![dirsearch](https://user-images.githubusercontent.com/59408894/103289759-87a0ce80-4a1a-11eb-89c9-2feb7e6db25f.png) - *Hacking is not a crime*
dirsearch - Web path scanner
=========
![Build](https://img.shields.io/badge/Built%20with-Python-Blue)
![License](https://img.shields.io/badge/license-GNU_General_Public_License-_red.svg)
![Release](https://img.shields.io/github/release/maurosoria/dirsearch.svg)
![Stars](https://img.shields.io/github/stars/maurosoria/dirsearch.svg)
<a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch">
![Tweet](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fmaurosoria%2Fdirsearch)
</a>
**Current Release: v0.4.1 (2020.12.8)**
Overview
--------
- Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.
- With 6 years of growth, dirsearch now has become the top web content scanner.
- As a feature-rich tool, dirsearch gives users the opportunity to perform a complex web content discovering, with many vectors for the wordlist, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques and nice output.
- Dirsearch is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://github.com/shelld3v)
Installation & Usage
------------
```python
git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch
python3 dirsearch.py -u <URL> -e <EXTENSIONS>
```
- To can use SOCKS proxy or work with `../` in the wordlist, you need to install pips with `requirements.txt`: `pip3 install -r requirements.txt`
- If you are using Windows and don't have git, you can install the ZIP file [here](https://github.com/maurosoria/dirsearch/archive/master.zip). Dirsearch also supports [Docker](https://github.com/maurosoria/dirsearch#support-docker)
*Dirsearch requires python 3 or greater*
Features
--------
- Fast
- Easy and simple to use
- Multithreading
- Wildcard responses filtering (invalid webpages)
- Keep alive connections
- Support for multiple extensions
- Support for every HTTP method
- Support for HTTP request data
- Support for raw request
- Extensions excluding
- Reporting (Plain text, JSON, XML, Markdown, CSV)
- Recursive brute forcing
- Target enumeration from an IP range
- Sub-directories brute forcing
- Force extensions
- HTTP and SOCKS proxy support
- HTTP cookies and headers support
- HTTP headers from file
- User agent randomization
- Proxy host randomization
- Batch processing
- Request delaying
- 429 response code detecting
- Multiple wordlist formats (lowercase, uppercase, capitalization)
- Default configuration from file
- Option to force requests by hostname
- Option to add custom suffixes and prefixes
- Option to whitelist response codes, support ranges (-i 200,300-399)
- Option to blacklist response codes, support ranges (-x 404,500-599)
- Option to exclude responses by sizes
- Option to exclude responses by texts
- Option to exclude responses by regexp(s)
- Option to exclude responses by redirects
- Options to display only items with response length from range
- Option to remove all extensions from every wordlist entry
- Quiet mode
- Debug mode
About wordlists
---------------
**Summary**: Wordlist must be a text file, each line will be an endpoint. About extensions, unlike other tools, dirsearch won't append extensions to every word, if you don't use the `-f` flag. By default, only the `%EXT%` keyword in the wordlist will be replaced with extensions (`-e <extensions>`).
**Details**:
- Each line in the wordlist will be processed as such, except when the special keyword *%EXT%* is used, it will generate one entry for each extension (-e | --extensions) passed as an argument.
Example:
```
root/
index.%EXT%
```
Passing the extensions "asp" and "aspx" (`-e asp,aspx`) will generate the following dictionary:
```
root/
index
index.asp
index.aspx
```
- For wordlists without *%EXT%* (like [SecLists](https://github.com/danielmiessler/SecLists)), you need to use the **-f | --force-extensions** switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add *%NOFORCE%* at the end of them so dirsearch won't append any extension.
Example:
```
admin
home.%EXT%
api%NOFORCE%
```
Passing extensions "php" and "html" with the **-f**/**--force-extensions** flag (`-f -e php,html`) will generate the following dictionary:
```
admin
admin.php
admin.html
admin/
home
home.php
home.html
api
```
*To use multiple wordlists, you can seperate your wordlists with commas. Example: -w wordlist1.txt,wordlist2.txt*
Options
-------
```
Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
Mandatory:
-u URL, --url=URL Target URL
-l FILE, --url-list=FILE
URL list file
--stdin URL list from STDIN
--cidr=CIDR Target CIDR
--raw=FILE File contains the raw request (use `--scheme` flag to
set the scheme)
