Dirsearch是一个 python 开发的目录扫描工具,目的是扫描网站的敏感文件和目录从而找到突破口。
安装
git clone https://github.com/maurosoria/dirsearch.git --depth 1快速开始
python3 dirsearch.py -u www.xxxxxx.com查看响应码为200的目录和文件是否存在敏感即可。报告会输出到./dirsearch/reports/目录下。
_|. _ _ _ _ _ _|_ v0.4.3
(_||| _) (/_(_|| (_| )
Extensions: php, aspx, jsp, html, js | HTTP method: GET | Threads: 25 | Wordlist size: 11463
Output File: /Users/zhangqin/mycode/vscode/dirsearch/reports/_www.xxxxxx.com/_22-11-09_21-44-07.txt
Target: https://www.qinlinkeji.com/
[21:44:08] Starting:
[21:44:09] 403 - 555B - /js
[21:44:10] 200 - 12KB - /.DS_Store
[21:44:10] 200 - 217B - /.git/config
[21:44:10] 200 - 73B - /.git/description
[21:44:10] 200 - 2KB - /.git/FETCH_HEAD
[21:44:10] 200 - 41B - /.git/HEAD
[21:44:10] 403 - 555B - /.git/
[21:44:10] 403 - 555B - /.git/branches/
[21:44:10] 200 - 240B - /.git/info/exclude
[21:44:10] 403 - 555B - /.git/hooks/
[21:44:10] 200 - 202B - /.git/logs/HEAD
[21:44:10] 200 - 269B - /.git/logs/refs/remotes/origin/master
[21:44:10] 403 - 555B - /.git/info/
[21:44:10] 403 - 555B - /.git/logs/
[21:44:10] 403 - 555B - /.git
[21:44:10] 200 - 35KB - /.git/index
[21:44:10] 200 - 41B - /.git/refs/remotes/origin/master
[21:44:10] 403 - 555B - /.git/objects/
[21:44:11] 403 - 555B - /.git/refs/
[21:44:11] 403 - 555B - /.git/refs/remotes
[21:44:11] 423 - 19B - /.git/logs/refs/remotes
[21:44:11] 403 - 555B - /.git/refs/heads
[21:44:11] 403 - 555B - /.git/refs/tags
[21:44:11] 403 - 555B - /.git/logs/refs/remotes/origin
[21:44:11] 403 - 555B - /.git/refs/remotes/origin
[21:44:11] 423 - 19B - /.git/logs/refs
[21:44:25] 403 - 555B - /applications
[21:44:32] 403 - 555B - /css
[21:44:34] 200 - 166B - /Dockerfile
[21:44:40] 403 - 555B - /images/
[21:44:40] 403 - 555B - /images
[21:44:42] 403 - 555B - /js/
[21:44:43] 403 - 555B - /json
[21:44:44] 200 - 0B - /login.html
[21:44:55] 200 - 8KB - /privacy.html
[21:44:58] 200 - 70B - /robots.txt
[21:45:01] 200 - 223B - /sitemap.xml
Task Completed常用参数
-u 指定网址
-e 指定网站语言
-w 指定字典
-r 递归目录(跑出目录后,继续跑目录下面的目录)