下載
我的電腦是Windows,而且我也有python3.6的環境,所以我是直接clone到本地就能使用了。
命令的提示在上面的下載地址裏就有,這裏給個最簡單的命令(腳本小子專屬,我也要好好學習技術)
python3 dirsearch.py -u <URL> -e <EXTENSION>
翻譯:
python3 dirsearch.py -u 網址 -e 語言
URL知道是網址,這個EXTENSION看前輩們說是指定網站語言的意思
例:
py dirsearch.py -u www.xxx.com -e php 或
py dirsearch.py -u www.xxx.com -e *
下載之後根目錄下有個readme文件,很明顯這個文件就是具體的使用方法,這裏因爲文件太長了,就粘貼到下面了哈哈,文檔是英文的,百度翻譯一下,勉強看懂。也許可以幫你省下一些功夫
dirsearch
=========
當前版本: v0.3.9 (2019.11.26)
概述
--------
dirsearch是一個簡單的命令行工具,用於強制執行網站中的目錄和文件。
下載方法 & 用處
------------
``
git clone https://github.com/maurosoria/dirsearch.git
cd dirsearch
python3 dirsearch.py -u <URL> -e <EXTENSION>
``
也可以使用此【alias】直接發送到代理
`python3 /path/to/dirsearch/dirsearch.py --http-proxy=localhost:8080`
選項
-------
``
選項:
-h, --help 顯示此幫助消息和退出
強制性的,命令:
-u URL, --url=URL URL target
-L URLLIST, --url-list=URLLIST
URL list target
-e EXTENSIONS, --extensions=EXTENSIONS
Extension list separated by comma (Example: php,asp)
-E, --extensions-list
Use predefined list of common extensions
Dictionary Settings:
-w WORDLIST, --wordlist=WORDLIST
-l, --lowercase
-f, --force-extensions
Force extensions for every wordlist entry (like in
DirBuster)
General Settings:
-s DELAY, --delay=DELAY
Delay between requests (float number)
-r, --recursive Bruteforce recursively
-R RECURSIVE_LEVEL_MAX, --recursive-level-max=RECURSIVE_LEVEL_MAX
Max recursion level (subdirs) (Default: 1 [only
rootdir + 1 dir])
--suppress-empty, --suppress-empty
--scan-subdir=SCANSUBDIRS, --scan-subdirs=SCANSUBDIRS
Scan subdirectories of the given -u|--url (separated
by comma)
--exclude-subdir=EXCLUDESUBDIRS, --exclude-subdirs=EXCLUDESUBDIRS
Exclude the following subdirectories during recursive
scan (separated by comma)
-t THREADSCOUNT, --threads=THREADSCOUNT
Number of Threads
-x EXCLUDESTATUSCODES, --exclude-status=EXCLUDESTATUSCODES
Exclude status code, separated by comma (example: 301,
500)
--exclude-texts=EXCLUDETEXTS
Exclude responses by texts, separated by comma
(example: "Not found", "Error")
--exclude-regexps=EXCLUDEREGEXPS
Exclude responses by regexps, separated by comma
(example: "Not foun[a-z]{1}", "^Error$")
-c COOKIE, --cookie=COOKIE
--ua=USERAGENT, --user-agent=USERAGENT
-F, --follow-redirects
-H HEADERS, --header=HEADERS
Headers to add (example: --header "Referer:
example.com" --header "User-Agent: IE"
--random-agents, --random-user-agents
Connection Settings:
--timeout=TIMEOUT Connection timeout
--ip=IP Resolve name to IP address
--proxy=HTTPPROXY, --http-proxy=HTTPPROXY
Http Proxy (example: localhost:8080
--http-method=HTTPMETHOD
Method to use, default: GET, possible also: HEAD;POST
--max-retries=MAXRETRIES
-b, --request-by-hostname
By default dirsearch will request by IP for speed.
This forces requests by hostname
Reports:
--simple-report=SIMPLEOUTPUTFILE
Only found paths
--plain-text-report=PLAINTEXTOUTPUTFILE
Found paths with status codes
--json-report=JSONOUTPUTFILE
``
支持的操作系統(看起來幾乎所有系統都支持)
---------------------------
- Windows XP/7/8/10
- GNU/Linux
- MacOSX
Features
--------
- Multithreaded
- Keep alive connections
- Support for multiple extensions (-e|--extensions asp,php)
- Reporting (plain text, JSON)
- Heuristically detects invalid web pages
- Recursive brute forcing
- HTTP proxy support
- User agent randomization
- Batch processing
- Request delaying
About wordlists
---------------
詞典必須是文本文件。每一行都將按原樣進行處理,除了使用特殊單詞%EXT%外,它將爲作爲參數傳遞的每個擴展名(-e |--extension)生成一個條目。
Example:
- example/
- example.%EXT%
傳遞擴展名“asp”和“aspx”將生成以下詞典:
- example/
- example.asp
- example.aspx
You can also use -f | --force-extensions switch to append extensions to every word in the wordlists (like DirBuster).
還可以使用-f |--force extensions開關將擴展附加到單詞列表中的每個單詞(如DirBuster)。
## Support Docker
### Install Docker Linux
Install Docker
```sh
curl -fsSL https://get.docker.com | bash
``
> To use docker you need superuser power(需要root-超級用戶)
### Build Image dirsearch
To create image
``sh
docker build -t "dirsearch:v0.3.8" .
``
> **dirsearch** this is name the image and **v0.3.8** is version
### Using dirsearch
For using
``sh
docker run -it --rm "dirsearch:v0.3.8" -u target -e php,html,png,js,jpg
``
> 目標是 [網站](如:www.xxx.php) 或 [IP](如:127.0.0.1)
許可證
-------
Copyright (C) Mauro Soria (maurosoria at gmail dot com)
License: GNU General Public License, version 2
貢獻者
---------
特別感謝這些人:
- mzfr
- Damian89
- Bo0oM
- liamosaur
- redshark1802
- SUHAR1K
- FireFart
- k2l8m11n2
- vlohacks
- r0p0s3c
根目錄下的db文件夾有,似乎是可以控制掃描目錄
的文件dicc.txt
,可以往裏面加想要掃描的目錄名。如可以添加www.php
,等等……這就很舒服了。好了,等有空再更新其他用法,web萌新,希望有人可以交流。