (get_time(), status_code, new_url)   def thread(Number,url):      threadlist = []      for pwd in url_list:          queue.put(pwd)        for x in range (Number):          t = threading.Thread(target = Go_scan, args = (url,))          threadlist.append(t)        for t in threadlist:          t.start()     def main():      if len (sys.argv) = = 1 :          print_banner()          exit( 1 )        parser = argparse.ArgumentParser(          formatter_class = argparse.RawTextHelpFormatter,          epilog = '''\ use examples:    python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt    python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt    ''' )      parser.add_argument( "-u" , "--url" , help = "scan target address" , dest = 'url' )      parser.add_argument( "-t" , "--thread" , help = "Number of threads" , default = "20" , type = int , dest = 'thread' )      parser.add_argument( "-d" , "--Dictionaries" , help = "Dictionary of Blasting Loading" ,          dest = "Dictionaries" )      args = parser.parse_args()      Number = args.thread      url = args.url      url_path = args.Dictionaries      print_banner()      get_url(url_path)      print (get_time(), "[INFO] Start scanning----\n" )      time.sleep( 2 )      thread(Number,url)   if __name__ = = '__main__' :      main()