本次的程式實質是web目錄的暴力破解,即基本過程為取出字典內容、和目標**進行組合、然後進行請求識別,能否掃瞄出相應的web目錄主要看字典的強大與否。至於字典,網上也很多資源,收集一下即可。
這裡為了方便,將收集的ua自己儲存成乙個檔案方便其他指令碼直接呼叫。
user_agent_list.py:
#!/usr/bin/python
#coding=utf-8
import random
def get_user_agent():
user_agent_list = [
, ,
, ,
, ,
, ,
, ,
]return random.choice(user_agent_list)
然後將該指令碼放在名為agent_proxy目錄中。
#!/usr/bin/python
#coding=utf-8
import requests
import sys
from queue import queue
import threading
from agent_proxy import user_agent_list
from optparse import optionparser
class dirscanmain:
"""docstring for dirscanmain"""
def __init__(self, options):
self.url = options.url
self.filename = options.filename
self.count = options.count
class dirscan(threading.thread):
"""docstring for dirscan"""
def __init__(self, queue,total):
threading.thread.__init__(self)
self._queue = queue
self._total = total
def run(self):
while not self._queue.empty():
url = self._queue.get()
#threading.thread(target=self.msg).start()
try:
r = requests.get(url=url, headers=user_agent_list.get_user_agent(), timeout=8,)
if r.status_code == 200:
sys.stdout.write('\r' + '[+]%s\t\t\n' % (url))
result = open('result.html','a+')
result.write('' + url + '')
result.write('\r\n
') result.close()
except exception as e:
pass
def msg(self):
# print self._total,self._queue.qsize()
per = 100 - float(self._queue.qsize())/float(self._total) * 100
percentage = "%s finished| %s all| scan in %1.f %s"%((self._total - self._queue.qsize()),self._total,per,'%')
sys.stdout.write('\r'+'[*]'+percentage)
def start(self):
result = open('result.html','w')
result.close()
queue = queue()
f = open('./dics/%s'%self.filename,'r')
for i in f:
queue.put(self.url+i.rstrip('\n'))
# total = queue.qsize()
threads =
thread_count = int(self.count)
for i in range(thread_count):
for i in threads:
i.start()
for i in threads:
i.join()
if __name__ == '__main__':
print '''
____ _ ____
| _ \(_)_ __/ ___| ___ __ _ _ __
| | | | | '__\___ \ / __/ _` | '_ \
| |_| | | | ___) | (_| (_| | | | |
|____/|_|_| |____/ \___\__,_|_| |_|
'''parser = optionparser('./web_dir_scan.py -u -f [-t ]')
parser.add_option('-u','--url',dest='url',type='string',help='target url for scan')
parser.add_option('-f','--file',dest='filename',type='string',help='dictionary filename')
parser.add_option('-t','--thread',dest='count',type='int',default=10,help='scan thread_count')
(options,args)=parser.parse_args()
if options.url and options.filename:
# start(options.url,options.filename,options.count)
dirscan = dirscanmain(options)
dirscan.start()
sys.exit(1)
else:
parser.print_help()
sys.exit(1)
執行結果:
後期會使用django框架編寫乙個web目錄掃瞄系統,當然是使用簡單的暴破的原理,想著是有乙個介面平台來方便操作。
小工具之Synergy
用於兩個主機共享鍵盤和滑鼠的工具 軟體名字 synergy 軟體主頁 支援平台 linux,mac,windows 通吃作用 通過網路在多台主機之間共享滑鼠鍵盤,特別適合咱們乙個人有2臺電腦的情況,節省了需要在不同電腦頻繁切換的麻煩事,而且還支援簡單的網路 複製和貼上。配置方法 在ubuntu桌面執...
python常用小工具
for i in range 32 image tensor2 image tensor1 0,i plt.imshow image tensor2 plt.show 比如 篩選列表中最後字元為 relu6 的元素 x for x in a if x 5 relu6 tmp 是pil影象 impor...
測試flash之小工具
include include include include include include include include define nvs ap ver 20110718 define read nvs wisnvs 0x0000 define read nvs uboot version...