Posted in Python onFebruary 21, 2019
有人问为什么要去扫描网站目录:懂的人自然懂
这个Python脚本的特点:
1.基本完善
2.界面美观(只是画了个图案)
3.可选参数增加了线程数
4.User Agent细节处理
5.多线程显示进度
扫描目标:Metasploitable Linux
代码:WebDirScanner.py:
# -*- coding:utf-8 -*-
__author__ = "Yiqing"
import sys
import threading
import random
from Queue import Queue
from optparse import OptionParser
try:
import requests
except Exception:
print "[!] You need to install requests module!"
print "[!] Usage:pip install requests"
exit()
class WebDirScan:
"""
Web目录扫描器
"""
def __init__(self, options):
self.url = options.url
self.file_name = options.file_name
self.count = options.count
class DirScan(threading.Thread):
"""
多线程
"""
def __init__(self, queue, total):
threading.Thread.__init__(self)
self._queue = queue
self._total = total
def run(self):
while not self._queue.empty():
url = self._queue.get()
# 多线程显示进度
threading.Thread(target=self.msg).start()
try:
r = requests.get(url=url, headers=get_user_agent(), timeout=5)
if r.status_code == 200:
sys.stdout.write('\r' + '[+]%s\t\t\n' % url)
# 保存到本地文件,以HTML的格式
result = open('result.html', 'a+')
result.write('<a href="' + url + '" rel="external nofollow" target="_blank">' + url + '</a>')
result.write('\r\n</br>')
result.close()
except Exception:
pass
def msg(self):
"""
显示进度
:return:None
"""
per = 100 - float(self._queue.qsize()) / float(self._total) * 100
percent = "%s Finished| %s All| Scan in %1.f %s" % (
(self._total - self._queue.qsize()), self._total, per, '%')
sys.stdout.write('\r' + '[*]' + percent)
def start(self):
result = open('result.html', 'w')
result.close()
queue = Queue()
f = open('dict.txt', 'r')
for i in f.readlines():
queue.put(self.url + "/" + i.rstrip('\n'))
total = queue.qsize()
threads = []
thread_count = int(self.count)
for i in range(thread_count):
threads.append(self.DirScan(queue, total))
for thread in threads:
thread.start()
for thread in threads:
thread.join()
def get_user_agent():
"""
User Agent的细节处理
:return:
"""
user_agent_list = [
{'User-Agent': 'Mozilla/4.0 (Mozilla/4.0; MSIE 7.0; Windows NT 5.1; FDM; SV1; .NET CLR 3.0.04506.30)'},
{'User-Agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00'},
{
'User-Agent': 'Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.2) Gecko/2008092313 Ubuntu/8.04 (hardy) Firefox/3.0.2'},
{
'User-Agent': 'Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.1.15) Gecko/20101027 Fedora/3.5.15-1.fc12 Firefox/3.5.15'},
{
'User-Agent': 'Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.551.0 Safari/534.10'},
{'User-Agent': 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.2) Gecko/2008092809 Gentoo Firefox/3.0.2'},
{
'User-Agent': 'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.544.0'},
{'User-Agent': 'Opera/9.10 (Windows NT 5.2; U; en)'},
{
'User-Agent': 'Mozilla/5.0 (iPhone; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko)'},
{'User-Agent': 'Opera/9.80 (X11; U; Linux i686; en-US; rv:1.9.2.3) Presto/2.2.15 Version/10.10'},
{
'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru-RU) AppleWebKit/533.18.1 (KHTML, like Gecko) Version/5.0.2 Safari/533.18.5'},
{'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9b3) Gecko/2008020514 Firefox/3.0b3'},
{
'User-Agent': 'Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_4_11; fr) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16'},
{
'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20'},
{
'User-Agent': 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)'},
{'User-Agent': 'Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux x86_64; en) Opera 9.60'},
{
'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_2; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.366.0 Safari/533.4'},
{'User-Agent': 'Mozilla/5.0 (Windows NT 6.0; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51'}
]
return random.choice(user_agent_list)
def main():
"""
主函数
:return: None
"""
print '''
____ _ ____
| _ \(_)_ __/ ___| ___ __ _ _ __
| | | | | '__\___ \ / __/ _` | '_ \
| |_| | | | ___) | (_| (_| | | | |
|____/|_|_| |____/ \___\__,_|_| |_|
Welcome to WebDirScan
Version:1.0 Author: %s
''' % __author__
parser = OptionParser('python WebDirScanner.py -u <Target URL> -f <Dictionary file name> [-t <Thread_count>]')
parser.add_option('-u', '--url', dest='url', type='string', help='target url for scan')
parser.add_option('-f', '--file', dest='file_name', type='string', help='dictionary filename')
parser.add_option('-t', '--thread', dest='count', type='int', default=10, help='scan thread count')
(options, args) = parser.parse_args()
if options.url and options.file_name:
dirscan = WebDirScan(options)
dirscan.start()
sys.exit(1)
else:
parser.print_help()
sys.exit(1)
if __name__ == '__main__':
main()
需要一个字典文件:
我存进去了一些,一部分是确定存在的目录
dict.txt
index.php login dvwa phpMyAdmin dav twiki login.php
结果:得到一个HTML文件:
<a href="http://192.168.232.129/twiki" rel="external nofollow" target="_blank">http://192.168.232.129/twiki</a> </br><a href="http://192.168.232.129/index.php" rel="external nofollow" target="_blank">http://192.168.232.129/index.php</a> </br><a href="http://192.168.232.129/phpMyAdmin" rel="external nofollow" target="_blank">http://192.168.232.129/phpMyAdmin</a> </br>
脚本的使用:
以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持三水点靠木。
Python开发网站目录扫描器的实现
- Author -
一清声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。
Reply on: @reply_date@
@reply_contents@