您好,登錄后才能下訂單哦!
這篇文章主要為大家展示了“Urlbuster是一款什么工具”,內容簡而易懂,條理清晰,希望能夠幫助大家解決疑惑,下面讓小編帶領大家一起研究并學習一下“Urlbuster是一款什么工具”這篇文章吧。
Urlbuster是一款功能強大的Web目錄模糊測試工具,該工具可以幫助廣大研究人員定位目標應用程序中現有和隱藏的文件以及目錄。該工具的功能類似于dirb和gobuster,但Urlbuster還提供了大量變異選項。
代理支持
Cookie支持
基本身份驗證
摘要授權
重試(對于慢速服務器)
持久性和非持久性HTTP連接
請求方法:GET、POST、PUT、DELETE、PATCH、HEAD、OPTIONS
自定義HTTP頭
修改POST,PUT和PATCHPayload
使用不同的請求方法進行變異
使用不同的HTTP頭進行變異
使用不同的文件擴展名進行變異
使用斜杠進行變異
枚舉GET參數值
廣大研究人員在配置好Python和pip環境之后,可以直接使用下列命令安裝Urlbuster:
pip install urlbuster
usage: urlbuster [options] -w <str>/-W <file> BASE_URL urlbuster -V, --help urlbuster -h, --version URL bruteforcer to locate existing and/or hidden files or directories. Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods, multiple useragents and multiple host header values. positional arguments: BASE_URL The base URL to scan. required arguments: -w str, --word str Word to use. -W f, --wordlist f Path to wordlist to use. optional global arguments: -n, --new Use a new connection for every request. If not specified persistent http connection will be used for all requests. Note, using a new connection will decrease performance, but ensure to have a clean state on every request. A persistent connection on the other hand will use any additional cookie values it has received from a previous request. -f, --follow Follow redirects. -k, --insecure Do not verify TLS certificates. -v, --verbose Show also missed URLs. --code str [str ...] HTTP status code to treat as success. You can use a '.' (dot) as a wildcard. Default: 2.. 3.. 403 407 411 426 429 500 505 511 --payload p [p ...] POST, PUT and PATCH payloads for all requests. Note, multiple values are allowed for multiple payloads. Note, if duplicates are specified, the last one will overwrite. See --mpayload for mutations. Format: <key>=<val> [<key>=<val>] --header h [h ...] Custom http header string to add to all requests. Note, multiple values are allowed for multiple headers. Note, if duplicates are specified, the last one will overwrite. See --mheaders for mutations. Format: <key>:<val> [<key>:<val>] --cookie c [c ...] Cookie string to add to all requests. Format: <key>=<val> [<key>=<val>] --proxy str Use a proxy for all requests. Format: http://<host>:<port> Format: http://<user>:<pass>@<host>:<port> Format: https://<host>:<port> Format: https://<user>:<pass>@<host>:<port> Format: socks5://<host>:<port> Format: socks5://<user>:<pass>@<host>:<port> --auth-basic str Use basic authentication for all requests. Format: <user>:<pass> --auth-digest str Use digest authentication for all requests. Format: <user>:<pass> --timeout sec Connection timeout in seconds for each request. Default: 5.0 --retry num Connection retries per request. Default: 3 --delay sec Delay between requests to not flood the server. --output file Output file to write results to. optional mutating arguments: The following arguments will increase the total number of requests to be made by applying various mutations and testing each mutation on a separate request. --method m [m ...] List of HTTP methods to test each request against. Note, each supplied method will double the number of requests. Supported methods: GET POST PUT DELETE PATCH HEAD OPTIONS Default: GET --mpayload p [p ...] POST, PUT and PATCH payloads to mutate all requests.. Note, multiple values are allowed for multiple