当前位置:网站首页>Magic weapon - sensitive file discovery tool
Magic weapon - sensitive file discovery tool
2022-07-07 21:18:00 【Network security alliance station】
Caesar
️Caesar A new sensitive file discovery tool
Project brief introduction
File scanning is a basic part of security service , There are also many tools for document scanning on the Internet , For example, the imperial sword ,7kbscan,dirsearch etc. , But there are still many problems in actual combat , Such as cross platform issues and dynamics 404 problem . So I rebuilt a wheel according to my own experience .
Project features
- One Support mainstream platforms : Thanks to the golang Cross platform advantages . A compilation , Run anywhere .
- Two Powerful concurrency : golang Concurrency is unique .12 Under the thread, thousands of requests per second can be realized . For safety reasons , By default, only 3 Threads .
- 3、 ... and Path memory function : Caesar You can remember the hit times of the path , Next time I run , The path with more hits will have higher priority .
- Four dynamic 404 Judge : There is no page returned for the website 404,200,3xx The status code can automatically identify and judge .
- 5、 ... and Dynamic file suffix scanning function : For example, discovery index.php after , The program will scan in two-stage scanning index.php.txt, index.php.swp, index.php.bak.
- 6、 ... and Dynamic directory scanning function : For example, discovery /admin after , The program will scan in two-stage scanning admin.zip, admin.rar, admin.tar, admin.tar.gz.
- 7、 ... and Customizable http Request header : modify config.yml Of Headers You can add request header content .
- 8、 ... and Customizable User-Agent: modify config.yml Of UserAgent Can achieve random UA.
- Nine Customizable proxy : modify config.yml Of Proxy Proxy access can be realized .
- Ten Customizable cookie: modify config.yml Of Cookie When visiting the website, you will bring cookie.
- 11、 ... and Oversized dictionary : The program comes with it common,jsp,asp,php,spring,weblogic Dictionaries , Total over 10 Ten thousand paths , Of course, you can also customize yourself .
- Twelve Too many errors, automatic exit function : When the access target timeout reaches a certain number, the task will be automatically terminated .
- 13、 ... and Support -r Read http request : similar sqlmap Of -r function .
- fourteen Support batch scanning : You can get multiple targets from text .
The required compilation environment
Golang 1.15( recommend )
Save the results
Logs and discovered information will be saved in results Under the table of contents
🥎 Path Dictionary
The path dictionary is assets/directory Under the table of contents , Compared with other programs, the path text dictionary ,Caesar The path Dictionary of is json, Can pass
caesar convert -d ~/path/
Convert the ordinary path dictionary into something that the program can recognize json Dictionaries . Put the converted dictionary in assets/directory Under the directory .
Third party framework
- pb - Terminal progress bar implementation
- logrus - A very simple but powerful logger
- cobra - Cobra It's both a way to create a powerful modern CLI Command line golang library , It's also a program that generates program applications and command line files
- fasthttp - fasthttp yes Go Fast HTTP Realization
TODO
- common MVC Framework recognition and dictionary optimization . One spring For frame .jsp The path scan of is obviously inappropriate
- Directory iterative scan
- common WAF Prevent suffix recognition .WAF Will prevent similar /www.zip Request , Return something different from the application itself ban Information
- Continuous optimization and bug Repair
- 403 Directory bypass function
Project address
https://github.com/0ps/Caesar
边栏推荐
- How to meet the dual needs of security and confidentiality of medical devices?
- Using enumeration to realize English to braille
- What stocks can a new account holder buy? Is the stock trading account safe
- 开户还得用身份证银行卡安全吗,我是小白不懂
- Unity3d 4.3.4f1执行项目
- POJ 3140 Contestants Division「建议收藏」
- 恶魔奶爸 C
- Static analysis of software defects codesonar 5.2 release
- 恶魔奶爸 A3阶段 近常速语流初接触
- CodeSonar如何帮助无人机查找软件缺陷?
猜你喜欢
万字总结数据存储,三大知识点
Details of C language integer and floating-point data storage in memory (including details of original code, inverse code, complement, size end storage, etc.)
智能软件分析平台Embold
使用高斯Redis实现二级索引
Small guide for rapid formation of manipulator (12): inverse kinematics analysis
Measure the height of the building
Don't fall behind! Simple and easy-to-use low code development to quickly build an intelligent management information system
OneSpin | 解决IC设计中的硬件木马和安全信任问题
SQL injection error report injection function graphic explanation
使用枚举实现英文转盲文
随机推荐
GridView defines its own time for typesetting "suggestions collection"
Implementation of mahout Pearson correlation
POJ 3140 Contestants Division「建议收藏」
国家正规的股票交易app有哪些?使用安不安全
Small guide for rapid formation of manipulator (11): standard nomenclature of coordinate system
Small guide for rapid formation of manipulator (12): inverse kinematics analysis
Spark judges that DF is empty
Devil daddy B1 hearing the last barrier, break through with all his strength
Is private equity legal in China? Is it safe?
Unity3d 4.3.4f1 execution project
Insufficient permissions
Word inversion implements "suggestions collection"
How to meet the dual needs of security and confidentiality of medical devices?
object-c编程tips-timer「建议收藏」
[function recursion] do you know all five classic examples of simple recursion?
Problems encountered in installing mysql8 for Ubuntu and the detailed installation process
Data sorting in string
【矩阵乘】【NOI 2012】【cogs963】随机数生成器
Postgresql数据库character varying和character的区别说明
Apifox interface integrated management new artifact