路径扫描:
这个脚本是通过异步IO请求,通过创建多个进程来增加扫描速度,通过返回状态码不同来判断是否存在子路径。(如果存在域名泛解析,则需要和目标域名网页的MD5比对,比对相同则表示存在域名泛解析,当然这种判断方式存在误差,后面会同步域名泛解析判断脚本),这里只是熟悉并利用python3异步IO的特性,测试扫描速度。
需要修改参数:target : 目标域名
urlpath:字典文件
processnum:进行数
源码仅供参考
import hashlib import aiohttp import asyncio from multiprocessing import Process, Queue, Manager # """ # aiohttp:发送http请求 # 1.创建一个ClientSession对象 # 2.通过ClientSession对象去发送请求(get, post, delete等) # 3.await 异步等待返回结果 # """ class Dirscan(): def __init__(self,target): self.target = target self.targetmd5 = '' self.allqueue = Queue() self.urlpath =r'字典文件' #字典文件,可以修改 self.Ansdomain = Manager().list() self.processnum = 8 #进程数 可以修改 self.alldictnum= 0 def dicturl(self): with open(self.urlpath,'r',encoding='utf-8') as f: for i in f.readlines(): self.allqueue.put(self.target+'/'+i.strip(' ')) self.alldictnum= self.allqueue.qsize() async def main(self,url): async with aiohttp.ClientSession() as session: async with session.get(url) as res: htmlstr= await res.text() md5hash = hashlib.md5(htmlstr.encode("utf8")) md5 = md5hash.hexdigest() return res.status,md5 def dirscan(self): loop = asyncio.get_event_loop() task = loop.create_task(self.main(self.target)) status, self.targetmd5 = loop.run_until_complete(task) while self.allqueue.empty() != True: tmp = self.allqueue.get() task = loop.create_task(self.main(tmp)) try: print(' '+str(int(self.alldictnum)-int(self.allqueue.qsize()))+'/'+str(int(self.alldictnum)),end='') status,mad5 = loop.run_until_complete(task) #print('bad : '+tmp) if ((status==200) and (mad5!=self.targetmd5)): print('OK : '+tmp) self.Ansdomain.append(tmp) except Exception as e: print(e) def SetProcess(self): self.dicturl() allprocess = [] for i in range(0, self.processnum): p = Process(target=self.dirscan, args=()) p.start() allprocess.append(p) for i in allprocess: i.join() for i in allprocess: i.close() if __name__ == '__main__': obj = Dirscan('http://4399.com') obj.SetProcess()