如果目录扫描工具被某些种类的waf拦截了,可以尝试(只是尝试,不是绝对能过)用脚本发出请求,具体功能看需求而定
原理。。。没啥原理,也没啥技术含量,相信大家都能看得懂的,nobody knows better than yourself
套用了一些常用写法(按部就班),想法非常朴素,没啥太大意义,个人单纯mark一下
Python3的
1 #coding:utf-8 2 import sys 3 import time 4 import random 5 import requests 6 import threading 7 from optparse import OptionParser 8 from queue import Queue 9 10 class DirScan: 11 def __init__(self, options): 12 self.url = options.url 13 self.file_name = options.file_name 14 self.numbers = options.numbers 15 ''' 16 自定义Threading类继承Thread 17 ''' 18 class Threading(threading.Thread): 19 def __init__(self, queue, total): 20 threading.Thread.__init__(self) 21 self.sub_queue = queue 22 self.sub_total = total 23 ''' 24 重写run方法 25 ''' 26 def run(self): 27 while not self.sub_queue.empty(): 28 url = self.sub_queue.get() 29 threading.Thread(target=self.progress).start() 30 try: 31 r = requests.get(url=url, headers=self.get_user_agent(), timeout=4) 32 time.sleep(3) 33 if r.status_code == 200: 34 sys.stdout.write(' ' + '[--------]%s ' % url) 35 result = open('result.html', 'a+') #追加写+读 36 result.write('<a href="' + url + '"target="_blank">' + url + '</a>') 37 result.write(' </br>') 38 result.close() 39 except Exception: 40 pass 41 42 def progress(self): 43 per = 100 - float(self.sub_queue.qsize()) / float(self.sub_total) * 100 44 percent = "%s Items Complete in %1.f %s" % ( 45 (self.sub_total - self.sub_queue.qsize()), per, '%') 46 sys.stdout.write(' ' + '[*]' + percent) 47 48 def get_user_agent(self): 49 user_agent_list = [{ 50 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1'}, 51 {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0) Gecko/20100101 Firefox/6.0'}, 52 { 53 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50'}, 54 { 55 'User-Agent': 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; Tablet PC 2.0; .NET4.0E)'} 56 ] 57 return random.choice(user_agent_list) 58 59 def startscan(self): 60 result = open('result.html', 'w') # 以写方式打开 61 result.close() 62 queue = Queue() 63 f = open('dict.txt', 'r') 64 for i in f.readlines(): 65 queue.put(self.url + "/" + i.strip(' ')) 66 total = queue.qsize() 67 threads = [] 68 thread_count = int(self.numbers) 69 for i in range(thread_count): 70 threads.append(self.Threading(queue, total)) 71 for thread in threads: 72 thread.start() 73 for thread in threads: 74 thread.join() 75 76 def main(): 77 print(" ___ ___ __ _ _____ ") 78 print(" / __| / __|/ _ || _ | __ ") 79 print(" \__ | (__| (_| || | | | | | | ") 80 print(" |___/ \___|\__,_||_| |_| |.|__| ") 81 print("Welcome to my NOOB DirScan ver1.0") 82 parser = OptionParser('python dir_scan.py -u <Target URL> -f <Dictionary File Name> -t <Thread numbers>') 83 parser.add_option('-u', '--url', dest='url', type='string', help='the URL you wanna scan(such as http://123.206.84.240:9000)') 84 parser.add_option('-f', '--file', dest='file_name', type='string', help='the dictionary you wanna choose') 85 parser.add_option('-t', '--thread', dest='numbers', type='int', help='the number of threads you wanna choose') 86 (options, args) = parser.parse_args() 87 if options.url and options.file_name: 88 dirscan = DirScan(options) 89 dirscan.startscan() 90 sys.exit(1) 91 else: 92 parser.print_help() 93 sys.exit(1) 94 95 if __name__=='__main__': 96 main()
user_agent头可以多加点
随便转载,请标明作者出处