Cansina是一款Web内容的发现工具,使用该工具指定详细的web目录内容作为payload即可破探测出web路径等资源。
- 工具安装操作如下
pip install --user requests[security]
git clone --depth=1 https://github.com/deibit/cansina
- 安装后在安装目录里可以看到以下文件
- 点击cansina.py的帮助信息
tdcqma:cansina $ ./cansina.py --help usage: cansina.py -u url -p payload [options] Cansina is a web content discovery tool. It makes requests and analyze the responses trying to figure out whether the resource is or not accessible. optional arguments: -h, --help show this help message and exit -A AUTHENTICATION Basic Authentication (e.g: user:password) -C COOKIES your cookies (e.g: key:value) -D Check for fake 404 (warning: machine decision) -H Make HTTP HEAD requests -P PROXIES Set a http and/or https proxy (ex: http://127.0.0.1:8080,https://... -S Remove ending slash for payloads -T REQUEST_DELAY Time (a float number, e.g: 0.25 or 1.75) between requests -U Make payload requests upper-case -a USER_AGENT The preferred user-agent (default provided) -b BANNED List of banned response codes -B UNBANNED List of unbanned response codes, mark all response as invalid without unbanned response codes, higher priority than banned -c CONTENT Inspect content looking for a particular string -d DISCRIMINATOR If this string if found it will be treated as a 404 -e EXTENSION Extension list to use e.g: php,asp,...(default none) -p PAYLOAD A single file, a file with filenames (.payload) or a directory (will do *.txt) -s SIZE_DISCRIMINATOR Will skip pages with this size in bytes (or a list of sizes 0,500,1500...) -t THREADS Number of threads (default 4) -u TARGET Target url -r RESUME Resume a session -R Parse robots.txt and check its contents --recursive Recursive descend on path directories --persist Use HTTP persistent connections --full-path Show full path instead of only resources --show-type Show content-type in results --no-follow Do not follow redirections License, requests, etc: https://github.com/deibit/cansina
- 使用cansina进行目录内容探测,其中-u指定待扫描域名,-p指定的./directory_list/dire.list则是需要自己配制添加目录字典文件
tdcqma:cansina $ ./cansina.py -u http://pen.test.com.cn/ -p ./directory_list/dire.list Resolving pen.test.com.cn HTTP GET requests Banned response codes: 404 Using payload: ./directory_list/dire.list Generating payloads... Spawning 4 threads Total requests 34926 (aprox: 8731 / thread) cod | size | line | time | ---------------------------------- 200 | 730 | 10925 | 42 | /cfide/administrator 200 | 730 | 13680 | 41 | /dms/AggreSpy 200 | 730 | 13681 | 26 | /dms/DMSDump 200 | 730 | 14981 | 43 | /etc/motd 200 | 730 | 14984 | 36 | /etc/shadow 200 | 730 | 18543 | 42 | /iisadmin
参考:https://github.com/deibit/cansina