• 安全工具-cansina


    Cansina是一款Web内容的发现工具,使用该工具指定详细的web目录内容作为payload即可破探测出web路径等资源。

    • 工具安装操作如下
    pip install --user requests[security]
    git clone --depth=1 https://github.com/deibit/cansina
    • 安装后在安装目录里可以看到以下文件

    • 点击cansina.py的帮助信息
    tdcqma:cansina $ ./cansina.py --help
    usage: cansina.py -u url -p payload [options]
    
    Cansina is a web content discovery tool. It makes requests and analyze the
    responses trying to figure out whether the resource is or not accessible.
    
    optional arguments:
      -h, --help            show this help message and exit
      -A AUTHENTICATION     Basic Authentication (e.g: user:password)
      -C COOKIES            your cookies (e.g: key:value)
      -D                    Check for fake 404 (warning: machine decision)
      -H                    Make HTTP HEAD requests
      -P PROXIES            Set a http and/or https proxy (ex:
                            http://127.0.0.1:8080,https://...
      -S                    Remove ending slash for payloads
      -T REQUEST_DELAY      Time (a float number, e.g: 0.25 or 1.75) between
                            requests
      -U                    Make payload requests upper-case
      -a USER_AGENT         The preferred user-agent (default provided)
      -b BANNED             List of banned response codes
      -B UNBANNED           List of unbanned response codes, mark all response as
                            invalid without unbanned response codes, higher
                            priority than banned
      -c CONTENT            Inspect content looking for a particular string
      -d DISCRIMINATOR      If this string if found it will be treated as a 404
      -e EXTENSION          Extension list to use e.g: php,asp,...(default none)
      -p PAYLOAD            A single file, a file with filenames (.payload) or a
                            directory (will do *.txt)
      -s SIZE_DISCRIMINATOR
                            Will skip pages with this size in bytes (or a list of
                            sizes 0,500,1500...)
      -t THREADS            Number of threads (default 4)
      -u TARGET             Target url
      -r RESUME             Resume a session
      -R                    Parse robots.txt and check its contents
      --recursive           Recursive descend on path directories
      --persist             Use HTTP persistent connections
      --full-path           Show full path instead of only resources
      --show-type           Show content-type in results
      --no-follow           Do not follow redirections
    
    License, requests, etc: https://github.com/deibit/cansina
    
    •  使用cansina进行目录内容探测,其中-u指定待扫描域名,-p指定的./directory_list/dire.list则是需要自己配制添加目录字典文件
    tdcqma:cansina $ ./cansina.py -u http://pen.test.com.cn/ -p ./directory_list/dire.list 
    Resolving pen.test.com.cn
    HTTP GET requests
    Banned response codes: 404
    Using payload: ./directory_list/dire.list
    Generating payloads...
    Spawning 4 threads 
    Total requests 34926  (aprox: 8731 / thread)
    
    cod |    size    |  line  | time |
    ----------------------------------
    200 |        730 |  10925 |   42 |  /cfide/administrator
    200 |        730 |  13680 |   41 |  /dms/AggreSpy
    200 |        730 |  13681 |   26 |  /dms/DMSDump
    200 |        730 |  14981 |   43 |  /etc/motd
    200 |        730 |  14984 |   36 |  /etc/shadow
    200 |        730 |  18543 |   42 |  /iisadmin

    参考:https://github.com/deibit/cansina

  • 相关阅读:
    CTFHUB-技能树-Web-文件上传
    CTFHUB-技能树-Web-XSS-反射型
    一个算法习题
    python2和python3如何共存并都可用
    beacon帧字段结构最全总结(一)——beacon基本结构
    WiFi基础知识整理
    无线 WIFI 的13个信道频率范围
    Wifi模块的工作原理
    WIFI无线协议802.11a/b/g/n/ac的演变以及区别
    HTTP网络通讯协议详解
  • 原文地址:https://www.cnblogs.com/tdcqma/p/7550353.html
Copyright © 2020-2023  润新知