当前位置:网站首页>One of oscp tools: dirsearch usage Encyclopedia
One of oscp tools: dirsearch usage Encyclopedia
2022-07-07 03:56:00 【Time for a cup of coffee】
Catalog
Import from a file http Usage of requests
dirsearch
The target of the scan
-u,--url The goal is url
-l,--url-list=FILE The goal is url File path
--stdin Specify... From standard input url
--cidr Target segment
--raw=File Read from file request message , adopt -schema Specify policy ( Such as --schema https)
Type of dictionary scanned
-e,--extensions Included file extension ( Comma separated ) Such as -e php,asp
-X,--exclude-extensions Excluded file extensions ( Comma separated ) Such as -X asp,jsp
-f,--force-extensions Add a file extension after each record in the dictionary
dirsearch By default, only the dictionary %EXT% For the specified extensions
Such as -e php Wishlist.%EXT%-->Wishlist.php
Dictionary formatting
-w,--wordlists Customize wordlist( Separated by commas )
--prefixes Add custom prefix
--suffixes Add a custom suffix
--only-selected Filter out the specified file extension name or directory without file extension name
--remove-extensions Remove all wordlist The suffix of (admin.php --> admin)
-U, --uppercase Convert dictionary to uppercase
-L, --lowercase Convert the dictionary to lowercase
-C, --capital The first letter is capitalized and the remaining letters are lowercase
Filtering of response results
-i Reserved response status code ( Separated by commas , Support specified range ) Such as (-i 200,300-399)
-x Excluded response status code ( Separated by commas , Support specified range ) Such as (-x 301,500-599)
--exclude-sizes Exclude by size ( Separated by commas ) Such as (123B,4KB)
--exclude-texts Exclude responses by text content ('Not found', 'Error')
--exclude-regexps Exclude responses by regular matching ('Not foun[a-z]{1}', '^Error$')
--exclude-redirects Eliminate the response by regularly jumping to the target ('https://okta.com/*')
--minimal Minimum response message length
--maximal Maximum response message length
Request related settings
-m,--http-method HTTP Request method The default is GET
-d,--data HTTP Request data
-H,--header Request header Such as (-H 'Referer: example.com' -H 'Accept: */*')
--header-list=FILE Read the request header from the file
-F,--follow-redirects Follow HTTP Jump
--user-agent Set up user-agent Field
--cookie Set up cookie
Connection related settings
--timeout=TIMEOUT Connection timeout
--ip=IP The server ip Address
-s DELAY, --delay=DELAY The time between each request
--proxy=PROXY agent url Support HTTP and SOCKS agent Such as (localhost:8080, socks5://localhost:8088)
--proxy-list=FILE Include the address of the proxy server
--matches-proxy=PROXY Proxy to replay with found paths
--scheme Default policy Used to import requests or... From a file url There is no agreement
--max-retries Maximum number of reconnections
-b,--request-by-hostname Force connection through domain name ,( The default is speed , Use ip Connect )
--exit-on-error Exit when an error occurs
--debug Debug Pattern
General settings
--version Show dirsearch Version of
-h --help Help tips
-r,--recursive Recursive blasting
-R,--recursion-depth The maximum number of recursive layers
-t,--threads Number of threads
--subdirs Scan subdirectories Such as (admin/ be www.example.com/admin/+ Dictionaries )
--exclude-subdirs Subdirectories excluded from recursive scanning
-q,--quiet-mode Quiet mode
--full-url Print out the complete url
--no-color No color output information
The output mode
--simple-report=OUTPUTFILE
--plain-text-report=OUTPUTFILE
--json-report=OUTPUTFILE
--xml-report=OUTPUTFILE
--markdown-report=OUTPUTFILE
--csv-report=OUTPUTFILE
It can be modified by default.conf File to modify dirsearch Default configuration ( Default file extension , Timeout time ,wordlist Directory, etc )
Common usage
