当前位置:网站首页>One of oscp tools: dirsearch usage Encyclopedia
One of oscp tools: dirsearch usage Encyclopedia
2022-07-07 03:56:00 【Time for a cup of coffee】
Catalog
Import from a file http Usage of requests
dirsearch
The target of the scan
-u,--url The goal is url
-l,--url-list=FILE The goal is url File path
--stdin Specify... From standard input url
--cidr Target segment
--raw=File Read from file request message , adopt -schema Specify policy ( Such as --schema https)
Type of dictionary scanned
-e,--extensions Included file extension ( Comma separated ) Such as -e php,asp
-X,--exclude-extensions Excluded file extensions ( Comma separated ) Such as -X asp,jsp
-f,--force-extensions Add a file extension after each record in the dictionary
dirsearch By default, only the dictionary %EXT% For the specified extensions
Such as -e php Wishlist.%EXT%-->Wishlist.php
Dictionary formatting
-w,--wordlists Customize wordlist( Separated by commas )
--prefixes Add custom prefix
--suffixes Add a custom suffix
--only-selected Filter out the specified file extension name or directory without file extension name
--remove-extensions Remove all wordlist The suffix of (admin.php --> admin)
-U, --uppercase Convert dictionary to uppercase
-L, --lowercase Convert the dictionary to lowercase
-C, --capital The first letter is capitalized and the remaining letters are lowercase
Filtering of response results
-i Reserved response status code ( Separated by commas , Support specified range ) Such as (-i 200,300-399)
-x Excluded response status code ( Separated by commas , Support specified range ) Such as (-x 301,500-599)
--exclude-sizes Exclude by size ( Separated by commas ) Such as (123B,4KB)
--exclude-texts Exclude responses by text content ('Not found', 'Error')
--exclude-regexps Exclude responses by regular matching ('Not foun[a-z]{1}', '^Error$')
--exclude-redirects Eliminate the response by regularly jumping to the target ('https://okta.com/*')
--minimal Minimum response message length
--maximal Maximum response message length
Request related settings
-m,--http-method HTTP Request method The default is GET
-d,--data HTTP Request data
-H,--header Request header Such as (-H 'Referer: example.com' -H 'Accept: */*')
--header-list=FILE Read the request header from the file
-F,--follow-redirects Follow HTTP Jump
--user-agent Set up user-agent Field
--cookie Set up cookie
Connection related settings
--timeout=TIMEOUT Connection timeout
--ip=IP The server ip Address
-s DELAY, --delay=DELAY The time between each request
--proxy=PROXY agent url Support HTTP and SOCKS agent Such as (localhost:8080, socks5://localhost:8088)
--proxy-list=FILE Include the address of the proxy server
--matches-proxy=PROXY Proxy to replay with found paths
--scheme Default policy Used to import requests or... From a file url There is no agreement
--max-retries Maximum number of reconnections
-b,--request-by-hostname Force connection through domain name ,( The default is speed , Use ip Connect )
--exit-on-error Exit when an error occurs
--debug Debug Pattern
General settings
--version Show dirsearch Version of
-h --help Help tips
-r,--recursive Recursive blasting
-R,--recursion-depth The maximum number of recursive layers
-t,--threads Number of threads
--subdirs Scan subdirectories Such as (admin/ be www.example.com/admin/+ Dictionaries )
--exclude-subdirs Subdirectories excluded from recursive scanning
-q,--quiet-mode Quiet mode
--full-url Print out the complete url
--no-color No color output information
The output mode
--simple-report=OUTPUTFILE
--plain-text-report=OUTPUTFILE
--json-report=OUTPUTFILE
--xml-report=OUTPUTFILE
--markdown-report=OUTPUTFILE
--csv-report=OUTPUTFILE
It can be modified by default.conf File to modify dirsearch Default configuration ( Default file extension , Timeout time ,wordlist Directory, etc )
Common usage
It is easy to use
