webscan.py:
import argparse
import requests
from concurrent.futures import ThreadPoolExecutor
from multiprocessing import cpu_count
from fake_useragent import UserAgent
from threading import Lock
def read_file():
""" 读取撞库文件 """
with open(file=args.scan_dict, mode=\'r\', encoding=\'utf-8\') as f:
return f.readlines()
def write_file(content):
""" 将撞库成功的url写入到文件中 """
lock = Lock()
lock.acquire()
with open(file=args.scan_output, mode=\'a\', encoding=\'utf-8\') as f:
f.write(content)
lock.release()
def send_msg(line):
""" 整理url并发送请求 """
# http://www.baidu.com/match_result.php
url = "{}{}".format(args.scan_site, line) if "://" in args.scan_site else "{}{}{}".format("http://", args.scan_site, line)
try:
response = requests.get(url=url, timeout=60, allow_redirects=False, headers={"User-Agent": UserAgent().random})
if response.status_code == 200:
write_file(\'{}\n\'.format(response.url))
print(response.url, response.status_code)
except Exception as e:
print(e, url)
def run():
# 开启线程池,读取任务列表
# 任务列表:撞库文件
t = ThreadPoolExecutor(args.thread_num)
for i in read_file():
t.submit(send_msg, i)
if name == \'main\':
parse = argparse.ArgumentParser()
parse.add_argument(\'--site\', dest=\'scan_site\', help=\'要扫描的服务器\', type=str)
parse.add_argument(\'--dict\', dest=\'scan_dict\', help="撞库文件", default=\'webdict.txt\', type=str)
parse.add_argument(\'--output\', dest=\'scan_output\', help="存储撞库成功的路径", default=\'./output.txt\', type=str)
parse.add_argument(\'--thread\', dest=\'thread_num\', help=\'设置线程数量\', default=cpu_count() * 5, type=int)
args = parse.parse_args()
run()
"""
D:\dazhu\Python.toos\note>python "09 web目录扫描.py" --site www.7k7k.com
"""
webdict.txt:
网上有很多这样的字典,可以搜索下载。