利用 python 实现对web服务器的目录探测

1、python Python是一种解释型、面向对象、动态数据类型的高级程序设计语言。 python 是一门简单易学的语言，而且功能强大也很灵活,在渗透测试中的应用普遍，让咱们一块儿打造属于本身的渗透测试工具 2、web服务器的目录探测脚本打造 一、在渗透时若是能发现web服务器中的webshell，渗透是否是就能够变的简单一点尼 一般状况下御剑深受你们的喜好，可是今天在测试的时候webshell不知道为何御剑扫描不到 仔细查看是webshell有防爬功能，是检测User-Agent头，若是没有就回返回一个本身定义的404页面   一、先来看看工具效果   二、利用python读取扫描的目录字典   1 2 3 4 5 def get_url(path):          with open (path, "r" , encoding = 'ISO-8859-1' ) as f:                  for url in f.readlines():                          url_list.append(url.strip())                  return url_list 三、利用 python 的 requests 库对web目标服务器进行目录探测   1 2 3 4 5 6 7 8 9 def Go_scan(url):      while not queue.empty():          url_path = queue.get(timeout = 1 )          new_url = url + url_path          res = requests.get(new_url, headers = headers, timeout = 5 )          #print(res.status_code)          status_code = "[" + str (res.status_code) + "]"          if str (res.status_code) ! = "404" :              print (get_time(), status_code, new_url) 四、利用 python 的 threading 库对探测进行线程的设置   01 02 03 04 05 06 07 08 09 10 11 def thread(Number,url):      threadlist = []      for pwd in url_list:          queue.put(pwd)        for x in range (Number):          t = threading.Thread(target = Go_scan, args = (url,))          threadlist.append(t)        for t in threadlist:          t.start() 五、利用 python 的 argparse 库进行对本身的工具进行封装   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 def main():      if len (sys.argv) = = 1 :          print_banner()          exit( 1 )        parser = argparse.ArgumentParser(          formatter_class = argparse.RawTextHelpFormatter,          epilog = '''\ use examples:    python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt    python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt    ''' )      parser.add_argument( "-u" , "--url" , help = "scan target address" , dest = 'url' )      parser.add_argument( "-t" , "--thread" , help = "Number of threads" , default = "20" , type = int , dest = 'thread' )      parser.add_argument( "-d" , "--Dictionaries" , help = "Dictionary of Blasting Loading" ,          dest = "Dictionaries" ) 总结 各位大哥有意见或者建议尽管提，文章哪里不对的话会改的，小弟定会虚心学习最后附上所有源码供大佬指教   01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 #!/usr/bin/python # -*- coding: utf-8 -*-   import requests import threading import argparse,sys import time,os from queue import Queue   url_list = [] queue = Queue()   headers = {      'Connection' : 'keep-alive' ,      'Accept' : '*/*' ,      'Accept-Language' : 'zh-CN' ,      'User-Agent' : 'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0' }   def print_banner():      banner = r """      .___.__            __________________     _____    _______      __| _/|__|_______   /   _____/\_   ___ \   /  _  \   \      \    / __ | |  |\_  __ \  \_____  \ /    \  \/  /  /_\  \  /   |   \ / /_/ | |  | |  | \/  /        \\     \____/    |    \/    |    \ \____ | |__| |__|    /_______  / \______  /\____|__  /\____|__  /       \/                      \/         \/         \/         \/   [*] Very fast directory scanning tool. [*] try to use -h or --help show help message      """      print (banner)   def get_time():      return '[' + time.strftime( "%H:%M:%S" , time.localtime()) + '] '   def get_url(path):      with open (path, "r" , encoding = 'ISO-8859-1' ) as f:          for url in f.readlines():              url_list.append(url.strip())          return url_list     def Go_scan(url):      while not queue.empty():          url_path = queue.get(timeout = 1 )          new_url = url + url_path          res = requests.get(new_url, headers = headers, timeout = 5 )          #print(res.status_code)          status_code = "[" + str (res.status_code) + "]"          if str (res.status_code) ! = "404" :              print (get_time(), status_code, new_url)   def thread(Number,url):      threadlist = []      for pwd in url_list:          queue.put(pwd)        for x in range (Number):          t = threading.Thread(target = Go_scan, args = (url,))          threadlist.append(t)        for t in threadlist:          t.start()     def main():      if len (sys.argv) = = 1 :          print_banner()          exit( 1 )        parser = argparse.ArgumentParser(          formatter_class = argparse.RawTextHelpFormatter,          epilog = '''\ use examples:    python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt    python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt    ''' )      parser.add_argument( "-u" , "--url" , help = "scan target address" , dest = 'url' )      parser.add_argument( "-t" , "--thread" , help = "Number of threads" , default = "20" , type = int , dest = 'thread' )      parser.add_argument( "-d" , "--Dictionaries" , help = "Dictionary of Blasting Loading" ,          dest = "Dictionaries" )      args = parser.parse_args()      Number = args.thread      url = args.url      url_path = args.Dictionaries      print_banner()      get_url(url_path)      print (get_time(), "[INFO] Start scanning----\n" )      time.sleep( 2 )      thread(Number,url)   if __name__ = = '__main__' :      main()