多线程WEB目录爆破工具 [Multi-thread WEB directory blasting tool(with dics inside) ]
Python
Switch branches/tags
Nothing to show
Clone or download
Permalink
Failed to load latest commit information.
dics 1.0 fin Jan 29, 2016
libs fix bug Jul 4, 2016
README.md Update README.md Mar 10, 2016
dirbrute.py fix bug Jul 4, 2016

README.md

DirBrute

多线程WEB目录爆破工具(含字典)
Multi-thread WEB directory blasting tool(with dics inside)

可自定义线程,探测WAF,加载本地字典

Usage: dirbrute.py target [options] 
Example: python dirbrute.py www.cdxy.me -e php -t 10
         python dirbrute.py www.cdxy.me -t 10 -d ./dics/ASP/uniq

Options:
  -h, --help            show this help message and exit
  -e EXT, --ext=EXT     Choose the extension: php asp aspx jsp...
  -t THREADS_NUM, --threads=THREADS_NUM
                        Number of threads. default = 10
  -d DIC_PATH, --dic=DIC_PATH
                        Default dictionaty: ./dics/dirs.txt

计算

  • 多线程并行
  • 非阻塞

附加模块

  • WAF探测
checking if the target is protected by 
some kind of WAF/IPS/IDS

heuristics detected that the target 
is protected by some kind of WAF/IPS/IDS

are you sure that you want to 
continue with further fuzzing? [y/N]

字典

附加收集各类型字典未删减版

  • ASP
  • JSP
  • PHP
  • COMMON 通用路径
  • DB 数据库文件
  • CMS_EXP CMS探测向量和一些常见漏洞利用点
  • %EXT% 猪猪侠大牛的字典,需要指定后缀名使用

配置文件

timeout = 3 # 超时时间
allow_redirects = True # 是否允许URL重定向
headers = { # HTTP 头设置
    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/535.20 (KHTML, like Gecko) Chrome/19.0.1036.7 Safari/535.20',
    'Referer' : 'http://www.google.com',
    'Cookie': 'whoami=wyscan_dirfuzz',
}
proxies = { # 代理配置
    # "http": "http://user:pass@10.10.1.10:3128/",
    # "https": "http://10.10.1.10:1080",
    # "http": "http://127.0.0.1:8118", # TOR 洋葱路由器
}

参考

ring04h/dirfuzz
sqlmapproject/sqlmap