![dirsearch](https://user-images.githubusercontent.com/59408894/103289759-87a0ce80-4a1a-11eb-89c9-2feb7e6db25f.png) - *Hacking is not a crime*
dirsearch - Web path scanner
=========
![Build](https://img.shields.io/badge/Built%20with-Python-Blue)
![License](https://img.shields.io/badge/license-GNU_General_Public_License-_red.svg)
![Release](https://img.shields.io/github/release/maurosoria/dirsearch.svg)
![Stars](https://img.shields.io/github/stars/maurosoria/dirsearch.svg)
<a href="https://twitter.com/intent/tweet?text=dirsearch%20-%20Web%20path%20scanner%20by%20@_maurosoria%0A%0Ahttps://github.com/maurosoria/dirsearch">
![Tweet](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fmaurosoria%2Fdirsearch)
</a>
**Current Release: v0.4.1 (2020.12.8)**
Overview
--------
- Dirsearch is a mature command-line tool designed to brute force directories and files in webservers.
- With 6 years of growth, dirsearch now has become the top web content scanner.
- As a feature-rich tool, dirsearch gives users the opportunity to perform a complex web content discovering, with many vectors for the wordlist, high accuracy, impressive performance, advanced connection/request settings, modern brute-force techniques and nice output.
- Dirsearch is being actively developed by [@maurosoria](https://twitter.com/_maurosoria) and [@shelld3v](https://github.com/shelld3v)
Installation & Usage
------------
```python
git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch
python3 dirsearch.py -u <URL> -e <EXTENSIONS>
```
- To can use SOCKS proxy or work with `../` in the wordlist, you need to install pips with `requirements.txt`: `pip3 install -r requirements.txt`
- If you are using Windows and don't have git, you can install the ZIP file [here](https://github.com/maurosoria/dirsearch/archive/master.zip). Dirsearch also supports [Docker](https://github.com/maurosoria/dirsearch#support-docker)
*Dirsearch requires python 3 or greater*
Features
--------
- Fast
- Easy and simple to use
- Multithreading
- Wildcard responses filtering (invalid webpages)
- Keep alive connections
- Support for multiple extensions
- Support for every HTTP method
- Support for HTTP request data
- Support for raw request
- Extensions excluding
- Reporting (Plain text, JSON, XML, Markdown, CSV)
- Recursive brute forcing
- Target enumeration from an IP range
- Sub-directories brute forcing
- Force extensions
- HTTP and SOCKS proxy support
- HTTP cookies and headers support
- HTTP headers from file
- User agent randomization
- Proxy host randomization
- Batch processing
- Request delaying
- 429 response code detecting
- Multiple wordlist formats (lowercase, uppercase, capitalization)
- Default configuration from file
- Option to force requests by hostname
- Option to add custom suffixes and prefixes
- Option to whitelist response codes, support ranges (-i 200,300-399)
- Option to blacklist response codes, support ranges (-x 404,500-599)
- Option to exclude responses by sizes
- Option to exclude responses by texts
- Option to exclude responses by regexp(s)
- Option to exclude responses by redirects
- Options to display only items with response length from range
- Option to remove all extensions from every wordlist entry
- Quiet mode
- Debug mode
About wordlists
---------------
**Summary**: Wordlist must be a text file, each line will be an endpoint. About extensions, unlike other tools, dirsearch won't append extensions to every word, if you don't use the `-f` flag. By default, only the `%EXT%` keyword in the wordlist will be replaced with extensions (`-e <extensions>`).
**Details**:
- Each line in the wordlist will be processed as such, except when the special keyword *%EXT%* is used, it will generate one entry for each extension (-e | --extensions) passed as an argument.
Example:
```
root/
index.%EXT%
```
Passing the extensions "asp" and "aspx" (`-e asp,aspx`) will generate the following dictionary:
```
root/
index
index.asp
index.aspx
```
- For wordlists without *%EXT%* (like [SecLists](https://github.com/danielmiessler/SecLists)), you need to use the **-f | --force-extensions** switch to append extensions to every word in the wordlists, as well as the "/". And for entries in the wordlist that you do not want to force, you can add *%NOFORCE%* at the end of them so dirsearch won't append any extension.
