一款高级Web目录扫描爆破工具

admin

102936
文章

87
评论

2023年6月15日09:44:54评论35 views字数 4430阅读14分46秒阅读模式

介绍

Konan是一个开源的用于Web目录扫描的工具，针对目录和文件名。类似的还有DirBuster，dirmap等。下面也对其它类似工具的功能对比。

一款高级Web目录扫描爆破工具

Konan目录扫描

支持平台

Linux
Windows
MacOSX

功能	Konan	dirsearch	dirb	gobuster
多线程	yes	yes	yes	yes
支持多扩展	yes	yes	no	no
HTTP代理支持	yes	yes	yes	yes
报告	yes (text and json)	yes (text and json)	yes (text)	no
随机代理	yes	yes	no	no
正则 `regexp`忽略单词	yes	no	no	no
字典拆分扩展名	yes	no	no	no
多种方法	yes	no	no	no
响应大小过程	yes	no	no	no
暴力破解子目录	yes	no	no	no
暴力破解递归子目录	yes	no	no	no
URL注入点	yes	no	no	no

Konan使用

基本:

python konan.py -u/--url http://example.com/

URL: http://testphp.vulnweb.com/
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.39%    - 01:32:50 -  200  -  GET  -  4958    - http://testphp.vulnweb.com/index.php 0.43%    - 01:32:52 -  200  -  GET  -  4732    - http://testphp.vulnweb.com/search.php 0.54%    - 01:32:57 -  200  -  GET  -  5523    - http://testphp.vulnweb.com/login.php 0.81%    - 01:33:12 -  200  -  GET  -  4830    - http://testphp.vulnweb.com/logout.php 8.77%    - 01:40:02 -  302  -  GET  -  14      - http://testphp.vulnweb.com/userinfo.php  -> login.php

注入点:

python konan.py -u/--url http://example.com/%%/index.php

URL: http://testphp.vulnweb.com/%%/index.php
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.39%    - 01:32:50 -  200  -  GET  -  4958    - http://testphp.vulnweb.com/test/index.php 0.43%    - 01:32:52 -  200  -  GET  -  4732    - http://testphp.vulnweb.com/search/index.php

python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt

URL: http://testphp.vulnweb.com/test%%
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.39%    - 01:32:50 -  200  -  GET  -  4958    - http://testphp.vulnweb.com/test120.43%    - 01:32:52 -  200  -  GET  -  4732    - http://testphp.vulnweb.com/test34

字典扫描, 默认 /db/dict.txt:
    python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt

Provide extensions with -e/--extension option and force extension for every wordlist entry with -f/--force option:
    python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force

URL: http://testphp.vulnweb.com/
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.39%    - 02:00:21 -  200  -  GET  -  4958    - http://testphp.vulnweb.com/index.html 0.43%    - 02:00:23 -  200  -  GET  -  4732    - http://testphp.vulnweb.com/search.php 0.54%    - 02:00:30 -  200  -  GET  -  5523    - http://testphp.vulnweb.com/login.php 0.81%    - 02:00:46 -  200  -  GET  -  4830    - http://testphp.vulnweb.com/logout.html 0.87%    - 02:00:50 -  200  -  GET  -  6115    - http://testphp.vulnweb.com/categories.html

状态码排除：

python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401

仅提供输出的状态代码：

python konan.py -u/--url http://example.com/ -o/--only 200,301,302

字典小写 (isATest -> isatest) 和大写 (isAtest -> ISATEST):

python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

字典拆分 (test.php -> to -> test):

python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist Ignore word,letters,number,..etc provided by regexp (w*.php|w*.html,^[0-9_-]+):_

python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "?+"

Output without -I/--ignore options:

URL: http://testphp.vulnweb.com/
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.39%    - 02:06:31 -  200  -  GET  -  4958    - http://testphp.vulnweb.com/???.php 0.43%    - 02:06:32 -  200  -  GET  -  4732    - http://testphp.vulnweb.com/??????????? 0.54%    - 02:06:35 -  200  -  GET  -  5523    - http://testphp.vulnweb.com/admin/

Output with -I/--ignore (in this case ?+) options:

URL: http://testphp.vulnweb.com/
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.54%    - 02:06:35 -  200  -  GET  -  5523    - http://testphp.vulnweb.com/admin/

递归:

python konan.py -u/--url http://example.com/ -E/--recursive

Recursive directory found and directory provided by -D/--dir-rec:

python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"

暴力破解目录 -S/--sub-dir:

python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"

多种方法 (检查 GET,POST,PUT 和 DELETE 输入词):

Note: Much web application if not make the request with right method return 404 code, this option test all methods

python konan.py -u/--url http://example.com/ -m/--methods"

Content size process (show response if the response size is ">[number]","<[number]","=[number]"):

python konan.py -u/--url http://example.com/ -C/--length "<1000"

URL: http://testphp.vulnweb.com/
PERCENT   -   TIME   - CODE  -   METHOD  - LENGTH - URL-------------------------------------------------------0.19%    - 02:11:46 -  301  -  GET  -  184     - http://testphp.vulnweb.com/admin  -> http://testphp.vulnweb.com/admin/1.73%    - 02:12:37 -  301  -  GET  -  184     - http://testphp.vulnweb.com/images  -> http://testphp.vulnweb.com/images/

原文始发于微信公众号（菜鸟学安全）：一款高级Web目录扫描爆破工具

左青龙
微信扫一扫

右白虎
微信扫一扫

一款高级Web目录扫描爆破工具

介绍

支持平台

同类工具功能对比

Konan使用

自动化捡洞/打点必备神器：Venom-Transponder

【相关分享】webshell管理工具进行powershell上线的玄学问题

Pwn3rzs更新漏扫神器Acunetix Linux v24.3.240322155

基于OpenAI API 的 LLM 驱动的蜜罐

【能力验证】商密测评：国密算法 SM4 SM2 SM3 验证工具

国密SM系列加解密图形化GUI工具

自动化Google Dorks工具收集目标网站后台和文件

eCapture v0.8.0：CO-RE、非CO-RE二合一，交叉编译amd64、arm64双版本

红队信息收集工具 Google_searchurl

密码破解字典生成工具pydictor

发表评论

在线咨询

微信