当前位置:网站首页>One of oscp tools: dirsearch usage Encyclopedia
One of oscp tools: dirsearch usage Encyclopedia
2022-07-07 03:56:00 【Time for a cup of coffee】
Catalog
Import from a file http Usage of requests
dirsearch
The target of the scan
-u,--url The goal is url
-l,--url-list=FILE The goal is url File path
--stdin Specify... From standard input url
--cidr Target segment
--raw=File Read from file request message , adopt -schema Specify policy ( Such as --schema https)
Type of dictionary scanned
-e,--extensions Included file extension ( Comma separated ) Such as -e php,asp
-X,--exclude-extensions Excluded file extensions ( Comma separated ) Such as -X asp,jsp
-f,--force-extensions Add a file extension after each record in the dictionary
dirsearch By default, only the dictionary %EXT% For the specified extensions
Such as -e php Wishlist.%EXT%-->Wishlist.php
Dictionary formatting
-w,--wordlists Customize wordlist( Separated by commas )
--prefixes Add custom prefix
--suffixes Add a custom suffix
--only-selected Filter out the specified file extension name or directory without file extension name
--remove-extensions Remove all wordlist The suffix of (admin.php --> admin)
-U, --uppercase Convert dictionary to uppercase
-L, --lowercase Convert the dictionary to lowercase
-C, --capital The first letter is capitalized and the remaining letters are lowercase
Filtering of response results
-i Reserved response status code ( Separated by commas , Support specified range ) Such as (-i 200,300-399)
-x Excluded response status code ( Separated by commas , Support specified range ) Such as (-x 301,500-599)
--exclude-sizes Exclude by size ( Separated by commas ) Such as (123B,4KB)
--exclude-texts Exclude responses by text content ('Not found', 'Error')
--exclude-regexps Exclude responses by regular matching ('Not foun[a-z]{1}', '^Error$')
--exclude-redirects Eliminate the response by regularly jumping to the target ('https://okta.com/*')
--minimal Minimum response message length
--maximal Maximum response message length
Request related settings
-m,--http-method HTTP Request method The default is GET
-d,--data HTTP Request data
-H,--header Request header Such as (-H 'Referer: example.com' -H 'Accept: */*')
--header-list=FILE Read the request header from the file
-F,--follow-redirects Follow HTTP Jump
--user-agent Set up user-agent Field
--cookie Set up cookie
Connection related settings
--timeout=TIMEOUT Connection timeout
--ip=IP The server ip Address
-s DELAY, --delay=DELAY The time between each request
--proxy=PROXY agent url Support HTTP and SOCKS agent Such as (localhost:8080, socks5://localhost:8088)
--proxy-list=FILE Include the address of the proxy server
--matches-proxy=PROXY Proxy to replay with found paths
--scheme Default policy Used to import requests or... From a file url There is no agreement
--max-retries Maximum number of reconnections
-b,--request-by-hostname Force connection through domain name ,( The default is speed , Use ip Connect )
--exit-on-error Exit when an error occurs
--debug Debug Pattern
General settings
--version Show dirsearch Version of
-h --help Help tips
-r,--recursive Recursive blasting
-R,--recursion-depth The maximum number of recursive layers
-t,--threads Number of threads
--subdirs Scan subdirectories Such as (admin/ be www.example.com/admin/+ Dictionaries )
--exclude-subdirs Subdirectories excluded from recursive scanning
-q,--quiet-mode Quiet mode
--full-url Print out the complete url
--no-color No color output information
The output mode
--simple-report=OUTPUTFILE
--plain-text-report=OUTPUTFILE
--json-report=OUTPUTFILE
--xml-report=OUTPUTFILE
--markdown-report=OUTPUTFILE
--csv-report=OUTPUTFILE
It can be modified by default.conf File to modify dirsearch Default configuration ( Default file extension , Timeout time ,wordlist Directory, etc )
Common usage
It is easy to use
