Catalog

One 、robots.txt

1.1、 brief introduction ：

1.2、 understand ：

Two 、 Mitsurugi

2.1、 download ：

2.2、 Use ：

3、 ... and 、dirsearch

3.1、 download ：

3.2、 Based on using ：

Four 、Dirb

4.1、 brief introduction ：

4.2、 Use ：

Basics ：

scanning ：

5、 ... and 、Gobuster

5.1、 brief introduction ：

5.2、 download ：

One 、robots.txt

1.1、 brief introduction ：

Talking about catalogue , The first one should think of checking robots.txt file

---

1.2、 understand ：

【robots agreement 】 brief introduction 、 understand https://blog.csdn.net/qq_53079406/article/details/125898777?spm=1001.2014.3001.5501

Two 、 Mitsurugi

2.1、 download ：

You can find , Don't put links here

---

2.2、 Use ：

Something that can be seen at a glance

3、 ... and 、dirsearch

3.1、 download ：

kail It's self-contained

GitHub - maurosoria/dirsearch: Web path scannerhttps://github.com/maurosoria/dirsearchPython 3.7 And above

If it's in Windows Download it

After opening and using , Tips ： Missing required dependencies

Then input Y, Installation

3.2、 Based on using ：

dirsearch.py [-u|--url] target（ Specifically URL） [-e|--extensions] extensions（ Expand ） [options]

---

-u Appoint url

-e Specify the website language

-w You can add your own dictionary （ With path ）

-r Recursive blasting （ Find a directory , Blast after the catalogue ）

--random-agents agent （ The agent directory is uesr-agents.txt in , You can add ）

……

Four 、Dirb

4.1、 brief introduction ：

effect ：

Information collection tools （kail Bring their own ）

---

Purpose ：

Dictionary based web Directory scanning tool , Find existing （ Hidden ）Web object

---

Method ：

Yes Web The server initiates a dictionary based attack and analyzes the data in response . Use recursion to get more directories , Support for agents and http Authentication restricted websites

4.2、 Use ：

Basics ：

Format ：dirb <url_base> [<wordlist_file(s)>] [options]

Parameters	effect
-a	Set up user-agent
-p<proxy[:port]>	Setting agent
-c	Set up cookie
-z	Add millisecond delay , Avoid floods
-o	Output results
-X	Add a suffix after each dictionary
-H	Add request header
-i	Case insensitive search

scanning ：

Basic scanning ：

dirb Add the goal URL

---

Search for specific files （ Here for php）

dirb The goal is URL -X .php

---

output to a file （ Here for 1.txt）

dirb The goal is URL -o 1.txt

---

Speed delay （ Here is 100us）

dirb The goal is URL -z 100

---

HTTP Authorize scanning

dirb The goal is URL -u username:password

……

5、 ... and 、Gobuster

5.1、 brief introduction ：

GO language-written

To the directory 、 file 、DNS and VHost And so on

dir： The traditional blasting mode ;

dns：DNS Subdomain explosion mode ;

vhost： Virtual host burst mode

5.2、 download ：

Releases · OJ/gobuster · GitHubhttps://github.com/OJ/gobuster/releases