payloads. Format: <key>=<val> [<key>=<val>] --mheader h [h ...] Custom http header string to add to mutate all requests. Note, multiple values are allowed for multiple headers. Format: <key>:<val> [<key>:<val>] --ext ext [ext ...] List of file extensions to to add to words for testing. Note, each supplied extension will double the number of requests. Format: .zip [.pem] --slash str Append or omit a trailing slash to URLs to test. Note, a slash will be added after the extensions if they are specified as well. Note, using 'both' will double the number of requests. Options: both, yes, no Default: no misc arguments: -h, --help Show this help message and exit -V, --version Show version information examples urlbuster -W /path/to/words http://example.com/ urlbuster -W /path/to/words http://example.com:8000/ urlbuster -k -W /path/to/words https://example.com:10000/
對于某些網站來說,在使用某些特殊用戶代理的情況下,即使調用的是相同的路徑,Web應用程序的反應和行為也會不同。
$ urlbuster \ -W /usr/share/dirb/wordlists/common.txt \ --mheader 'User-Agent:Googlebot/2.1 (+http://www.googlebot.com/bot.html)' \ --method 'POST,GET,DELETE,PUT,PATCH' \ http://www.domain.tld/
基本:
$ urlbuster \ -W /path/to/wordlist.txt \ http://www.domain.tld/
Burpsuite代理:
$ urlbuster \ -W /path/to/wordlist.txt \ --proxy 'http://localhost:8080' \ http://www.domain.tld/
將結果存儲至文件:
$ urlbuster \ -W /path/to/wordlist.txt \ --output out.txt \ http://www.domain.tld/
基礎認證掃描:
$ urlbuster \ -W /path/to/wordlist.txt \ --auth-basic 'user:pass' \ http://www.domain.tld/
使用會話Cookie:
$ urlbuster \ -W /path/to/wordlist.txt \ --cookie 'PHPSESSID=a79b00e7-035a-2bb4-352a-439d855feabf' \ http://www.domain.tld/
查找站點根目錄中的文件:
$ urlbuster \ -W /path/to/wordlist.txt \ --code 200 301 302 \ --ext .zip .tar .tar.gz .gz .rar \ http://www.domain.tld/
查找站點子目錄中的文件:
$ urlbuster \ -W /path/to/wordlist.txt \ --code 200 301 302 \ --ext .zip .tar .tar.gz .gz .rar \ http://www.domain.tld/wp-content/
爆破查詢參數:
$ urlbuster \ -W /path/to/wordlist.txt \ --method GET \ --code 200 301 302 \ http://www.domain.tld/search?q=
爆破POST請求:
$ urlbuster \ -W /path/to/wordlist.txt \ --code 200 301 302 \ --method POST \ --payload \ 'user=somename' \ 'pass=somepass' \ 'mail=some@mail.tld' \ 'submit=yes' \ http://www.domain.tld/
爆破變異POST請求:
$ urlbuster \ -w index.php \ --code 200 301 302 \ --method POST \ --mpayload \ 'user=somename1' \ 'user=somename2' \ 'user=somename3' \ 'pass=somepass1' \ 'pass=somepass2' \ 'pass=somepass3' \ 'mail=some@mail1.tld' \ 'mail=some@mail2.tld' \ 'mail=some@mail3.tld' \ 'submit=yes' \ http://www.domain.tld/wp-admin/
用戶代理SQL注入:
$ urlbuster \ -W /path/to/wordlist.txt \ --code 5.. \ --method GET POST \ --mheader \ "User-Agent: ;" \ "User-Agent: ' or \"" \ "User-Agent: -- or #" \ "User-Agent: ' OR '1" \ "User-Agent: ' OR 1 -- -" \ "User-Agent: \" OR 1 = 1 -- -" \ "User-Agent: '='" \ "User-Agent: 'LIKE'" \ "User-Agent: '=0--+" \ "User-Agent: OR 1=1" \ "User-Agent: ' OR 'x'='x" \ "User-Agent: ' AND id IS NULL; --" \ http://www.domain.tld/
查找潛在的vhost:
$ urlbuster \ -w / \ --method GET POST \ --mheader \ "Host: internal1.lan" \ "Host: internal2.lan" \ "Host: internal3.lan" \ "Host: internal4.lan" \ "Host: internal5.lan" \ "Host: internal6.lan" \ http://10.0.0.1
以上是“Urlbuster是一款什么工具”這篇文章的所有內容,感謝各位的閱讀!相信大家都有了一定的了解,希望分享的內容對大家有所幫助,如果還想學習更多知識,歡迎關注億速云行業資訊頻道!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。