python3爆破服务器_dirsearch「建议收藏」

dirsearch

Current Release: v0.3.9 (2019.11.26)

Overview

dirsearch is a simple command line tool designed to brute force directories and files in websites.

Installation & Usage

git clone https://github.com/maurosoria/dirsearch.git

cd dirsearch

python3 dirsearch.py -u -e

you can also use this alias to send directly to proxy

python3 /path/to/dirsearch/dirsearch.py –http-proxy=localhost:8080

Options

Options:

-h, –help show this help message and exit

Mandatory:

-u URL, –url=URL URL target

-L URLLIST, –url-list=URLLIST

URL list target

-e EXTENSIONS, –extensions=EXTENSIONS

Extension list separated by comma (Example: php,asp)

-E, –extensions-list

Use predefined list of common extensions

Dictionary Settings:

-w WORDLIST, –wordlist=WORDLIST

-l, –lowercase

-f, –force-extensions

Force extensions for every wordlist entry (like in

DirBuster)

General Settings:

-s DELAY, –delay=DELAY

Delay between requests (float number)

-r, –recursive Bruteforce recursively

-R RECURSIVE_LEVEL_MAX, –recursive-level-max=RECURSIVE_LEVEL_MAX

Max recursion level (subdirs) (Default: 1 [only

rootdir + 1 dir])

–suppress-empty, –suppress-empty

–scan-subdir=SCANSUBDIRS, –scan-subdirs=SCANSUBDIRS

Scan subdirectories of the given -u|–url (separated

by comma)

–exclude-subdir=EXCLUDESUBDIRS, –exclude-subdirs=EXCLUDESUBDIRS

Exclude the following subdirectories during recursive

scan (separated by comma)

-t THREADSCOUNT, –threads=THREADSCOUNT

Number of Threads

-x EXCLUDESTATUSCODES, –exclude-status=EXCLUDESTATUSCODES

Exclude status code, separated by comma (example: 301,

500)

–exclude-texts=EXCLUDETEXTS

Exclude responses by texts, separated by comma

(example: “Not found”, “Error”)

–exclude-regexps=EXCLUDEREGEXPS

Exclude responses by regexps, separated by comma

(example: “Not foun[a-z]{1}”, “^Error$”)

-c COOKIE, –cookie=COOKIE

–ua=USERAGENT, –user-agent=USERAGENT

-F, –follow-redirects

-H HEADERS, –header=HEADERS

Headers to add (example: –header “Referer:

example.com” –header “User-Agent: IE”

–random-agents, –random-user-agents

Connection Settings:

–timeout=TIMEOUT Connection timeout

–ip=IP Resolve name to IP address

–proxy=HTTPPROXY, –http-proxy=HTTPPROXY

Http Proxy (example: localhost:8080

–http-method=HTTPMETHOD

Method to use, default: GET, possible also: HEAD;POST

–max-retries=MAXRETRIES

-b, –request-by-hostname

By default dirsearch will request by IP for speed.

This forces requests by hostname

Reports:

–simple-report=SIMPLEOUTPUTFILE

Only found paths

–plain-text-report=PLAINTEXTOUTPUTFILE

Found paths with status codes

–json-report=JSONOUTPUTFILE

Operating Systems supported

Windows XP/7/8/10

GNU/Linux

MacOSX

Features

Multithreaded

Keep alive connections

Support for multiple extensions (-e|–extensions asp,php)

Reporting (plain text, JSON)

Heuristically detects invalid web pages

Recursive brute forcing

HTTP proxy support

User agent randomization

Batch processing

Request delaying

About wordlists

Dictionaries must be text files. Each line will be processed as such, except that the special word %EXT% is used, which will generate one entry for each extension (-e | –extension) passed as an argument.

Example:

example/

example.%EXT%

Passing the extensions “asp” and “aspx” will generate the following dictionary:

example/

example.asp

example.aspx

You can also use -f | –force-extensions switch to append extensions to every word in the wordlists (like DirBuster).

Support Docker

Install Docker Linux

Install Docker

curl -fsSL https://get.docker.com | bash

To use docker you need superuser power

Build Image dirsearch

To create image

docker build -t “dirsearch:v0.3.8” .

dirsearch this is name the image and v0.3.8 is version

Using dirsearch

For using

docker run -it –rm “dirsearch:v0.3.8” -u target -e php,html,png,js,jpg

target is the site or IP

License

Copyright (C) Mauro Soria (maurosoria at gmail dot com)

License: GNU General Public License, version 2

Contributors

Special thanks for these people.

mzfr

Damian89

Bo0oM

liamosaur

redshark1802

SUHAR1K

FireFart

k2l8m11n2

vlohacks

r0p0s3c

版权声明：本文内容由互联网用户自发贡献，该文观点仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 举报，一经查实，本站将立刻删除。

发布者：全栈程序员栈长，转载请注明出处：https://javaforall.cn/185328.html原文链接：https://javaforall.cn