Scan target with default settings url
python3 dirsearch.py -u https://target
Use file extension named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target
Take the specified path wordlist And the extension is named php,html,js Dictionary scan target for url
python3 dirsearch.py -e php,html,js -u https://target -w /path/to/wordlist
Recursive scanning
python3 dirsearch.py -e php,html,js -u https://target -r
Set the number of recursion levels to 3
python3 dirsearch.py -e php,html,js -u https://target -r -R 3
Specified thread ( It is not recommended to adjust the number of threads too large , It may affect the scanning results )
python3 dirsearch.py -e bak,zip,tgz,txt -u https://target -t 30
Use prefix and suffix
python3 dirsearch.py -e php -u https://target --prefixes .,admin,_,~( Prefix )
tools
Turn into
.tools
admintools
_tools
~tools
python3 dirsearch.py -e php -u https://target --suffixes ~,/( suffix )
index.php
internal
by
index.php~
index.php/
internal~
internal/
Restrictions on file extensions
python3 dirsearch.py -e asp,aspx,htm,js -u https://target -X php,jsp,jspx
admin
admin.%EXT%
index.html
home.php
test.jsp
Turn into
admin
admin.asp
admin.aspx
admin.htm
admin.js
index.html
Import from a file http Usage of requests
Request format
GET /admin HTTP/1.1
Host: admin.example.com
Cache-Control: max-age=0
Accept: */*
adopt –schema Specify policy The default is http
subdirectories
python3 dirsearch.py -e php,html,js -u https://target --subdirs admin/,folder/,/
Using agents
python3 dirsearch.py -e php,html,js -u https://target --proxy 127.0.0.1:8080
Use proxy collections
python3 dirsearch.py -e php,html,js -u https://target --proxylist proxyservers.txt
POST request
python3 dirsearch.py -e php,txt,zip -u https://target -w db/dicc.txt -t 100 -m POST --data "username=admin"
TIPS
Control the rate of requests per second :-t <rate> -s 1
Look for backup files and configuration files :--suffixes ~ And --prefixes .
Cancel the mandatory file extension : add to %NOFORCE%
Just look for folders and directories :--no-extension+--suffixes /
For network blasting :--cidr+-F+-q( Follow the jump + Quiet mode ) Reduce invalid results
边栏推荐
- Baidu map JS development, open a blank, bmapgl is not defined, err_ FILE_ NOT_ FOUND
- Can the applet run in its own app and realize live broadcast and connection?
- Index of MySQL
- Preprocessing - interpolation
- Function reentry, function overloading and function rewriting are understood by yourself
- ggplot 分面的细节调整汇总
- Introduction to opensea platform developed by NFT trading platform (I)
- Mobile measurement and depth link platform - Branch
- 使用切面实现记录操作日志
- 哈夫曼树基本概念
猜你喜欢
Construction of Hisilicon universal platform: color space conversion YUV2RGB
你心目中的数据分析 Top 1 选 Pandas 还是选 SQL?
自适应非欧表征广告检索系统AMCAD
R data analysis: how to predict Cox model and reproduce high score articles
Top 50 hit industry in the first half of 2022
On file uploading of network security
About Confidence Intervals
预处理——插值
QT item table new column name setting requirement exercise (find the number and maximum value of the array disappear)
Not All Points Are Equal Learning Highly Efficient Point-based Detectors for 3D LiDAR Point
随机推荐
SSL certificate deployment
21.(arcgis api for js篇)arcgis api for js矩形采集(SketchViewModel)
概率论公式
运算放大器应用汇总1
Codeworks 5 questions per day (1700 average) - day 7
一些常用软件相关
链表面试常见题
Optimization cases of complex factor calculation: deep imbalance, buying and selling pressure index, volatility calculation
SSL证书部署
How to detect whether the MySQL code runs deadlock +binlog view
[leetcode] 700 and 701 (search and insert of binary search tree)
自适应非欧表征广告检索系统AMCAD
【DPDK】dpdk样例源码解析之三:dpdk-l3fwd_001
Calculation of time and space complexity (notes of runners)
API data interface of A-share index component data
【安全攻防】序列化与反序列,你了解多少?
Kbone与小程序跨端开发的一些思考
Kalman filter-1
AVL树插入操作与验证操作的简单实现
MySQL的索引