路径扫描:
这个脚本是通过异步IO请求,通过创建多个进程来增加扫描速度,通过返回状态码不同来判断是否存在子路径。(如果存在域名泛解析,则需要和目标域名网页的MD5比对,比对相同则表示存在域名泛解析,当然这种判断方式存在误差,后面会同步域名泛解析判断脚本),这里只是熟悉并利用python3异步IO的特性,测试扫描速度。
需要修改参数:target : 目标域名
urlpath:字典文件
processnum:进行数
源码仅供参考
import hashlib
import aiohttp
import asyncio
from multiprocessing import Process, Queue, Manager
# """
# aiohttp:发送http请求
# 1.创建一个ClientSession对象
# 2.通过ClientSession对象去发送请求(get, post, delete等)
# 3.await 异步等待返回结果
# """
class Dirscan():
def __init__(self,target):
self.target = target
self.targetmd5 = ''
self.allqueue = Queue()
self.urlpath =r'字典文件' #字典文件,可以修改
self.Ansdomain = Manager().list()
self.processnum = 8 #进程数 可以修改
self.alldictnum= 0
def dicturl(self):
with open(self.urlpath,'r',encoding='utf-8') as f:
for i in f.readlines():
self.allqueue.put(self.target+'/'+i.strip('\n'))
self.alldictnum= self.allqueue.qsize()
async def main(self,url):
async with aiohttp.ClientSession() as session:
async with session.get(url) as res:
htmlstr= await res.text()
md5hash = hashlib.md5(htmlstr.encode("utf8"))
md5 = md5hash.hexdigest()
return res.status,md5
def dirscan(self):
loop = asyncio.get_event_loop()
task = loop.create_task(self.main(self.target))
status, self.targetmd5 = loop.run_until_complete(task)
while self.allqueue.empty() != True:
tmp = self.allqueue.get()
task = loop.create_task(self.main(tmp))
try:
print('\r'+str(int(self.alldictnum)-int(self.allqueue.qsize()))+'/'+str(int(self.alldictnum)),end='')
status,mad5 = loop.run_until_complete(task)
#print('bad : '+tmp)
if ((status==200) and (mad5!=self.targetmd5)):
print('OK : '+tmp)
self.Ansdomain.append(tmp)
except Exception as e:
print(e)
def SetProcess(self):
self.dicturl()
allprocess = []
for i in range(0, self.processnum):
p = Process(target=self.dirscan, args=())
p.start()
allprocess.append(p)
for i in allprocess:
i.join()
for i in allprocess:
i.close()
if __name__ == '__main__':
obj = Dirscan('http://4399.com')
obj.SetProcess()