Subprober 是一款功能强大且高效的工具,专为渗透测试人员和安全专业人员而设计。此版本引入了多项增强功能、错误修复和新功能,以提升您的子域探测体验。Subprober 有助于快速可靠地提取信息,使其成为渗透测试工作流程的宝贵资产。
-
快速且可配置的探测
-
支持的输入:主机、URL、IP
-
支持多种方法 http 请求
-
支持代理和可定制的探测头
-
推进你的探测任务
V1.0.9 中的功能:
-
新的探测配置
-
-ip :查找 URL 的 IP
-
-cn :查找 url 的 cname
-
-maxr:url 的最大重定向
-
-ra :启用随机代理以随机代理进行探测
-
-X :自定义 URL 探测方法
-
-H :设置要探测的 URL 的自定义标头
-
-sc :删除默认显示响应代码和此标志以改进子探测器 I/O
-
无头
-
-ss :启用探测并截取 URL 的屏幕截图(需要安装 chormedriver、geckodriver)
-
-st :设置 URL 截图的超时值
-
-bt :选择要截屏的浏览器类型
为什么选择 Subprober:
Subprober 是一个用python构建的 http 探测工具包,等一下?是的,你没看错,它是用 python 构建的,这对于探测来说是很高的并发性。嘿,等等,它是python和并发的,那么GIL呢?是的,让我向你解释一下,Subprober 利用异步性能,使 subprober 能够执行并发探测和截屏,其性能几乎与GOLANG 一样!!!是的,性能就像python中的Golang , 因为它使用带有异步库(如aiohttp、asyncio、arsenic、aiodns)的uvloops,通过这种方式,Subprober 为您提供更高的并发性能和高精度,并且 Subprober 能够处理高负载,即使在低端系统和低端 VPS 中也能提供高性能,而不会导致任何高 CPU 负载,即使探测的输入负载很高
安装
要安装 Subprober,你需要安装 Python 最新版本,然后按照以下步骤安装 Subprober
方法 1:
pipinstall git+https://github.com/sanjai-AK47/Subprober.gitsubprober -h
方法 2:
gitclone https://github.com/sanjai-AK47/SubProber.gitcdSubproberpipinstall .subprober-h
用法:
subprober -h_____ __ ____ __/ ___/__ __/ /_ / __ _________ / /_ ___ _______ / / / / __ / /_/ / ___/ __ / __ / _ / ___/___/ / /_/ / /_/ / ____/ / / /_/ / /_/ / __/ //____/__,_/_.___/_/ /_/ ____/_.___/___/_/@RevoltSecuritiesSubprober - An essential HTTP multi-purpose Probing Tool for Penetration testers[Description] :Subprober is a high-performance tool designed for probing and extract vital information efficiently.[Options]:[INPUT]:-f,--filename specify the filename containing a list of urls for probing.-u,--url specify a target URL for direct probingstdin/stdout subprober supports both stdin/stdout and enable -nc to pipe the output of subprober[PROBES-CONFIG]:-sc,--status-code display the response status code-tl,--title retrieve and display the titles-sv,--server identify and display the server name-wc,--word-count retrieve and display the content length-l ,--location display the redirected location of the response.-apt,--application-type determine and display the application type.-p,--path specify a path for probe and get results ex: -p admin.php-px,--proxy specify a proxy to send the requests through your proxy or BurpSuite (ex: http://127.0.0.1:8080)-gw,--grep-word enable The grep word flag will be usefull when grepping partiuclar status codes-ar,--allow-redirect enabling these flag will make Subprober to follow the redirection and ger results-dhp,--disable-http-probe disables the subprober from probing to http protocols and only for https when no protocol is specified-X ,--method request methods to probe and get response-H ,--header add a custom headers for probing and -H can be used multiple times to pass multiple header values (ex: -H application/json -H X-Forwarded-Host: 127.0.0.1)-ra ,--random-agent enable Random User-Agent to use for probing (default: subprober/Alpha)-ip ,--ip find ip address for the host-cn ,--cname find cname for the host-maxr,--max-redirection set a max value to follow redirection (default: 10)[HEADLESS-Mode]:-ss,--screenshot enable to take screenshot of the page using headless browsers with asynchronous performance-st,--screenshot-timeout eet a timeout values for taking screenshosts-br,--browser-type select a browser for taking screenshots and browser available: chrome, firefox (default: chrome)and requires chrome driver, gecko driver to be installed[MATCHERS]:-ex,--exclude exclude specific response status code(s) from the analysis.-mc,--match specify specific response status code(s) to include in the analysis.[OUTPUT]:-o,--output define the output filename to store the results of the probing operation.-das,---disable-auto-save disable the autosave of the results when no output file is specified.-oD,--output-directory define a folder name to save screenshot outputs.[Rate-Limits]:-c,--concurrency set the concurrency level for subprober (default 50)-to,--timeout set a custom timeout value for sending requests.[UPDATES]:-up,--update update Subprober to the latest version (pip required to be installed)-sup,--show-updates shows the current version subprober updates[DEBUG]:-h,--help show this help message for you and exit!-s,--silent enable silent mode to suppress the display of Subprober banner and version information.-v,--verbose enable verbose mode to display error results on the console.-nc,--no-color enabling the --no-color will display the output without any CLI colors
https://github.com/RevoltSecurities/SubProber原文始发于微信公众号(Ots安全):Subprober - 用于渗透测试的快速多用途 Http 探测工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论