当前位置:网站首页>One of oscp tools: dirsearch usage Encyclopedia
One of oscp tools: dirsearch usage Encyclopedia
2022-07-07 03:56:00 【Time for a cup of coffee】
Catalog
Import from a file http Usage of requests
dirsearch
The target of the scan
-u,--url The goal is url
-l,--url-list=FILE The goal is url File path
--stdin Specify... From standard input url
--cidr Target segment
--raw=File Read from file request message , adopt -schema Specify policy ( Such as --schema https)
Type of dictionary scanned
-e,--extensions Included file extension ( Comma separated ) Such as -e php,asp
-X,--exclude-extensions Excluded file extensions ( Comma separated ) Such as -X asp,jsp
-f,--force-extensions Add a file extension after each record in the dictionary
dirsearch By default, only the dictionary %EXT% For the specified extensions
Such as -e php Wishlist.%EXT%-->Wishlist.php
Dictionary formatting
-w,--wordlists Customize wordlist( Separated by commas )
--prefixes Add custom prefix
--suffixes Add a custom suffix
--only-selected Filter out the specified file extension name or directory without file extension name
--remove-extensions Remove all wordlist The suffix of (admin.php --> admin)
-U, --uppercase Convert dictionary to uppercase
-L, --lowercase Convert the dictionary to lowercase
-C, --capital The first letter is capitalized and the remaining letters are lowercase
Filtering of response results
-i Reserved response status code ( Separated by commas , Support specified range ) Such as (-i 200,300-399)
-x Excluded response status code ( Separated by commas , Support specified range ) Such as (-x 301,500-599)
--exclude-sizes Exclude by size ( Separated by commas ) Such as (123B,4KB)
--exclude-texts Exclude responses by text content ('Not found', 'Error')
--exclude-regexps Exclude responses by regular matching ('Not foun[a-z]{1}', '^Error$')
--exclude-redirects Eliminate the response by regularly jumping to the target ('https://okta.com/*')
--minimal Minimum response message length
--maximal Maximum response message length
Request related settings
-m,--http-method HTTP Request method The default is GET
-d,--data HTTP Request data
-H,--header Request header Such as (-H 'Referer: example.com' -H 'Accept: */*')
--header-list=FILE Read the request header from the file
-F,--follow-redirects Follow HTTP Jump
--user-agent Set up user-agent Field
--cookie Set up cookie
Connection related settings
--timeout=TIMEOUT Connection timeout
--ip=IP The server ip Address
-s DELAY, --delay=DELAY The time between each request
--proxy=PROXY agent url Support HTTP and SOCKS agent Such as (localhost:8080, socks5://localhost:8088)
--proxy-list=FILE Include the address of the proxy server
--matches-proxy=PROXY Proxy to replay with found paths
--scheme Default policy Used to import requests or... From a file url There is no agreement
--max-retries Maximum number of reconnections
-b,--request-by-hostname Force connection through domain name ,( The default is speed , Use ip Connect )
--exit-on-error Exit when an error occurs
--debug Debug Pattern
General settings
--version Show dirsearch Version of
-h --help Help tips
-r,--recursive Recursive blasting
-R,--recursion-depth The maximum number of recursive layers
-t,--threads Number of threads
--subdirs Scan subdirectories Such as (admin/ be www.example.com/admin/+ Dictionaries )
--exclude-subdirs Subdirectories excluded from recursive scanning
-q,--quiet-mode Quiet mode
--full-url Print out the complete url
--no-color No color output information
The output mode
--simple-report=OUTPUTFILE
--plain-text-report=OUTPUTFILE
--json-report=OUTPUTFILE
--xml-report=OUTPUTFILE
--markdown-report=OUTPUTFILE
--csv-report=OUTPUTFILE
It can be modified by default.conf File to modify dirsearch Default configuration ( Default file extension , Timeout time ,wordlist Directory, etc )
Common usage
It is easy to use
Scan target with default settings url
