推动开源 推动网络安全

Konan – 高级Web应用程序目录扫描程序

项目地址:https://github.com/m4ll0k/Konan

安装

通过克隆Git存储库来下载Konan

git clone https://github.com/m4ll0k/Konan.git konan

安装要求 pip

cd konan && pip install -r requirements.txt

运行程序

python konan.py

支持平台

  • Linux
  • windows
  • MacOSX

用法

基础:

  • python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.39%    - 01:32:50 -  200  -	GET	-  4958    - http://testphp.vulnweb.com/index.php 
0.43%    - 01:32:52 -  200  -	GET	-  4732    - http://testphp.vulnweb.com/search.php 
0.54%    - 01:32:57 -  200  -	GET	-  5523    - http://testphp.vulnweb.com/login.php 
0.81%    - 01:33:12 -  200  -	GET	-  4830    - http://testphp.vulnweb.com/logout.php 
8.77%    - 01:40:02 -  302  -	GET	-  14      - http://testphp.vulnweb.com/userinfo.php  -> login.php

注射点:

  • python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.39%    - 01:32:50 -  200  -	GET	-  4958    - http://testphp.vulnweb.com/test/index.php 
0.43%    - 01:32:52 -  200  -	GET	-  4732    - http://testphp.vulnweb.com/search/index.php 

  • python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.39%    - 01:32:50 -  200  -	GET	-  4958    - http://testphp.vulnweb.com/test12
0.43%    - 01:32:52 -  200  -	GET	-  4732    - http://testphp.vulnweb.com/test34 

提供wordlist,默认/db/dict.txt

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt

使用-e/--extension选项为每个wordlist条目提供扩展选项和强制扩展-f/--force

  • python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.39%    - 02:00:21 -  200  -	GET	-  4958    - http://testphp.vulnweb.com/index.html 
0.43%    - 02:00:23 -  200  -	GET	-  4732    - http://testphp.vulnweb.com/search.php 
0.54%    - 02:00:30 -  200  -	GET	-  5523    - http://testphp.vulnweb.com/login.php 
0.81%    - 02:00:46 -  200  -	GET	-  4830    - http://testphp.vulnweb.com/logout.html 
0.87%    - 02:00:50 -  200  -	GET	-  6115    - http://testphp.vulnweb.com/categories.html

提供状态代码排除:

  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401

仅提供输出的状态代码:

  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302

Wordlist小写(isATest – > isatest)和大写(isAtest – > ISATEST):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

Wordlist split(test.php – > to – > test):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist忽略regexp(\w*.php|\w*.html^[0-9_-]+)提供的单词,字母,数字等.. : _

  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"

没有-I/--ignore选项的输出:

URL: http://testphp.vulnweb.com/

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.39%    - 02:06:31 -  200  -	GET	-  4958    - http://testphp.vulnweb.com/???.php 
0.43%    - 02:06:32 -  200  -	GET	-  4732    - http://testphp.vulnweb.com/??????????? 
0.54%    - 02:06:35 -  200  -	GET	-  5523    - http://testphp.vulnweb.com/admin/ 

输出-I/--ignore(在这种情况下\?+)选项:

 URL: http://testphp.vulnweb.com/

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.54%    - 02:06:35 -  200  -	GET	-  5523    - http://testphp.vulnweb.com/admin/ 

递归:

  • python konan.py -u/--url http://example.com/ -E/--recursive

找到的递归目录和目录提供者-D/--dir-rec

  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"

Brute Force目录提供者-S/--sub-dir

  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"

多种方法(检查GET,POST,PUT和DELETE以进行单词输入)

注意:很多Web应用程序如果没有用正确的方法发出请求返回404代码,这个选项测试所有方法

  • python konan.py -u/--url http://example.com/ -m/--methods"

内容大小过程(如果响应大小为“> [数字]”,“<[数字]”,“= [数字]”,则显示响应):

  • python konan.py -u/--url http://example.com/ -C/--lenght "<1000"
URL: http://testphp.vulnweb.com/

PERCENT	 -   TIME   - CODE  -   METHOD  - LENGHT - URL
-------------------------------------------------------
0.19%    - 02:11:46 -  301  -	GET	-  184     - http://testphp.vulnweb.com/admin  -> http://testphp.vulnweb.com/admin/
1.73%    - 02:12:37 -  301  -	GET	-  184     - http://testphp.vulnweb.com/images  -> http://testphp.vulnweb.com/images/
历史上的今天
六月
19
    哇哦~~~,历史上的今天没发表过文章哦
赞(1)
未经允许不得转载:Mrk丶Bolg » Konan – 高级Web应用程序目录扫描程序
分享到: 更多 (0)
标签:

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  • Q Q(选填)
×
订阅图标按钮