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by commas (Example: php,asp)
-X EXTENSIONS, --exclude-extensions=EXTENSIONS
Exclude extension list separated by commas (Example:
asp,jsp)
-f, --force-extensions
Add extensions to the end of every wordlist entry. By
default dirsearch only replaces the %EXT% keyword with
extensions
Dictionary Settings:
-w WORDLIST, --wordlists=WORDLIST
Customize wordlists (separated by commas)
--prefixes=PREFIXES
Add custom prefixes to all entries (separated by
commas)
--suffixes=SUFFIXES
Add custom suffixes to all entries, ignore directories
(separated by commas)
--only-selected Only entries with selected extensions or no extension
+ directories
--remove-extensions
Remove extensions in all wordlist entries (Example:
admin.php -> admin)
-U, --uppercase Uppercase wordlist
-L, --lowercase Lowercase wordlist
-C, --capital Capital wordlist
General Settings:
-r, --recursive Bruteforce recursively
-R DEPTH, --recursion-depth=DEPTH
Maximum recursion depth
-t THREADS, --threads=THREADS
Number of threads
--subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by
commas)
--exclude-subdirs=SUBDIRS
Exclude the following subdirectories during recursive
scan (separated by commas)
-i STATUS, --include-status=STATUS
Include status codes, separated by commas, support
ranges (Example: 200,300-399)
-x STATUS, --exclude-status=STATUS
Exclude status codes, separated by commas, support
ranges (Example: 301,500-599)
--exclude-sizes=SIZES
Exclude responses by sizes, separated by commas
(Example: 123B,4KB)
--exclude-texts=TEXTS
Exclude responses by texts, separated by commas
(Example: 'Not found', 'Error')
--exclude-regexps=REGEXPS
Exclude responses by regexps, separated by commas
(Example: 'Not foun[a-z]{1}', '^Error$')
--exclude-redirects=REGEXPS
Exclude responses by redirect regexps or texts,
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
这些项目以Python语言为基础,是一系列多样化的系统。无论是学业预警、自主评测,还是电影推荐、二维码识别,或者是数据加密、信息隐藏,这些项目充分利用了Python语言的优势,为用户提供了高效、灵活的解决方案。 Python语言作为一种高级编程语言,具有简洁、可读性强的特点,使得开发者可以更加专注于解决问题的逻辑。同时,Python拥有丰富的开源库和框架,如Django、Flask、OpenCV等,为项目开发提供了强大的支持。 这些项目的开发旨在为用户提供便捷、智能的服务和功能。Python语言具备广泛的应用领域,从机器学习、自然语言处理,到图像处理、数据可视化,Python在各个领域都有良好的应用场景。同时,Python的生态系统也在不断扩展和发展,拥有丰富的第三方库和工具。 通过Python语言的支持,这些项目可以实现多样化的功能需求,如数据分析、图像处理、网络安全等。同时,Python的简洁性和易读性,使得项目的开发、测试和维护更加高效和方便。 总之,这些项目利用Python语言的优势和多样化特性,为各个领域的应用和研究提供了强大的解决方案。无论是学校学业预警、电影推荐,还是数据加密、图像识别,这些项目都能够高效、灵活地满足用户需求,为用户提供优质的体验。
资源推荐
资源详情
资源评论
收起资源包目录
python127nweb渗透测试工具_django.zip (2622个子文件)
xenon.css 683KB
tabler.css 309KB
xenon-skins.css 281KB
tabler.min.css 243KB
style.min.css 238KB
xenon-core.css 208KB
xenon-components.css 174KB
elusive-embedded.css 115KB
bootstrap.css 113KB
all.css 72KB
fontawesome.css 70KB
linecons-embedded.css 65KB
font-awesome.css 58KB
xenon-forms.css 57KB
fontawesome.min.css 57KB
fontawesome.min.css 57KB
tabler-buttons.css 54KB
tabler-buttons.min.css 43KB
v4-shims.css 40KB
meteocons-embedded.css 38KB
elusive-ie7.css 28KB
elusive-ie7-codes.css 28KB
v4-shims.min.css 26KB
tabler-flags.css 17KB
elusive.css 16KB
flatpickr.min.css 16KB
elusive-codes.css 14KB
tabler-flags.min.css 14KB
layer.css 14KB
layer.css 14KB
main.min.css 14KB
docsify-vue.css 13KB
vue.css 12KB
tabler-payments.css 11KB
mobi.min.css 11KB
tabler-payments.min.css 9KB
bootstrap-table.min.css 9KB
selectize.css 9KB
svg-with-js.css 8KB
index.css 7KB
svg-with-js.min.css 6KB
meteocons-ie7.css 5KB
linecons-ie7.css 5KB
meteocons-ie7-codes.css 5KB
layer.css 5KB
layer.css 5KB
linecons-ie7-codes.css 5KB
meteocons.css 4KB
linecons.css 4KB
nouislider.min.css 4KB
main.min.css 3KB
demo.css 3KB
base.css 3KB
meteocons-codes.css 3KB
linecons-codes.css 3KB
demo.min.css 3KB
animation.css 2KB
animation.css 2KB
animation.css 2KB
nav.css 1KB
main.min.css 1KB
main.min.css 1004B
regular.css 734B
brands.css 732B
solid.css 727B
regular.min.css 677B
brands.min.css 675B
solid.min.css 669B
jqvmap.min.css 613B
register.css 537B
login.css 500B
patch.dat 15.45MB
patch.dat 8.84MB
patch.dat 0B
patch.dat 0B
基于Python的web渗透测试工具论文.doc 1.12MB
Dockerfile 300B
fa-solid-900.eot 200KB
fa-solid-900.eot 200KB
fa-brands-400.eot 134KB
fa-brands-400.eot 134KB
elusive.eot 46KB
fa-regular-400.eot 34KB
fa-regular-400.eot 34KB
linecons.eot 29KB
glyphicons-halflings-regular.eot 20KB
meteocons.eot 17KB
patch.exe 5.74MB
acunetix_12.0.190902105.exe 0B
patch.exe 0B
loading-0.gif 6KB
loading-0.gif 6KB
loading-2.gif 2KB
loading-2.gif 2KB
loading-1.gif 701B
loading-1.gif 701B
.gitattributes 30B
.gitignore 125B
scan_fingerprint.html 35KB
scan_webside.html 26KB
共 2622 条
- 1
- 2
- 3
- 4
- 5
- 6
- 27
资源评论
- m0_534779282024-04-17资源很不错,内容和描述一致,值得借鉴,赶紧学起来!
Java码库
- 粉丝: 1454
- 资源: 3918
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功