好记性不如铅笔头

安全, 操作系统

如何查找网站的子目录

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

kali:

dirb:

dirb的帮助信息如下,非常的清晰,如何添加header,cookie,用户名和密码的设置等都很详细。

root@kali:~# dirb

-----------------
DIRB v2.21    
By The Dark Raver
-----------------

./dirb <url_base> [<wordlist_file(s)>] [options]

========================= NOTES =========================
 <url_base> : Base URL to scan. (Use -resume for session resuming)
 <wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)

======================== HOTKEYS ========================
 'n' -> Go to next directory.
 'q' -> Stop scan. (Saving state for resume)
 'r' -> Remaining scan stats.

======================== OPTIONS ========================
 -a <agent_string> : Specify your custom USER_AGENT.
 -c <cookie_string> : Set a cookie for the HTTP request.
 -f : Fine tunning of NOT_FOUND (404) detection.
 -H <header_string> : Add a custom header to the HTTP request.
 -i : Use case-insensitive search.
 -l : Print "Location" header when found.
 -N <nf_code>: Ignore responses with this HTTP code.
 -o <output_file> : Save output to disk.
 -p <proxy[:port]> : Use this proxy. (Default port is 1080)
 -P <proxy_username:proxy_password> : Proxy Authentication.
 -r : Don't search recursively.
 -R : Interactive recursion. (Asks for each directory)
 -S : Silent Mode. Don't show tested words. (For dumb terminals)
 -t : Don't force an ending '/' on URLs.
 -u <username:password> : HTTP Authentication.
 -v : Show also NOT_FOUND pages.
 -w : Don't stop on WARNING messages.
 -X <extensions> / -x <exts_file> : Append each word with this extensions.
 -z <milisecs> : Add a miliseconds delay to not cause excessive Flood.

======================== EXAMPLES =======================
 ./dirb http://url/directory/ (Simple Test)
 ./dirb http://url/ -X .html (Test files with '.html' extension)
 ./dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist)
 ./dirb https://secure_url/ (Simple Test with SSL)

这里作者只是用最基本的方法,开始测试了一会就输入了【 q 】退出了。

root@kali:~# dirb http://cstriker1407.info

-----------------
DIRB v2.21    
By The Dark Raver
-----------------

START_TIME: Tue May  6 21:04:37 2014
URL_BASE: http://cstriker1407.info/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4592                                                          

---- Scanning URL: http://cstriker1407.info/ ----
+ Dumping session state and Quitting.                                                  
                                                                               
-----------------
DOWNLOADED: 65 - FOUND: 0

dirbuster:

dirbuster是一个GUI版本的查找工具。使用界面如下,还是比较简单的,如下图:

如果要设置用户名,密码或者http头等,可以进入高级选项设置,如下图:

metasploit:

使用【 HTTP Directory Scanner 】模块:

msfconsole / kali:

root@kali:~# msfconsole
msf > use auxiliary/scanner/http/dir_scanner
msf auxiliary(dir_scanner) > show advanced ==>>可以查看高级选项
。。。。。。
。。。。。。
msf auxiliary(dir_scanner) > show evasion ==>>可以查看其他选项
。。。。。。
。。。。。。
msf auxiliary(dir_scanner) > show options ==>>常用选项

Module options (auxiliary/scanner/http/dir_scanner):

   Name        Current Setting                                        Required  Description
   ----        ---------------                                        --------  -----------
   DICTIONARY  /opt/metasploit/apps/pro/msf3/data/wmap/wmap_dirs.txt  no        Path of word dictionary to use
   PATH        /                                                      yes       The path  to identify files
   Proxies                                                            no        Use a proxy chain
   RHOSTS                                                             yes       The target address range or CIDR identifier
   RPORT       80                                                     yes       The target port
   THREADS     1                                                      yes       The number of concurrent threads
   VHOST                                                              no        HTTP server virtual host

msf auxiliary(dir_scanner) > set RHOSTS 108.166.213.104 ==>>设置目标
RHOSTS => 108.166.213.104
msf auxiliary(dir_scanner) > cd /opt/metasploit/apps/pro/msf3/data/wmap/ ==>>可以看下都有哪些字典文件
msf auxiliary(dir_scanner) > ls
[*] exec: ls

whaler.txt
wmap_404s.txt
wmap_dirs.txt
wmap_files.txt
wmap_sample_profile.txt

msf auxiliary(dir_scanner) > exploit  ==>>开始测试

GUI / win7:

Leave a Reply

5 − 4 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据