cansina 目录_安全工具-cansina

Cansina是一款Web内容的发现工具，使用该工具指定详细的web目录内容作为payload即可破探测出web路径等资源。

工具安装操作如下

pip install --user requests[security]

git clone--depth=1 https://github.com/deibit/cansina

安装后在安装目录里可以看到以下文件

点击cansina.py的帮助信息

tdcqma:cansina $ ./cansina.py --help

usage: cansina.py -u url -p payload [options]

Cansina is a web content discovery tool. It makes requests and analyze the

responses trying to figure out whether the resource is or not accessible.

optional arguments:

-h, --help show this help message and exit

-A AUTHENTICATION Basic Authentication (e.g: user:password)

-C COOKIES your cookies (e.g: key:value)

-D Check for fake 404 (warning: machine decision)

-H Make HTTP HEAD requests

-P PROXIES Set a http and/or https proxy (ex:

http://127.0.0.1:8080,https://...

-S Remove ending slash for payloads

-T REQUEST_DELAY Time (a float number, e.g: 0.25 or 1.75) between

requests

-U Make payload requests upper-case

-a USER_AGENT The preferred user-agent (default provided)

-b BANNED List of banned response codes

-B UNBANNED List of unbanned response codes, mark all response as

invalid without unbanned response codes, higher

priority than banned

-c CONTENT Inspect content looking for a particular string

-d DISCRIMINATOR If this string if found it will be treated as a 404

-e EXTENSION Extension list to use e.g: php,asp,...(default none)

-p PAYLOAD A single file, a file with filenames (.payload) or a

directory (will do *.txt)

-s SIZE_DISCRIMINATOR

Will skip pages with this size in bytes (or a list of

sizes 0,500,1500...)

-t THREADS Number of threads (default 4)

-u TARGET Target url

-r RESUME Resume a session

-R Parse robots.txt and check its contents

--recursive Recursive descend on path directories

--persist Use HTTP persistent connections

--full-path Show full path instead of only resources

--show-type Show content-type in results

--no-follow Do not follow redirections

License, requests, etc: https://github.com/deibit/cansina

使用cansina进行目录内容探测，其中-u指定待扫描域名，-p指定的./directory_list/dire.list则是需要自己配制添加目录字典文件

tdcqma:cansina $ ./cansina.py -u http://pen.test.com.cn/ -p ./directory_list/dire.list

Resolving pen.test.com.cn

HTTP GET requests

Banned response codes:404Using payload: ./directory_list/dire.list

Generating payloads...

Spawning4threads

Total requests34926 (aprox: 8731 /thread)

cod| size | line | time |

----------------------------------

200 | 730 | 10925 | 42 | /cfide/administrator200 | 730 | 13680 | 41 | /dms/AggreSpy200 | 730 | 13681 | 26 | /dms/DMSDump200 | 730 | 14981 | 43 | /etc/motd200 | 730 | 14984 | 36 | /etc/shadow200 | 730 | 18543 | 42 | /iisadmin

参考：https://github.com/deibit/cansina