Article directory
Preface
A record of the learning process of writing a directory scanning gadget written in Python.
1. Beginning
1. Brief description
The simplest directory scanning is to add a URL to the spliced path, and then perform a survival request judgment. If the return status code is 200, it means survival, otherwise it will pass.
2. Logic writing
The user enters the URL
and then splices the directory dictionary according to the URL entered by the user to make a request for access.
It determines whether this directory exists based on the status code of the response package
and prints the output .
3. Result realization
Create a blank folder and create a few files, then use python to start the HTTP service, create a dictionary and scan it yourself.
4. Code part
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# author: Mauro_K
import requests
def scan():
#导入字典文件,url和目录拼接,发起HTTP请求,用过响应码判断目录是否存在
headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"
}
url = input('请输入需要目录爆破的URL:').strip()
# 打开当前目录下的dir.txt文件,并遍历读取所有行然后返回一个列表。
with open('./dir.txt','rt',encoding='utf-8') as f:
m = f.readlines()
# 用for循环使url拼接dir.txt中的内容 然后请求访问后判断状态码是否是200
for i in m:
Url = url + i.strip()
response = requests.get(Url,headers=headers, timeout=1)
try:
if response.status_code == 200:
print('[+]存在目录:' + Url)
else:
pass
except Exception as e:
print(e)
if __name__ == '__main__':
scan()
2. Summary notes
1) Choose with…as… because it will automatically close when the file is read.
#使用 with...as... 将文件取别名,open()为了打开文件,r参数为只读
#使用 with...as... 的好处在于,在对文件进行操作后,会自动关闭文件
with open("shell.txt","r") as f:
f.readline() #读取一行
f.readlines() #全部读取
f.read(10) #读取指定字节
2) python file open() function parameters: comparison between r and rb
读取文本文件时,不要使用rb模式打开文件,而应该仅使用r模式。
推荐使用r打开文本文件。因为使用此模式打开文本文件时,python会默认为我们做一些处理,
比如:假设在windows下,将本来应该读入的换行符\r\n处理成\n,方便我们处理。
(值得一提的是,当你将\n写入文件时,python也会默认将其替换成\r\n,如果你是win系统的话)
补充:其实是启用了通用换行符支持(UNS),它默认开启。
使用rb的话,则python不会对文本文件预处理了,你读入的\r\n依然是\r\n.
t是文本模式