dirb是一个基于字典的Web目录扫描工具,采用递归的方式来获取更多的目录,可以查找到已知的和隐藏的目录,并且支持代理和http认证限制访问的网站。很棒的有没有!
嘚逼dirb
____ _ ____
| _ __ _ _ __ _ __ ___ | |_/ ___| ___ ___
| |_) / _` | '__| '__/ _ | _____ / _ / __|
| __/ (_| | | | | | (_) | |_ ___) | __/ (__
|_| __,_|_| |_| ___/ __|____/ ___|___|
Executing dirb
-----------------
DIRB v2.22
By The Dark Raver
-----------------
dirb <url_base> [<wordlist_file(s)>] [options]
========== NOTES =======
<url_base> : Base URL to scan. (Use -resume for session resuming)
<wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)
======== HOTKEYS =======
'n' -> Go to next directory.
'q' -> Stop scan. (Saving state for resume)
'r' -> Remaining scan stats.
====== OPTIONS ========
-a <agent_string> : Specify your custom USER_AGENT.
-b : Use path as is.
-c <cookie_string> : Set a cookie for the HTTP request.
-E <certificate> : path to the client certificate.
-f : Fine tunning of NOT_FOUND (404) detection.
-H <header_string> : Add a custom header to the HTTP request.
-i : Use case-insensitive search.
-l : Print "Location" header when found.
-N <nf_code>: Ignore responses with this HTTP code.
-o <output_file> : Save output to disk.
-p <proxy[:port]> : Use this proxy. (Default port is 1080)
-P <proxy_username:proxy_password> : Proxy Authentication.
-r : Don't search recursively.
-R : Interactive recursion. (Asks for each directory)
-S : Silent Mode. Don't show tested words. (For dumb terminals)
-t : Don't force an ending '/' on URLs.
-u <username:password> : HTTP Authentication.
-v : Show also NOT_FOUND pages.
-w : Don't stop on WARNING messages.
-X <extensions> / -x <exts_file> : Append each word with this extensions.
-z <millisecs> : Add a milliseconds delay to not cause excessive Flood.
======= EXAMPLES ==========
dirb http://url/directory/ (Simple Test)
dirb http://url/ -X .html (Test files with '.html' extension)
dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist)
dirb https://secure_url/ (Simple Test with SSL)
格式:dirb <地址> [字典文件地址>] [选项]
-a 设置user-agent
-p <proxy[:port]>设置代理
-c 设置cookie
-z 添加毫秒延迟,避免洪水攻击
-o 输出结果
-X 在每个字典的后面添加一个后缀
-H 添加请求头
-i 不区分大小写搜索
iwebsec靶场
我们爱鲲🐔
不惹事,也不怕事!
只是从不乱扫!
扫靶场给大家做演示
192.168.45.151
扫描
使用默认字典扫描
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151
不嫌麻烦也可以这样
┌─[icml8@icml8]─[~]
└─$dirb 🐔 /usr/share/wordlists/dirb/big.txt
使用自定义字典扫描
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 /root/🐔.txt
设置UA
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0"
设置cookie
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 -c "BAIDUID=D5C6351DAC89EF8811A51DF3A9A9C0C4:FG=1; HMACCOUNT=2906306413846532; BIDUPSID=D5C6351DAC89EF8811A51DF3A9A9C0C4; PSTM=1585744543; BDORZ=FFFB88E999055A3F8A630C64834BD6D0; H_PS_PSSID=30974_1438_31124_21098; HMVT=6bcd52f51e9b3dce32bec4a3997715ac|1587436663|; delPer=0; PSINO=6; BDRCVFR[gltLrB7qNCt]=mk3SLVN4HKm"
列举指定后缀名目录
┌─[icml8@icml8]─[~]
└─$dirb 🐔 -X .php
.php为我们需要搜索的指定扩展名文件延时扫描
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 -z 100
使用代理扫描
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 -p 127.0.0.1:🐔
导出结果
┌─[icml8@icml8]─[~]
└─$dirb http://192.168.45.151 -o 🐔.txt
如图所示:
小结
可以看看这位大佬写的文章
很详细
https://blog.csdn.net/liver100day/article/details/121394188
原文始发于微信公众号(猫因的安全):Web爬行|目录爆破必备工具—dirb(嘚逼)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论