Example:
```
admin
home.%EXT%
api%NOFORCE%
```
Passing extensions "php" and "html" with the **-f**/**--force-extensions** flag (`-f -e php,html`) will generate the following dictionary:
```
admin
admin.php
admin.html
admin/
home
home.php
home.html
api
```
*To use multiple wordlists, you can seperate your wordlists with commas. Example: -w wordlist1.txt,wordlist2.txt*
Options
-------
```
Usage: dirsearch.py [-u|--url] target [-e|--extensions] extensions [options]
Options:
--version show program's version number and exit
-h, --help show this help message and exit
Mandatory:
-u URL, --url=URL Target URL
-l FILE, --url-list=FILE
URL list file
--stdin URL list from STDIN
--cidr=CIDR Target CIDR
--raw=FILE File contains the raw request (use `--scheme` flag to
set the scheme)
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by commas (Example: php,asp)
-X EXTENSIONS, --exclude-extensions=EXTENSIONS
Exclude extension list separated by commas (Example:
asp,jsp)
-f, --force-extensions
Add extensions to the end of every wordlist entry. By
default dirsearch only replaces the %EXT% keyword with
extensions
Dictionary Settings:
-w WORDLIST, --wordlists=WORDLIST
Customize wordlists (separated by commas)
--prefixes=PREFIXES
Add custom prefixes to all entries (separated by
commas)
--suffixes=SUFFIXES
Add custom suffixes to all entries, ignore directories
(separated by commas)
--only-selected Only entries with selected extensions or no extension
+ directories
--remove-extensions
Remove extensions in all wordlist entries (Example:
admin.php -> admin)
-U, --uppercase Uppercase wordlist
-L, --lowercase Lowercase wordlist
-C, --capital Capital wordlist
General Settings:
-r, --recursive Bruteforce recursively
-R DEPTH, --recursion-depth=DEPTH
Maximum recursion depth
-t THREADS, --threads=THREADS
Number of threads
--subdirs=SUBDIRS Scan sub-directories of the given URL[s] (separated by
commas)
--exclude-subdirs=SUBDIRS
Exclude the following subdirectories during recursive
scan (separated by commas)
-i STATUS, --include-status=STATUS
Include status codes, separated by commas, support
ranges (Example: 200,300-399)
-x STATUS, --exclude-status=STATUS
Exclude status codes, separated by commas, support
ranges (Example: 301,500-599)
--exclude-sizes=SIZES
Exclude responses by sizes, separated by commas
(Example: 123B,4KB)
--exclude-texts=TEXTS
Exclude responses by texts, separated by commas
(Example: 'Not found', 'Error')
--exclude-regexps=REGEXPS
Exclude responses by regexps, separated by commas
(Example: 'Not foun[a-z]{1}', '^Error$')
--exclude-redirects=REGEXPS
Exclude responses by redirect regexps or texts,
没有合适的资源?快使用搜索试试~ 我知道了~
温馨提示
基于Python的Django-html的web渗透测试工具 项目关键技术 开发工具:Pycharm 编程语言: python 数据库: MySQL5.7+ 后端技术:Django 前端技术:HTML 关键技术:HTML、MYSQL、Python 数据库工具:Navicat、SQLyog
资源推荐
资源详情
资源评论
收起资源包目录
基于Python的Django-html的web渗透测试工具源码-说明文档 (2000个子文件)
xenon.css 683KB
tabler.css 309KB
xenon-skins.css 281KB
tabler.min.css 243KB
style.min.css 238KB
xenon-core.css 208KB
xenon-components.css 174KB
elusive-embedded.css 115KB
bootstrap.css 113KB
all.css 72KB
fontawesome.css 70KB
linecons-embedded.css 65KB
font-awesome.css 58KB
xenon-forms.css 57KB
fontawesome.min.css 57KB
fontawesome.min.css 57KB
tabler-buttons.css 54KB
tabler-buttons.min.css 43KB
v4-shims.css 40KB
meteocons-embedded.css 38KB
elusive-ie7.css 28KB
elusive-ie7-codes.css 28KB
v4-shims.min.css 26KB
tabler-flags.css 17KB
elusive.css 16KB
flatpickr.min.css 16KB
elusive-codes.css 14KB
tabler-flags.min.css 14KB
layer.css 14KB
layer.css 14KB
main.min.css 14KB
docsify-vue.css 13KB
vue.css 12KB
tabler-payments.css 11KB
mobi.min.css 11KB
tabler-payments.min.css 9KB
bootstrap-table.min.css 9KB
selectize.css 9KB
svg-with-js.css 8KB
index.css 7KB
svg-with-js.min.css 6KB
meteocons-ie7.css 5KB
linecons-ie7.css 5KB
meteocons-ie7-codes.css 5KB
layer.css 5KB
layer.css 5KB
linecons-ie7-codes.css 5KB
meteocons.css 4KB
linecons.css 4KB
nouislider.min.css 4KB
main.min.css 3KB
demo.css 3KB
base.css 3KB
meteocons-codes.css 3KB
linecons-codes.css 3KB
demo.min.css 3KB
animation.css 2KB
animation.css 2KB
animation.css 2KB
nav.css 1KB
main.min.css 1KB
main.min.css 1004B
regular.css 734B
brands.css 732B
solid.css 727B
regular.min.css 677B
brands.min.css 675B
solid.min.css 669B
jqvmap.min.css 613B
register.css 537B
login.css 500B
基于Python的Django-html的web渗透测试工具论文.doc 1.12MB
elusive.eot 46KB
scan_fingerprint.html 35KB
scan_webside.html 26KB
vulnscan.html 23KB
dir-scan.html 17KB
index.html 17KB
scan_infoleak.html 17KB
scan_portscan.html 15KB
navigation.html 14KB
welcome.html 12KB
scan_subdomain.html 11KB
vuln-reslut.html 9KB
docs.html 8KB
about.html 7KB
testfp.html 7KB
dir-result.html 7KB
base.html 6KB
header.html 6KB
home.html 4KB
index.html 4KB
login.html 4KB
password_change_form.html 4KB
register.html 4KB
vuln-detail.html 3KB
base.html 3KB
footer.html 1KB
password_reset_confirm.html 1KB
password_reset_form.html 966B
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
红烧小肥杨
- 粉丝: 1455
- 资源: 2063
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- BigData-Notes-sqoop的安装与配置
- C语言-leetcode题解之28-implement-strstr.c
- C语言-leetcode题解之27-remove-element.c
- C语言-leetcode题解之26-remove-duplicates-from-sorted-array.c
- C语言-leetcode题解之24-swap-nodes-in-pairs.c
- C语言-leetcode题解之22-generate-parentheses.c
- C语言-leetcode题解之21-merge-two-sorted-lists.c
- java-leetcode题解之Online Stock Span.java
- java-leetcode题解之Online Majority Element In Subarray.java
- java-leetcode题解之Odd Even Jump.java
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功