python3 dirsearch.py -u https://target
Use file extension named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target
Take the specified path wordlist And the extension is named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist
Recursive scanning
python3 dirsearch.py -e php,html,js -u https://target -r
Set the number of recursion levels to 3
python3 dirsearch.py -e php,html,js -u https://target -r -R 3
Specified thread ( It is not recommended to adjust the number of threads too large , It may affect the scanning results )
python3 dirsearch.py -e bak,zip,tgz,txt -u https://target -t 30
Use prefix and suffix
python3 dirsearch.py -e php -u https://target --prefixes .,admin,_,~( Prefix )
tools
Turn into
.tools
admintools
_tools
~tools
python3 dirsearch.py -e php -u https://target --suffixes ~,/( suffix )
index.php
internal
by
index.php~
index.php/
internal~
internal/
Restrictions on file extensions
python3 dirsearch.py -e asp,aspx,htm,js -u https://target -X php,jsp,jspx
admin
admin.%EXT%
index.html
home.php
test.jsp
Turn into
admin
admin.asp
admin.aspx
admin.htm
admin.js
index.html
Import from a file http Usage of requests
Request format
GET /admin HTTP/1.1
Host: admin.example.com
Cache-Control: max-age=0
Accept: */*
adopt –schema Specify policy The default is http
subdirectories
python3 dirsearch.py -e php,html,js -u https://target --subdirs admin/,folder/,/
Using agents
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
Use proxy collections
python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt
POST request
python3 dirsearch.py -e php,txt,zip -u https://target -w db/dicc.txt -t 100 -m POST --data "username=admin"
TIPS
Control the rate of requests per second :-t <rate> -s 1
Look for backup files and configuration files :--suffixes ~ And --prefixes .
Cancel the mandatory file extension : add to %NOFORCE%
Just look for folders and directories :--no-extension+--suffixes /
For network blasting :--cidr+-F+-q( Follow the jump + Quiet mode ) Reduce invalid results
边栏推荐
- Arduino droplet detection
- [security attack and Defense] how much do you know about serialization and deserialization?
- Calculation of time and space complexity (notes of runners)
- 22. (ArcGIS API for JS) ArcGIS API for JS Circle Collection (sketchviewmodel)
- VHDL implementation of single cycle CPU design
- 25. (ArcGIS API for JS) ArcGIS API for JS line modification line editing (sketchviewmodel)
- Kotlin Android environment construction
- About Tolerance Intervals
- Force buckle ----- path sum III
- Adaptive non European advertising retrieval system amcad
猜你喜欢
Open3d mesh filtering
什么是 BA ?BA怎么样?BA和BI是什么关系?
Function reentry, function overloading and function rewriting are understood by yourself
Class常量池与运行时常量池
【mysql】mysql中行排序
[safe office and productivity application] Shanghai daoning provides you with onlyoffice download, trial and tutorial
QT 打开文件 使用 QFileDialog 获取文件名称、内容等
20. (ArcGIS API for JS) ArcGIS API for JS surface collection (sketchviewmodel)
opencv第三方库
22. (ArcGIS API for JS) ArcGIS API for JS Circle Collection (sketchviewmodel)
随机推荐
qt-线程等01概念
[leetcode] 700 and 701 (search and insert of binary search tree)
Docker部署Mysql8的实现步骤
ERROR: Could not build wheels for pycocotools which use PEP 517 and cannot be installed directly
Kbone与小程序跨端开发的一些思考
ubuntu20安裝redisjson記錄
When QT uses qtooltip mouse to display text, the picture of the button will also be displayed and the prompt text style will be modified
About Tolerance Intervals
运算放大器应用汇总1
SQL injection -day15
力扣------路径总和 III
About Estimation Statistics
Can the applet run in its own app and realize live broadcast and connection?
本机mysql
19. (ArcGIS API for JS) ArcGIS API for JS line acquisition (sketchviewmodel)
21.(arcgis api for js篇)arcgis api for js矩形采集(SketchViewModel)
枚举通用接口&枚举使用规范
我的勇敢对线之路--详细阐述,浏览器输入URL发生了什么
再AD 的 界面顶部(菜单栏)创建常用的快捷图标
[dpdk] dpdk sample source code analysis III: dpdk-l3fwd_ 001