Article directory
Preface
A record of the learning process of writing a directory scanning gadget written in Python.
1. Change
1. Brief description
I want to add multiple domain name file directory scanning. If it fails, you still need to add a multi-thread queue, etc.
2. Logic writing
User input file.
Extract the domain name URL and directory dictionary in the user input file and splice them one by one to request access.
Determine whether this directory exists based on the status code of the response packet.
Printout.
3. Result realization
In the current folder, create a new url.txt to store the domain name and dir.txt directory dictionary files. Then use python to open the HTTP service and scan it yourself.
4. Code part
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# author: Mauro_K
import requests
def scan():
#导入字典文件,url和目录拼接,发起HTTP请求,用过响应码判断目录是否存在
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"
}
url = input('请输入需要目录爆破的URL:').strip()
# 打开当前目录下的dir.txt字典文件,并遍历读取所有行然后返回一个列表。
with open('./dir.txt','rt',encoding='utf-8') as f:
m = f.readlines()
# 用for循环使url拼接dir.txt中的内容 然后请求访问后判断状态码是否是200
for i in m:
Url = url + i.strip()
response = requests.get(Url,headers=headers, timeout=1)
try:
if response.status_code == 200:
print('[+]存在目录:' + Url)
else:
pass
except Exception as e:
print(e)
def scand():
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"
}
# url文件存放的路径
pwd = input('请输入文件路径:').strip()
# 打开用户输入的文本,遍历读取所有行然后返回一个列表。
with open(pwd, 'rt', encoding='utf-8') as f:
m = f.readlines()
# 遍历文件中的url
for i in m:
# 打开当前目录下的dir.txt字典文件,遍历读取所有行然后返回一个列表。
with open('./dir.txt', 'rt', encoding='utf-8') as f:
j = f.readlines()
# 对用户输入的url文件中的所有URL 去逐一拼接字典文件中的目录
for h in j:
Url = i.strip() + h.strip()
response = requests.get(Url, headers=headers, timeout=1)
try:
if response.status_code == 200:
print('[+]存在目录:' + Url)
else:
pass
except Exception as e:
print(e)
def dirScan():
print('======================================================')
print('单个域名爆破请选择1:')
print('多个域名爆破请选择2:')
print('======================================================')
t = input('请输入扫描模式:').strip()
if t == '1':
scan()
elif t == '2':
scand()
else:
print('参数错误!')
if __name__ == '__main__':
dirScan()
2. Summary notes
1) After traversing the URL and directory dictionary, when combining the two to make an http request, you must first process them with the strip() function. Otherwise, there will be %0A at the end of the URL when making the request, causing the request to fail.
