Python安全小工具之Web目錄掃瞄器

2021-08-10 07:44:40 字數 3483 閱讀 6979

本次的程式實質是web目錄的暴力破解,即基本過程為取出字典內容、和目標**進行組合、然後進行請求識別,能否掃瞄出相應的web目錄主要看字典的強大與否。至於字典,網上也很多資源,收集一下即可。

這裡為了方便,將收集的ua自己儲存成乙個檔案方便其他指令碼直接呼叫。

user_agent_list.py:

#!/usr/bin/python

#coding=utf-8

import random

def get_user_agent():

user_agent_list = [

, ,

, ,

, ,

, ,

, ,

]return random.choice(user_agent_list)

然後將該指令碼放在名為agent_proxy目錄中。

#!/usr/bin/python

#coding=utf-8

import requests

import sys

from queue import queue

import threading

from agent_proxy import user_agent_list

from optparse import optionparser

class dirscanmain:

"""docstring for dirscanmain"""

def __init__(self, options):

self.url = options.url

self.filename = options.filename

self.count = options.count

class dirscan(threading.thread):

"""docstring for dirscan"""

def __init__(self, queue,total):

threading.thread.__init__(self)

self._queue = queue

self._total = total

def run(self):

while not self._queue.empty():

url = self._queue.get()

#threading.thread(target=self.msg).start()

try:

r = requests.get(url=url, headers=user_agent_list.get_user_agent(), timeout=8,)

if r.status_code == 200:

sys.stdout.write('\r' + '[+]%s\t\t\n' % (url))

result = open('result.html','a+')

result.write('' + url + '')

result.write('\r\n

') result.close()

except exception as e:

pass

def msg(self):

# print self._total,self._queue.qsize()

per = 100 - float(self._queue.qsize())/float(self._total) * 100

percentage = "%s finished| %s all| scan in %1.f %s"%((self._total - self._queue.qsize()),self._total,per,'%')

sys.stdout.write('\r'+'[*]'+percentage)

def start(self):

result = open('result.html','w')

result.close()

queue = queue()

f = open('./dics/%s'%self.filename,'r')

for i in f:

queue.put(self.url+i.rstrip('\n'))

# total = queue.qsize()

threads =

thread_count = int(self.count)

for i in range(thread_count):

for i in threads:

i.start()

for i in threads:

i.join()

if __name__ == '__main__':

print '''

____ _ ____

| _ \(_)_ __/ ___| ___ __ _ _ __

| | | | | '__\___ \ / __/ _` | '_ \

| |_| | | | ___) | (_| (_| | | | |

|____/|_|_| |____/ \___\__,_|_| |_|

'''parser = optionparser('./web_dir_scan.py -u -f [-t ]')

parser.add_option('-u','--url',dest='url',type='string',help='target url for scan')

parser.add_option('-f','--file',dest='filename',type='string',help='dictionary filename')

parser.add_option('-t','--thread',dest='count',type='int',default=10,help='scan thread_count')

(options,args)=parser.parse_args()

if options.url and options.filename:

# start(options.url,options.filename,options.count)

dirscan = dirscanmain(options)

dirscan.start()

sys.exit(1)

else:

parser.print_help()

sys.exit(1)

執行結果:

後期會使用django框架編寫乙個web目錄掃瞄系統,當然是使用簡單的暴破的原理,想著是有乙個介面平台來方便操作。

小工具之Synergy

用於兩個主機共享鍵盤和滑鼠的工具 軟體名字 synergy 軟體主頁 支援平台 linux,mac,windows 通吃作用 通過網路在多台主機之間共享滑鼠鍵盤,特別適合咱們乙個人有2臺電腦的情況,節省了需要在不同電腦頻繁切換的麻煩事,而且還支援簡單的網路 複製和貼上。配置方法 在ubuntu桌面執...

python常用小工具

for i in range 32 image tensor2 image tensor1 0,i plt.imshow image tensor2 plt.show 比如 篩選列表中最後字元為 relu6 的元素 x for x in a if x 5 relu6 tmp 是pil影象 impor...

測試flash之小工具

include include include include include include include include define nvs ap ver 20110718 define read nvs wisnvs 0x0000 define read nvs uboot version...