import urllib.request #python3中已经没有了urllib2这个库
import threading
import queue
import urllib
threads =50
target_url ="http://testphp.vulnweb.com"
wordlist_file="/tmp/all.txt" #从SVNDigger读取txt文件
user_agent="Mozilla/5.0(xll;linux x86_64; rv:19.0) Gecko/20100101-Firefox/19.0"
def build_wordlist(wordlist_file):
#读入字典文件
fd=open(wordlist_file,"rb")
raw_words=fd.readlines()
fd.close()
found_resume=False
words = queue.Queue()
for word in raw_words:
word=word.rstrip()
if resume is not None:
if found_resume:
words.put(word)
else:
if word==resume:
found_resume=True
print("Resuming wordlist from: %s" % resume)
else:
words.put(word)
return words
def dir_bruter(word_queue,extensions=None):
while not word_queue.empty():
attempt =word_queue.get()
attempt_list=[]
#检查是否有文件扩展名,如果没有
#就是我们要暴力破解的路径
if "." not in attempt:
attempt_list.append("/%s/" % attempt)
else:
attempt_list.append("/%s" %attempt)
# 如果我们想更多扩展
if extensions:
for extension in extensions:
attempt_list.appen("/%s%s" % (attempt,extension))
#迭代我们要尝试的文件列表
for brute in attempt_list:
url="%s%s" %(target_url,urllib.quote(brute))
try:
headers={}
headers["User-Agent"]=user_agent
r=urllib.Request(url,headers=headers)
response=urllib.urlopen(r)
if len(response.read()):
print("[%d]=>%s" % (response.code,url))
except urllib.error.URLError as e:
if hasattr(e,'code') and e.code!=404:
print("!!! %d=> %s" %(e.code,url))
pass
word_queue=build_wordlist(wordlist_file)
extensions=[".php",".bak",".org",".inc"]
for i in range(threads):
t=threading.Thread(target=dir_bruter,args=(word_queue,extensions,))
t.start()
03-27
2136
2136
06-14
277
277
08-06
536
536
“相关推荐”对你有帮助么?
-
非常没帮助 -
没帮助 -
一般 -
有帮助 -
非常有帮助
提交
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
