一、python
Python是一種解釋型、面向對象�����、動態數據類型的高級程序設計語言。
python 是一門簡單易學的語言,并且功能強大也很靈活,在滲透測試中的應用廣泛,讓我們一起打造屬于自己的滲透測試工具
二����、web服務器的目錄探測腳本打造
1����、在滲透時如果能發現web服務器中的webshell���,滲透是不是就可以變的簡單一點尼
通常情況下御劍深受大家的喜愛��,但是今天在測試的時候webshell不知道為什么御劍掃描不到
仔細查看是webshell有防爬功能�����,是檢測User-Agent頭,如果沒有就回返回一個自己定義的404頁面
1����、先來看看工具效果
2����、利用python讀取掃描的目錄字典
def get_url(path): with open(path, "r", encoding='ISO-8859-1') as f: for url in f.readlines(): url_list.append(url.strip()) return url_list
3���、利用 python 的 requests 庫對web目標服務器進行目錄探測
def Go_scan(url): while not queue.empty(): url_path = queue.get(timeout=1) new_url = url + url_path res = requests.get(new_url, headers=headers, timeout=5) #print(res.status_code) status_code = "[" + str(res.status_code) + "]" if str(res.status_code) != "404": print(get_time(), status_code, new_url)
4�、利用 python 的 threading 庫對探測進行線程的設置
def thread(Number,url): threadlist = [] for pwd in url_list: queue.put(pwd) for x in range(Number): t = threading.Thread(target=Go_scan, args=(url,)) threadlist.append(t) for t in threadlist: t.start()
5���、利用 python 的 argparse 庫進行對自己的工具進行封裝
def main(): if len(sys.argv) == 1: print_banner() exit(1) parser = argparse.ArgumentParser( formatter_class=argparse.RawTextHelpFormatter, epilog='''/use examples: python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt ''') parser.add_argument("-u","--url", help="scan target address", dest='url') parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread') parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading", dest="Dictionaries")總結
各位大哥有意見或者建議盡管提���,文章哪里不對的話會改的����,小弟定會虛心學習最后附上全部源碼供大佬指教
#!/usr/bin/python# -*- coding: utf-8 -*- import requestsimport threadingimport argparse,sysimport time,osfrom queue import Queue url_list = []queue = Queue() headers = { 'Connection':'keep-alive', 'Accept':'*/*', 'Accept-Language': 'zh-CN', 'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0'} def print_banner(): banner = r""" .___.__ __________________ _____ _______ __| _/|__|_______ / _____//_ ___ / / _ / / / / __ | | |/_ __ / /_____ / / / // / /_/ / / | / / /_/ | | | | | // / // /____/ | // | //____ | |__| |__| /_______ / /______ //____|__ //____|__ / // // // // // [*] Very fast directory scanning tool.[*] try to use -h or --help show help message """ print(banner) def get_time(): return '[' + time.strftime("%H:%M:%S", time.localtime()) + '] ' def get_url(path): with open(path, "r", encoding='ISO-8859-1') as f: for url in f.readlines(): url_list.append(url.strip()) return url_list def Go_scan(url): while not queue.empty(): url_path = queue.get(timeout=1) new_url = url + url_path res = requests.get(new_url, headers=headers, timeout=5) #print(res.status_code) status_code = "[" + str(res.status_code) + "]" if str(res.status_code) != "404": print(get_time(), status_code, new_url) def thread(Number,url): threadlist = [] for pwd in url_list: queue.put(pwd) for x in range(Number): t = threading.Thread(target=Go_scan, args=(url,)) threadlist.append(t) for t in threadlist: t.start() def main(): if len(sys.argv) == 1: print_banner() exit(1) parser = argparse.ArgumentParser( formatter_class=argparse.RawTextHelpFormatter, epilog='''/use examples: python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt ''') parser.add_argument("-u","--url", help="scan target address", dest='url') parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread') parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading", dest="Dictionaries") args = parser.parse_args() Number =args.thread url = args.url url_path = args.Dictionaries print_banner() get_url(url_path) print(get_time(), "[INFO] Start scanning----/n") time.sleep(2) thread(Number,url) if __name__ == '__main__': main()
