毕业设计：基于Python的web渗透测试工具（源码 + 数据库 + 说明文档）

 - *Hacking is not a crime* dirsearch - Web path scanner =========     <a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch">  </a> **Current Release: v0.4.1 (2020.12.8)** Overview -------- - Dirsearch is a mature command-line tool designed to brute force directories and files in webservers. - With 6 years of growth, dirsearch now has become the top web content scanner. - As a feature-rich tool, dirsearch gives users the opportunity to perform a complex web content discovering, with many vectors for the wordlist, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques and nice output. - Dirsearch is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://github.com/shelld3v) Installation & Usage ------------ ```python git clone https://github.com/maurosoria/dirsearch.git cd dirsearch python3 dirsearch.py -u <URL> -e <EXTENSIONS> ``` - To can use SOCKS proxy or work with `../` in the wordlist, you need to install pips with `requirements.txt`: `pip3 install -r requirements.txt` - If you are using Windows and don't have git, you can install the ZIP file [here](https://github.com/maurosoria/dirsearch/archive/master.zip). Dirsearch also supports [Docker](https://github.com/maurosoria/dirsearch#support-docker) *Dirsearch requires python 3 or greater* Features -------- - Fast - Easy and simple to use - Multithreading - Wildcard responses filtering (invalid webpages) - Keep alive connections - Support for multiple extensions - Support for every HTTP method - Support for HTTP request data - Support for raw request - Extensions excluding - Reporting (Plain text, JSON, XML, Markdown, CSV) - Recursive brute forcing - Target enumeration from an IP range - Sub-directories brute forcing - Force extensions - HTTP and SOCKS proxy support - HTTP cookies and headers support - HTTP headers from file - User agent randomization - Proxy host randomization - Batch processing - Request delaying - 429 response code detecting - Multiple wordlist formats (lowercase, uppercase, capitalization) - Default configuration from file - Option to force requests by hostname - Option to add custom suffixes and prefixes - Option to whitelist response codes, support ranges (-i 200,300-399) - Option to blacklist response codes, support ranges (-x 404,500-599) - Option to exclude responses by sizes - Option to exclude responses by texts - Option to exclude responses by regexp(s) - Option to exclude responses by redirects - Options to display only items with response length from range - Option to remove all extensions from every wordlist entry - Quiet mode - Debug mode About wordlists --------------- **Summary**: Wordlist must be a text file, each line will be an endpoint. About extensions, unlike other tools, dirsearch won't append extensions to every word, if you don't use the `-f` flag. By default, only the `%EXT%` keyword in the wordlist will be replaced with extensions (`-e <extensions>`). **Details**: - Each line in the wordlist will be processed as such, except when the special keyword *%EXT%* is used, it will generate one entry for each extension (-e | --extensions) passed as an argument. Example: ``` root/ index.%EXT% ``` Passing the extensions "asp" and "aspx" (`-e asp,aspx`) will generate the following dictionary: ``` root/ index index.asp index.aspx ``` - For wordlists without *%EXT%* (like [SecLists](https://github.com/danielmiessler/SecLists)), you need to use the **-f | --force-extensions** switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add *%NOFORCE%* at the end of them so dirsearch won't append any extension. Example: ``` admin home.%EXT% api%NOFORCE% ``` Passing extensions "php" and "html" with the **-f**/**--force-extensions** flag (`-f -e php,html`) will generate the following dictionary: ``` admin admin.php admin.html admin/ home home.php home.html api ``` *To use multiple wordlists, you can seperate your wordlists with commas. Example: -w wordlist1.txt,wordlist2.txt* Options ------- ``` Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options] Options: --version show program's version number and exit -h, --help show this help message and exit Mandatory: -u URL, --url=URL Target URL -l FILE, --url-list=FILE URL list file --stdin URL list from STDIN --cidr=CIDR Target CIDR --raw=FILE File contains the raw request (use `--scheme` flag to set the scheme) -e EXTENSIONS, --extensions=EXTENSIONS Extension list separated by commas (Example: php,asp) -X EXTENSIONS, --exclude-extensions=EXTENSIONS Exclude extension list separated by commas (Example: asp,jsp) -f, --force-extensions Add extensions to the end of every wordlist entry. By default dirsearch only replaces the %EXT% keyword with extensions Dictionary Settings: -w WORDLIST, --wordlists=WORDLIST Customize wordlists (separated by commas) --prefixes=PREFIXES Add custom prefixes to all entries (separated by commas) --suffixes=SUFFIXES Add custom suffixes to all entries, ignore directories (separated by commas) --only-selected Only entries with selected extensions or no extension + directories --remove-extensions Remove extensions in all wordlist entries (Example: admin.php -> admin) -U, --uppercase Uppercase wordlist -L, --lowercase Lowercase wordlist -C, --capital Capital wordlist General Settings: -r, --recursive Bruteforce recursively -R DEPTH, --recursion-depth=DEPTH Maximum recursion depth -t THREADS, --threads=THREADS Number of threads --subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by commas) --exclude-subdirs=SUBDIRS Exclude the following subdirectories during recursive scan (separated by commas) -i STATUS, --include-status=STATUS Include status codes, separated by commas, support ranges (Example: 200,300-399) -x STATUS, --exclude-status=STATUS Exclude status codes, separated by commas, support ranges (Example: 301,500-599) --exclude-sizes=SIZES Exclude responses by sizes, separated by commas (Example: 123B,4KB) --exclude-texts=TEXTS Exclude responses by texts, separated by commas (Example: 'Not found', 'Error') --exclude-regexps=REGEXPS Exclude responses by regexps, separated by commas (Example: 'Not foun[a-z]{1}', '^Error$') --exclude-redirects=REGEXPS Exclude responses by redirect regexps or texts,