Scan target with default settings url
python3 dirsearch.py -u https://target
Use file extension named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target
Take the specified path wordlist And the extension is named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist
Recursive scanning
python3 dirsearch.py -e php,html,js -u https://target -r
Set the number of recursion levels to 3
python3 dirsearch.py -e php,html,js -u https://target -r -R 3
Specified thread ( It is not recommended to adjust the number of threads too large , It may affect the scanning results )
python3 dirsearch.py -e bak,zip,tgz,txt -u https://target -t 30
Use prefix and suffix
python3 dirsearch.py -e php -u https://target --prefixes .,admin,_,~( Prefix )
tools
Turn into
.tools
admintools
_tools
~tools
python3 dirsearch.py -e php -u https://target --suffixes ~,/( suffix )
index.php
internal
by
index.php~
index.php/
internal~
internal/
Restrictions on file extensions
python3 dirsearch.py -e asp,aspx,htm,js -u https://target -X php,jsp,jspx
admin
admin.%EXT%
index.html
home.php
test.jsp
Turn into
admin
admin.asp
admin.aspx
admin.htm
admin.js
index.html
Import from a file http Usage of requests
Request format
GET /admin HTTP/1.1
Host: admin.example.com
Cache-Control: max-age=0
Accept: */*
adopt –schema Specify policy The default is http
subdirectories
python3 dirsearch.py -e php,html,js -u https://target --subdirs admin/,folder/,/
Using agents
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
Use proxy collections
python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt
POST request
python3 dirsearch.py -e php,txt,zip -u https://target -w db/dicc.txt -t 100 -m POST --data "username=admin"
TIPS
Control the rate of requests per second :-t <rate> -s 1
Look for backup files and configuration files :--suffixes ~ And --prefixes .
Cancel the mandatory file extension : add to %NOFORCE%
Just look for folders and directories :--no-extension+--suffixes /
For network blasting :--cidr+-F+-q( Follow the jump + Quiet mode ) Reduce invalid results
边栏推荐
- Implementation steps of docker deploying mysql8
- 19. (ArcGIS API for JS) ArcGIS API for JS line acquisition (sketchviewmodel)
- Can the applet run in its own app and realize live broadcast and connection?
- VHDL implementation of arbitrary size matrix multiplication
- 1200.Minimum Absolute Difference
- [dpdk] dpdk sample source code analysis III: dpdk-l3fwd_ 001
- 小程序能运行在自有App中,且实现直播和连麦?
- Ubuntu20 installation redisjson record
- Not All Points Are Equal Learning Highly Efficient Point-based Detectors for 3D LiDAR Point
- Sorting operation partition, argpartition, sort, argsort in numpy
猜你喜欢
预处理——插值
Open3d mesh filtering
Free PHP online decryption tool source code v1.2
Ubuntu20 installation redisjson record
维护万星开源向量数据库是什么体验
A 股指数成分数据 API 数据接口
如何检测mysql代码运行是否出现死锁+binlog查看
Can the applet run in its own app and realize live broadcast and connection?
leetcode:面试题 17.24. 子矩阵最大累加和(待研究)
Set WiFi automatic connection for raspberry pie
随机推荐
卡尔曼滤波-1
Clock in during winter vacation
Mobile measurement and depth link platform - Branch
21.(arcgis api for js篇)arcgis api for js矩形采集(SketchViewModel)
【开发软件】 tilipa开发者软件
1200.Minimum Absolute Difference
22.(arcgis api for js篇)arcgis api for js圆采集(SketchViewModel)
Open3D 网格滤波
R data analysis: how to predict Cox model and reproduce high score articles
2022夏每日一题(一)
Ubuntu 20 installation des enregistrements redisjson
19. (ArcGIS API for JS) ArcGIS API for JS line acquisition (sketchviewmodel)
21. (article ArcGIS API for JS) ArcGIS API for JS rectangular acquisition (sketchviewmodel)
Function reentry, function overloading and function rewriting are understood by yourself
未来发展路线确认!数字经济、数字化转型、数据...这次会议很重要
MySQL storage engine
Adaptive non European advertising retrieval system amcad
A 股指数成分数据 API 数据接口
Docker部署Mysql8的实现步骤
Lab1 configuration script