Konan:用于Web目錄掃描的工具
介紹
Konan是一個開源的用于Web目錄掃描的工具,針對目錄和文件名。類似的還有DirBuster,dirmap等。下面也對其它類似工具的功能對比。
Konan目錄掃描
支持平臺
Windows
MacOSX
同類工具功能對比
| 功能 | Konan | dirsearch | dirb | gobuster |
|---|---|---|---|---|
| 多線程 | yes | yes | yes | yes |
| 支持多擴展 | yes | yes | no | no |
| HTTP代理支持 | yes | yes | yes | yes |
| 報告 | yes (text and json) | yes (text and json) | yes (text) | no |
| 隨機代理 | yes | yes | no | no |
| 正則 regexp忽略單詞 | yes | no | no | no |
| 字典拆分擴展名 | yes | no | no | no |
| 多種方法 | yes | no | no | no |
| 響應大小過程 | yes | no | no | no |
| 暴力破解子目錄 | yes | no | no | no |
| 暴力破解遞歸子目錄 | yes | no | no | no |
| URL注入點 | yes | no | no | no |
Konan安裝
git clone https://github.com/m4ll0k/Konan.git konan cd konan && pip install -r requirements.txt
運行
python konan.py
Konan使用
基本:
python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/ PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.php 0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php 0.54% - 01:32:57 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php 0.81% - 01:33:12 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.php 8.77% - 01:40:02 - 302 - GET - 14 - http://testphp.vulnweb.com/userinfo.php -> login.php
注入點:
python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.39% - 01:32:50 - 200 - GET - 4958 - http://testphp.vulnweb.com/test/index.php 0.43% - 01:32:52 - 200 - GET - 4732 - http://testphp.vulnweb.com/search/index.php
python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%% PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.39% - 0150 - 200 - GET - 4958 - http://testphp.vulnweb.com/test12 0.43% - 0152 - 200 - GET - 4732 - http://testphp.vulnweb.com/test34
字典掃描, 默認 /db/dict.txt:
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
Provide extensions with-e/--extensionoption and force extension for every wordlist entry with-f/--forceoption:
python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/ PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.39% - 0221 - 200 - GET - 4958 - http://testphp.vulnweb.com/index.html 0.43% - 0223 - 200 - GET - 4732 - http://testphp.vulnweb.com/search.php 0.54% - 0230 - 200 - GET - 5523 - http://testphp.vulnweb.com/login.php 0.81% - 0246 - 200 - GET - 4830 - http://testphp.vulnweb.com/logout.html 0.87% - 0250 - 200 - GET - 6115 - http://testphp.vulnweb.com/categories.html狀態碼排除:
python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
僅提供輸出的狀態代碼:
python konan.py -u/--url http://example.com/ -o/--only 200,301,302
字典小寫 (isATest -> isatest) 和大寫 (isAtest -> ISATEST):
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
字典拆分 (test.php -> to -> test): python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split Wordlist Ignore word,letters,number,..etc provided by regexp (w*.php|w*.html,^[0-9_-]+):_
python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "?+"
Output without-I/--ignoreoptions:
URL: http://testphp.vulnweb.com/ PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.39% - 0231 - 200 - GET - 4958 - http://testphp.vulnweb.com/???.php 0.43% - 0232 - 200 - GET - 4732 - http://testphp.vulnweb.com/??????????? 0.54% - 0235 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/Output with-I/--ignore(in this case?+) options:
URL: http://testphp.vulnweb.com/ PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.54% - 02:06:35 - 200 - GET - 5523 - http://testphp.vulnweb.com/admin/
遞歸:
python konan.py -u/--url http://example.com/ -E/--recursive
Recursive directory found and directory provided by-D/--dir-rec:
python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
暴力破解目錄-S/--sub-dir:
python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
多種方法 (檢查 GET,POST,PUT 和 DELETE 輸入詞):
Note: Much web application if not make the request with right method return 404 code, this option test all methods
python konan.py -u/--url http://example.com/ -m/--methods"
Content size process (show response if the response size is ">[number]","<[number]","=[number]"):
python konan.py -u/--url http://example.com/ -C/--length "<1000"
URL: http://testphp.vulnweb.com/ PERCENT - TIME - CODE - METHOD - LENGTH - URL ------------------------------------------------------- 0.19% - 02:11:46 - 301 - GET - 184 - http://testphp.vulnweb.com/admin -> http://testphp.vulnweb.com/admin/ 1.73% - 02:12:37 - 301 - GET - 184 - http://testphp.vulnweb.com/images -> http://testphp.vulnweb.com/images/
責任編輯:彭菁
-
Web
+關注
關注
2文章
1280瀏覽量
70768 -
開源
+關注
關注
3文章
3577瀏覽量
43426
原文標題:一款高級Web目錄掃描爆破工具
文章出處:【微信號:菜鳥學安全,微信公眾號:菜鳥學安全】歡迎添加關注!文章轉載請注明出處。
發布評論請先 登錄
labview web 發布工具
labview web發布工具問題
一款web綜合掃描工具
多線程的web目錄掃描工具
Acunetix Web Vulnerability Scanner(AWVS)工具簡介
OAScan:用來掃描oa的漏洞工具
常見的漏洞掃描工具
漏洞掃描一般采用的技術是什么
Web端TCP/UDP測試工具!小白必學~
工商網監
評論