安全工具-cansina

Cansina是一款Web内容的发现工具，使用该工具指定详细的web目录内容作为payload即可破探测出web路径等资源。

• 工具安装操作如下

pip install --user requests[security]
git clone --depth=1 https://github.com/deibit/cansina

• 安装后在安装目录里可以看到以下文件

• 点击cansina.py的帮助信息

tdcqma:cansina $ ./cansina.py --help
usage: cansina.py -u url -p payload [options]

Cansina is a web content discovery tool. It makes requests and analyze the
responses trying to figure out whether the resource is or not accessible.

optional arguments:
  -h, --help            show this help message and exit
  -A AUTHENTICATION     Basic Authentication (e.g: user:password)
  -C COOKIES            your cookies (e.g: key:value)
  -D                    Check for fake 404 (warning: machine decision)
  -H                    Make HTTP HEAD requests
  -P PROXIES            Set a http and/or https proxy (ex:
                        http://127.0.0.1:8080,https://...
  -S                    Remove ending slash for payloads
  -T REQUEST_DELAY      Time (a float number, e.g: 0.25 or 1.75) between
                        requests
  -U                    Make payload requests upper-case
  -a USER_AGENT         The preferred user-agent (default provided)
  -b BANNED             List of banned response codes
  -B UNBANNED           List of unbanned response codes, mark all response as
                        invalid without unbanned response codes, higher
                        priority than banned
  -c CONTENT            Inspect content looking for a particular string
  -d DISCRIMINATOR      If this string if found it will be treated as a 404
  -e EXTENSION          Extension list to use e.g: php,asp,...(default none)
  -p PAYLOAD            A single file, a file with filenames (.payload) or a
                        directory (will do *.txt)
  -s SIZE_DISCRIMINATOR
                        Will skip pages with this size in bytes (or a list of
                        sizes 0,500,1500...)
  -t THREADS            Number of threads (default 4)
  -u TARGET             Target url
  -r RESUME             Resume a session
  -R                    Parse robots.txt and check its contents
  --recursive           Recursive descend on path directories
  --persist             Use HTTP persistent connections
  --full-path           Show full path instead of only resources
  --show-type           Show content-type in results
  --no-follow           Do not follow redirections

License, requests, etc: https://github.com/deibit/cansina

•  使用cansina进行目录内容探测，其中-u指定待扫描域名，-p指定的./directory_list/dire.list则是需要自己配制添加目录字典文件

tdcqma:cansina $ ./cansina.py -u http://pen.test.com.cn/ -p ./directory_list/dire.list 
Resolving pen.test.com.cn
HTTP GET requests
Banned response codes: 404
Using payload: ./directory_list/dire.list
Generating payloads...
Spawning 4 threads 
Total requests 34926  (aprox: 8731 / thread)

cod |    size    |  line  | time |
----------------------------------
200 |        730 |  10925 |   42 |  /cfide/administrator
200 |        730 |  13680 |   41 |  /dms/AggreSpy
200 |        730 |  13681 |   26 |  /dms/DMSDump
200 |        730 |  14981 |   43 |  /etc/motd
200 |        730 |  14984 |   36 |  /etc/shadow
200 |        730 |  18543 |   42 |  /iisadmin

参考：https://github.com/deibit/cansina