您的位置: 首页  >  IT文章  >  利用 python 实现对web服务器的目录探测

利用 python 实现对web服务器的目录探测

分类: IT文章 2023-03-24 12:56:02
一、python
Python是一种解释型、面向对象、动态数据类型的高级程序设计语言。
python 是一门简单易学的语言,并且功能强大也很灵活,在渗透测试中的应用广泛,让我们一起打造属于自己的渗透测试工具



二、web服务器的目录探测脚本打造


1、在渗透时如果能发现web服务器中的webshell,渗透是不是就可以变的简单一点尼
通常情况下御剑深受大家的喜爱,但是今天在测试的时候webshell不知道为什么御剑扫描不到
仔细查看是webshell有防爬功能,是检测User-Agent头,如果没有就回返回一个自己定义的404页面  

2、利用python读取扫描的目录字典
 
1
2
3
4
5
def get_url(path):
        with open(path, "r", encoding='ISO-8859-1') as f:
                for url in f.readlines():
                        url_list.append(url.strip())
                return url_list


3、利用 python 的 requests 库对web目标服务器进行目录探测
 
1
2
3
4
5
6
7
8
9
def Go_scan(url):
    while not queue.empty():
        url_path = queue.get(timeout=1)
        new_url = url + url_path
        res = requests.get(new_url, headers=headers, timeout=5)
        #print(res.status_code)
        status_code = "[" + str(res.status_code) + "]"
        if str(res.status_code) != "404":
            print(get_time(), status_code, new_url)


4、利用 python 的 threading 库对探测进行线程的设置
 
01
02
03
04
05
06
07
08
09
10
11
def thread(Number,url):
    threadlist = []
    for pwd in url_list:
        queue.put(pwd)
 
    for x in range(Number):
        t = threading.Thread(target=Go_scan, args=(url,))
        threadlist.append(t)
 
    for t in threadlist:
        t.start()


5、利用 python 的 argparse 库进行对自己的工具进行封装
 
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
def main():
    if len(sys.argv) == 1:
        print_banner()
        exit(1)
 
    parser = argparse.ArgumentParser(
        formatter_class=argparse.RawTextHelpFormatter,
        epilog='''
use examples:
  python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  ''')
    parser.add_argument("-u","--url", help="scan target address", dest='url')
    parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
    parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
        dest="Dictionaries")


总结
各位大哥有意见或者建议尽管提,文章哪里不对的话会改的,小弟定会虚心学习最后附上全部源码供大佬指教
 
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/python
# -*- coding: utf-8 -*-
 
import requests
import threading
import argparse,sys
import time,os
from queue import Queue
 
url_list = []
queue = Queue()
 
headers = {
    'Connection':'keep-alive',
    'Accept':'*/*',
    'Accept-Language': 'zh-CN',
    'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0'
}
 
def print_banner():
    banner = r"""
    .___.__            __________________     _____    _______  
  __| _/|__|_______   /   _____/\_   ___    /  _            
 / __ | |  |\_  __   \_____  /      /  /  /_    /   |  
/ /_/ | |  | |  | /  /        \     \____/    |    /    |   
\____ | |__| |__|    /_______  / \______  /\____|__  /\____|__  /
     /                      /         /         /         /
 
[*] Very fast directory scanning tool.
[*] try to use -h or --help show help message
    """
    print(banner)
 
def get_time():
    return '[' + time.strftime("%H:%M:%S", time.localtime()) + '] '
 
def get_url(path):
    with open(path, "r", encoding='ISO-8859-1') as f:
        for url in f.readlines():
            url_list.append(url.strip())
        return url_list
 
 
def Go_scan(url):
    while not queue.empty():
        url_path = queue.get(timeout=1)
        new_url = url + url_path
        res = requests.get(new_url, headers=headers, timeout=5)
        #print(res.status_code)
        status_code = "[" + str(res.status_code) + "]"
        if str(res.status_code) != "404":
            print(get_time(), status_code, new_url)
 
def thread(Number,url):
    threadlist = []
    for pwd in url_list:
        queue.put(pwd)
 
    for x in range(Number):
        t = threading.Thread(target=Go_scan, args=(url,))
        threadlist.append(t)
 
    for t in threadlist:
        t.start()
 
 
def main():
    if len(sys.argv) == 1:
        print_banner()
        exit(1)
 
    parser = argparse.ArgumentParser(
        formatter_class=argparse.RawTextHelpFormatter,
        epilog='''
use examples:
  python dir_scan.py -u [url]http://www.test.com[/url] -d /root/dir.txt
  python dir_scan.py -u [url]http://www.test.com[/url] -t 30 -d /root/dir.txt
  ''')
    parser.add_argument("-u","--url", help="scan target address", dest='url')
    parser.add_argument("-t","--thread", help="Number of threads", default="20", type=int, dest='thread')
    parser.add_argument("-d","--Dictionaries", help="Dictionary of Blasting Loading",
        dest="Dictionaries")
    args = parser.parse_args()
    Number =args.thread
    url = args.url
    url_path = args.Dictionaries
    print_banner()
    get_url(url_path)
    print(get_time(), "[INFO] Start scanning---- ")
    time.sleep(2)
    thread(Number,url)
 
if __name__ == '__main__':
    main()

相关推荐