It is easy to use
Scan target with default settings url
python3 dirsearch.py -u https://target
Use file extension named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target
Take the specified path wordlist And the extension is named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist
Recursive scanning
python3 dirsearch.py -e php,html,js -u https://target -r
Set the number of recursion levels to 3
python3 dirsearch.py -e php,html,js -u https://target -r -R 3
Specified thread ( It is not recommended to adjust the number of threads too large , It may affect the scanning results )
python3 dirsearch.py -e bak,zip,tgz,txt -u https://target -t 30
Use prefix and suffix
python3 dirsearch.py -e php -u https://target --prefixes .,admin,_,~( Prefix )
tools
Turn into
.tools
admintools
_tools
~tools
python3 dirsearch.py -e php -u https://target --suffixes ~,/( suffix )
index.php
internal
by
index.php~
index.php/
internal~
internal/
Restrictions on file extensions
python3 dirsearch.py -e asp,aspx,htm,js -u https://target -X php,jsp,jspx
admin
admin.%EXT%
index.html
home.php
test.jsp
Turn into
admin
admin.asp
admin.aspx
admin.htm
admin.js
index.html
Import from a file http Usage of requests
Request format
GET /admin HTTP/1.1
Host: admin.example.com
Cache-Control: max-age=0
Accept: */*
adopt –schema Specify policy The default is http
subdirectories
python3 dirsearch.py -e php,html,js -u https://target --subdirs admin/,folder/,/
Using agents
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
Use proxy collections
python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt
POST request
python3 dirsearch.py -e php,txt,zip -u https://target -w db/dicc.txt -t 100 -m POST --data "username=admin"
TIPS
Control the rate of requests per second :-t <rate> -s 1
Look for backup files and configuration files :--suffixes ~ And --prefixes .
Cancel the mandatory file extension : add to %NOFORCE%
Just look for folders and directories :--no-extension+--suffixes /
For network blasting :--cidr+-F+-q( Follow the jump + Quiet mode ) Reduce invalid results
边栏推荐
- Huawei and Xiaomi "copy each other"
- Create commonly used shortcut icons at the top of the ad interface (menu bar)
- Sorting operation partition, argpartition, sort, argsort in numpy
- Kalman filter-1
- 二进制、八进制、十六进制
- [hcie TAC] question 3
- 大白话高并发(二)
- Ubuntu20 installation redisjson record
- 海思3559万能平台搭建:RTSP实时播放的支持
- 20.(arcgis api for js篇)arcgis api for js面采集(SketchViewModel)
猜你喜欢
QT 项目 表格新建列名称设置 需求练习(找数组消失的数字、最大值)
Open3D 网格滤波
25. (ArcGIS API for JS) ArcGIS API for JS line modification line editing (sketchviewmodel)
A 股指数成分数据 API 数据接口
Enumeration general interface & enumeration usage specification
QT thread and other 01 concepts
19. (ArcGIS API for JS) ArcGIS API for JS line acquisition (sketchviewmodel)
About Confidence Intervals
Gpt-3 is a peer review online when it has been submitted for its own research
枚举通用接口&枚举使用规范
随机推荐
21. (article ArcGIS API for JS) ArcGIS API for JS rectangular acquisition (sketchviewmodel)
Class常量池与运行时常量池
web服务性能监控方案
Calculation of time and space complexity (notes of runners)
数据的存储
[dpdk] dpdk sample source code analysis III: dpdk-l3fwd_ 001
QT item table new column name setting requirement exercise (find the number and maximum value of the array disappear)
Mobile measurement and depth link platform - Branch
Code quality management
一些常用软件相关
QT 使用QToolTip 鼠标放上去显示文字时会把按钮的图片也显示了、修改提示文字样式
25. (ArcGIS API for JS) ArcGIS API for JS line modification line editing (sketchviewmodel)
Confirm the future development route! Digital economy, digital transformation, data This meeting is very important
【安全攻防】序列化与反序列,你了解多少?
Can the applet run in its own app and realize live broadcast and connection?
About Estimation Statistics
接口数据安全保证的10种方式
Que savez - vous de la sérialisation et de l'anti - séquence?
OSCP工具之一: dirsearch用法大全
.net中 接口可以有默认实现了