python实现多线程扫描网站目录

python实现网站目录扫描

大致流程确定如下(流程图链接:https://blog.csdn.net/weixin_42350229/article/details/104056941):

st=>start: 程序开始
op=>operation: 打印banner信息
op2=>operation: 打印使用方法
op3=>operation: 接收传递过来的参数
cond=>condition: 判断参数是否接收完整(是或否?)
op6=>operation: 将传递过来的参数传递给指定变量
sub1=>subroutine: 没有接收完整
sub2=>subroutine: 打印错误信息
sub3=>subroutine: 直接退出程序
jieshu=>end: 直接退出程序
op4=>operation: 确定线程数,将字典按照线程数进行分组
op5=>operation: 执行扫描模块
io=>inputoutput: 输出扫描结果
e=>end: 程序执行完退出
st->op->op2->op3->cond
cond(yes)->op6->op4->op5->io->e
cond(no)->sub1(right)->sub2(right)-->sub3(right)

根据流程图确定使用getopt,sys模块来接受参数,并进行处理, threading模块来处理多线程, requests模块来执行扫描功能, math线程的向上取整.

1. 打印工具的banner信息

   def banner():
       print ("*" * 57)
       print ("*" * 3 + " " * 19 + "DirBrute v 1.0" + " " * 18 + "*" * 3)
       print ("*" * 3 + " " * 12 + "This tool just develop fun!" + " " * 12 + "*" * 3)
       print ("*" * 57)
   

2. 声明使用方法

   # python Dirbrute.py -u url -t thread -d dictionary
   
   def usage():
       print ("*" * 57)
       print ("*" * 3 + " " * 13 + "This is the tool's usage" + " " * 14 + "*" * 3)
       print ("*" * 3 + "python Dirbrute.py -u url -t threads -d dictionary!" + "*" * 3)
       print ("*" * 57)
   

3. 判断接收参数是否完整如果完整了传递给特定的变量

def start():
    if len(sys.argv) == 7:
        # This is true length
        opts, args = getopt.getopt(sys.argv[1:], "u:t:d:")
        for k, v in opts:
            if k == "-u":
                url =v
            elif k == "-t":
                threads = v
            elif k == "-d":
                dic = v
        multi_scan(url, threads, dic)
    else:
        print ("Error Argument!")
        sys.exit()

4. 多线程的实现

   • 第一步读字典文件
   • 第二步 确定读取的行数 len(dic_list) / threads 向上去取整
   • 第三步 确定每个线程读取的列表[[t1],[t2],[t3],...]

   def multi_scan(url,threads,dic):
       # 第一步读字典文件
       # 第二步 确定读取的行数 len(dic_list) / threads 向上去取整
       # 第三步 确定每个线程读取的列表[[t1],[t2],[t3],...]
       result_list = []
       threads_list = []
       with open(dic, "r") as f:
           dic_list = f.readlines()
           if len(dic_list) % int(threads) == 0:
               thread_read_line_num = len(dic_list) / int(threads)
           else:
               thread_read_line_num = math.ceil(len(dic_list) / int(threads))
           i = 0
           temp_list = []
           for line in dic_list:
               i += 1
               if i % thread_read_line_num == 0:
                   temp_list.append(line.strip())
                   result_list.append(temp_list)
                   temp_list = []
               else:
                   temp_list.append(line.strip())
       for i in result_list:
           # print (i)
           threads_list.append(threading.Thread(target = scan, args = (url,i)))
       for t in threads_list:
           t.start()
   

5. 扫描功能

      def scan(url, dic):
          # 实现扫描功能 requests
          for line in dic:
              r = requests.get(url = url + '/' + line)
              if r.status_code == 200 or r.status_code == 302:
                  print (r.url + " : " + str(r.status_code))
   

6. 调用程序

   if __name__ == "__main__":
    banner()
    suage()
    start()
   

7. 程序结果:

pig@deep:~/Desktop$ python3 Dirbrute.py -u http://127.0.0.1/ -t 1 -d dic.txt
*********************************************************
***                   DirBrute v 1.0                  ***
***            This tool just develop fun!            ***
*********************************************************
*********************************************************
***             This is the tool's usage              ***
***python Dirbrute.py -u url -t threads -d dictionary!***
*********************************************************
http://127.0.0.1//readme.txt : 200
http://127.0.0.1//images/ : 200
http://127.0.0.1//index.html : 200
http://127.0.0.1/images/ : 200
pig@deep:~/Desktop$

dic.txt

个人博客:
http://pigdaqiang.top