ffuf地址:ffuf/ffuf:用 Go 编写的快速 Web 模糊程序 (github.com)
ffuf用途:模糊测试
该脚本仅供参考,若拿来做非法用途,均与本人无关。请遵守网络安全法!
bat脚本:
::子域名枚举
ffuf -w common.txt -u http://FUZZ.ab.com -o 1.csv -of csv -s
::子域名csv文件转为txt文件
python 2.py
::目录扫描
for /f %%i in (target.txt) do (
set /a n+=1
ffuf -u %%i/FUZZ -w 1.txt -fc "404,302,301,307,401,403,405" -o 2.html -of html -recursion
)
pause>nul
csv文件转为txt文件python脚本:
import pandas as pd
import os
data = pd.read_csv('1.csv',encoding='utf-8')
with open('target.txt','a+',encoding='utf-8') as f:
for line in data.values:
f.write((str(line[1])+'\n'))