利用Python對DVWA網站的子目錄和檔案進行列舉
阿新 • • 發佈:2022-05-27
1 import requests 2 import optparse 3 import sys 4 import os 5 import threading 6 7 class DirectoryFinder: 8 def __init__(self) -> None: 9 self.target = self.suffix_url(self.preprocess_url(self.get_params()[0])) 10 self.filename = self.get_params()[1] 11 self.session = ''12 self.extension = '.php' 13 self.banner() 14 15 def banner(self): 16 banner= """ 17 ************************************************** 18 19 **********Directory Finder Tool by Jason Wong***** 20 21 **************************************************22 23 24 """ 25 print(banner) 26 27 def get_params(self): 28 parser = optparse.OptionParser('Usage: <Program> -t target url -f wordlist') 29 parser.add_option('-t', '--target', dest='target', type='string', help='Specify target url') 30 parser.add_option('-f', '--filename', dest='filename', type='string', help='Specify wordlist') 31 options, args = parser.parse_args() 32 if options.target is None or options.filename is None: 33 print(parser.usage) 34 sys.exit() 35 if not os.path.exists(options.filename): 36 print('[-] The file does not exist') 37 sys.exit(0) 38 39 return options.target, options.filename 40 41 def preprocess_url(self, url): #判斷使用者輸入的URL的字首以及字尾,並進行處理使其格式化,方便後續的流程 42 if url.startswith('http://'): 43 return url 44 elif url.startswith('https://'): 45 return url 46 else: 47 return 'http://'+url 48 49 def suffix_url(self,url): 50 if url.endswith('/'): 51 return url 52 else: 53 return url+'/' 54 55 def check_web_status(self): #對初始URL進行訪問,看目標網站是否存在,如果否,那麼表明無需繼續進行後續的列舉 56 try: 57 response = requests.get(self.target) 58 if response.status_code == 200: 59 return True 60 else: 61 return False 62 except: 63 return False 64 65 def login(self): 66 try: 67 login_url = self.target+'login.php' #利用Session,一旦輸入使用者名稱與密碼成功登陸,那麼該Session將用來後面目錄的列舉 68 self.session = requests.Session() 69 post_data = { 70 "username": "admin", 71 "password": "password", 72 "Login": "Login" 73 } 74 response = self.session.post(url=login_url, data=post_data).text 75 76 if 'You have logged' in response: 77 return True 78 return False 79 except Exception as e: 80 print(e) 81 sys.exit(0) 82 83 84 def request_verify(self,url): 85 try: 86 response = self.session.get(url=url) 87 if response.status_code == 200: 88 print(url) 89 except: 90 pass 91 92 93 def run(self): 94 if not self.check_web_status(): 95 print("No web service is running over the target: %s" % self.target) 96 sys.exit() 97 98 if self.login(): 99 100 with open(self.filename, 'r') as f: 101 102 while True: 103 line = f.readline() 104 if not line: 105 break 106 if line.startswith('#'): #有些字典檔案的前面部分是檔案的註釋,那麼需要對是否為註釋進行判斷 107 continue 108 109 if line.strip() == 'logout': #如果是logout就不要去發起請求,否則會話結束 110 continue 111 112 if line.strip() == 'setup': 113 continue 114 115 url = self.target + line.strip() + self.extension 116 t = threading.Thread(target=self.request_verify, args=(url, )) 117 t.start() 118 else: 119 print("[-] Failed to authenticate") 120 121 if __name__ == '__main__': 122 directoryfinder = DirectoryFinder() 123 directoryfinder.run()