python掃描web路徑小工具

twhackteam

Administrator
站方人員

請求對比:​

GET:使用GET請求某個路徑取得傳回的回應。請求參數會暴露在外

HEAD:特別適用在優先的速度和頻寬下

1.檢查資源的有效性。

2.檢查超連結的有效性。

3.檢查網頁是否被串改。

4.多用於自動搜尋機器人獲取網頁的標誌訊息,獲取rss種子訊息,或傳遞安全認證訊息等。

python掃描web路徑小工具-1.png





想法:讓使用者可以呼叫指定的web字典進行掃描,並加入過濾資訊。
當傳回的URL的狀態碼為200且無過濾清單裡面關鍵字則判定為存在該路徑。


代碼:


<span>import</span> requests<br><span>import</span> os<br><br>urlw=[]<br>okurl=[]<br>noturl=[]<br> error=[<span>'404'</span>,<span>'Not Found'</span>,<span>'403'</span>,<span>'找不到'</span>,<span>'沒有權限'</span>,<span>'360'< /span>,<span>'雲端鎖'</span>,<span>'網站防火牆'</span>,<span>'D盾'</span>,<span>'百度雲加速'</ span>] <span>//</span>過濾清單<br>headers={<span>'user-agent'</span>:<span>'Opera/9.80(WindowsNT6.1;U;en)Presto/2.8. 131Version/11.11'</span>}<br>ld=os.listdir(<span>'dict'</span>)<br><span>print</span>(<span>'[+]Discovery directory'</span>)<br><span>for</span> l <span>in</span> ld:<br> <span>print</span>(<span>'[+]find' </span>,l)<br><br><span>print</span>(<span>''</span>)<br>user=input(<span>'Please choose:'</span>)<br>user2=input(<span>'Enter your URL:'</span>)<br><span>if</span> os.path.exists(<span>' dict/{}'</span>.format(user)):<br> <span>print</span>(<span>'[+]File existence {}'</span>.format(user))<br>else:<br> <span>print</span>(<span>'[-]file does not exist {}'</span>.format (user))<br> exit()<br><br>ope=open(<span>'dict/{}'</span>.format(user),<span>'r'</span>)<br><span>for </span> r <span>in</span> ope.readlines():<br> url=user2.strip()+<span>""</span>.join(r.split(<span>'\n'</span>))<br> urlw.append(url)<br>< br>def ether(urls):<br> try:<br> reqt=requests.head(url=urls,headers=headers,allow_redirects=True)<br> <span>for</span> e <span>in</span> error:<br> <span>if</span> reqt.status_code==<span>200</span> <span>and</span > e <span>not</span> <span>in</span> reqt.text: <span>//</span>判斷<br> <span>yes</span>=<span>'[200]=>Discovery path:{}'</span>.format(reqt.url)<br> <span>if</span> <span> yes</span> <span>in</span> okurl:<span>continue</span> <span>//</span>去重<br> okurl.append(<span>yes</span>)<br> <span>print</span>(<span>yes</span>)<br><br> else:<br> <span>no</span >=<span>'[{}]=>Can t find:{}'</span>.format(reqt.status_code,reqt.url)<br> <span>if</span> <span>no</span> <span>in</span> noturl:<span>continue</span> <span>//</span>去重<br> noturl. append(<span>no</span>)<br> <span>print</span>(<span>no</span>)<br> except Exception <span>as</span> g:<br> <span>print</span>(<span>'[-]Error in {} url:{}'</span>.format(g,reqt.url))<br><br> <span>for</span> w <span>in</span> urlw:<br> ether(w)<br>

測試效果:

python掃描web路徑小工具-2.png
 
返回
上方