python实现网站目录扫描

python实现网站目录扫描

大致流程确定如下:

根据流程图确定使用getopt,sys模块来接受参数,并进行处理, threading模块来处理多线程, requests模块来执行扫描功能, math线程的向上取整.

1. 打印工具的banner信息

   def banner():
       print ("*" * 57)
       print ("*" * 3 + " " * 19 + "DirBrute v 1.0" + " " * 18 + "*" * 3)
       print ("*" * 3 + " " * 12 + "This tool just develop fun!" + " " * 12 + "*" * 3)
       print ("*" * 57)
   

2. 声明使用方法

   # python Dirbrute.py -u url -t thread -d dictionary
   
   def usage():
       print ("*" * 57)
       print ("*" * 3 + " " * 13 + "This is the tool's usage" + " " * 14 + "*" * 3)
       print ("*" * 3 + "python Dirbrute.py -u url -t threads -d dictionary!" + "*" * 3)
       print ("*" * 57)
   

3. 判断接收参数是否完整如果完整了传递给特定的变量

def start():
    if len(sys.argv) == 7:
        # This is true length
        opts, args = getopt.getopt(sys.argv[1:], "u:t:d:")
        for k, v in opts:
            if k == "-u":
                url =v
            elif k == "-t":
                threads = v
            elif k == "-d":
                dic = v
        multi_scan(url, threads, dic)
    else:
        print ("Error Argument!")
        sys.exit()

4. 多线程的实现

   • 第一步读字典文件
   • 第二步 确定读取的行数 len(dic_list) / threads 向上去取整
   • 第三步 确定每个线程读取的列表[[t1],[t2],[t3],…]

   def multi_scan(url,threads,dic):
       # 第一步读字典文件
       # 第二步 确定读取的行数 len(dic_list) / threads 向上去取整
       # 第三步 确定每个线程读取的列表[[t1],[t2],[t3],...]
       result_list = []
       threads_list = []
       with open(dic, "r") as f:
           dic_list = f.readlines()
           if len(dic_list) % int(threads) == 0:
               thread_read_line_num = len(dic_list) / int(threads)
           else:
               thread_read_line_num = math.ceil(len(dic_list) / int(threads))
           i = 0
           temp_list = []
           for line in dic_list:
               i += 1
               if i % thread_read_line_num == 0:
                   temp_list.append(line.strip())
                   result_list.append(temp_list)
                   temp_list = []
               else:
                   temp_list.append(line.strip())
       for i in result_list:
           # print (i)
           threads_list.append(threading.Thread(target = scan, args = (url,i)))
       for t in threads_list:
           t.start()
   

5. 扫描功能

      def scan(url, dic):
          # 实现扫描功能 requests
          for line in dic:
              r = requests.get(url = url + '/' + line)
              if r.status_code == 200 or r.status_code == 302:
                  print (r.url + " : " + str(r.status_code))
   

6. 调用程序

   if __name__ == "__main__":
   	banner()
   	suage()
   	start()
   

7. 程序结果:

pig@deep:~/Desktop$ python3 Dirbrute.py -u http://127.0.0.1/ -t 1 -d dic.txt
*********************************************************
***                   DirBrute v 1.0                  ***
***            This tool just develop fun!            ***
*********************************************************
*********************************************************
***             This is the tool's usage              ***
***python Dirbrute.py -u url -t threads -d dictionary!***
*********************************************************
http://127.0.0.1//readme.txt : 200
http://127.0.0.1//images/ : 200
http://127.0.0.1//index.html : 200
http://127.0.0.1/images/ : 200
pig@deep:~/Desktop$

dic.txt

简书:
https://www.jianshu.com/p/537e1e66ad14
个人博客:
http://pigdaqiang.top