2、利用黑名单过滤无效页面;
3、利用白名单探求漏洞褒奖Hunter感兴趣的页面内容;
4、过滤页面中的随机内容;
5、以多种办法判断404缺点页面;
6、扫描完成后实行统计数据剖析,并天生终极的结果;
7、支持HTTP2;
工具安装由于该工具基于Python开拓,因此我们首先须要在本地设备上安装并配置好Python环境。接下来,广大研究职员可以直策应用下列命令将该项目源码克隆至本地:
git clone https://github.com/rapiddns/Afuzz.git
然后切换到项目目录中,利用pip工具和项目供应的requirements.txt文件安装该工具所需的其他依赖组件:
cd Afuzzpip install -r requirements.txt
依赖组件安装完成后,实行下列安装脚本即可:
python setup.py install
除此之外,我们还可以直策应用pip工具安装Afuzz:
pip install afuzz工具选项
-h, --help 显示工具帮助信息和退出 -u URL, --url URL 设置目标URL -o OUTPUT, --output OUTPUT 输出文件路径 -e EXTENSIONS, --extensions EXTENSIONS 扩展列表,逗号分隔 (例如: php,aspx,jsp) -t THREAD, --thread THREAD 线程数量 -d DEPTH, --depth DEPTH 最大递归深度 -w WORDLIST, --wordlist WORDLIST 字典文件路径 -f, --fullpath 完全路径 -p PROXY, --proxy PROXY 代理, (例如:http://127.0.0.1:8080)工具运行
利用命令
afuzz -u https://target
afuzz -e php,html,js,json -u https://target
afuzz -e php,html,js -u https://target -d 3
多线程利用
afuzz -e aspx,jsp,php,htm,js,bak,zip,txt,xml -u https://target -t 50
工具运行样例
afuzz -u http://testphp.vulnweb.com -t 30扫描结果
数据表
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+| http://testphp.vulnweb.com/ |+-----------------------------+---------------------+--------+-----------------------------------+-----------------------+--------+--------------------------+-------+-------+-----------+----------+| target | path | status | redirect | title | length | content-type | lines | words | type | mark |+-----------------------------+---------------------+--------+-----------------------------------+-----------------------+--------+--------------------------+-------+-------+-----------+----------+| http://testphp.vulnweb.com/ | .idea/workspace.xml | 200 | | | 12437 | text/xml | 217 | 774 | check | || http://testphp.vulnweb.com/ | admin | 301 | http://testphp.vulnweb.com/admin/ | 301 Moved Permanently | 169 | text/html | 8 | 11 | folder | 30x || http://testphp.vulnweb.com/ | login.php | 200 | | login page | 5009 | text/html | 120 | 432 | check | || http://testphp.vulnweb.com/ | .idea/.name | 200 | | | 6 | application/octet-stream | 1 | 1 | check | || http://testphp.vulnweb.com/ | .idea/vcs.xml | 200 | | | 173 | text/xml | 8 | 13 | check | || http://testphp.vulnweb.com/ | .idea/ | 200 | | Index of /.idea/ | 937 | text/html | 14 | 46 | whitelist | index of || http://testphp.vulnweb.com/ | cgi-bin/ | 403 | | 403 Forbidden | 276 | text/html | 10 | 28 | folder | 403 || http://testphp.vulnweb.com/ | .idea/encodings.xml | 200 | | | 171 | text/xml | 6 | 11 | check | || http://testphp.vulnweb.com/ | search.php | 200 | | search | 4218 | text/html | 104 | 364 | check | || http://testphp.vulnweb.com/ | product.php | 200 | | picture details | 4576 | text/html | 111 | 377 | check | || http://testphp.vulnweb.com/ | admin/ | 200 | | Index of /admin/ | 248 | text/html | 8 | 16 | whitelist | index of || http://testphp.vulnweb.com/ | .idea | 301 | http://testphp.vulnweb.com/.idea/ | 301 Moved Permanently | 169 | text/html | 8 | 11 | folder | 30x |+-----------------------------+---------------------+--------+-----------------------------------+-----------------------+--------+--------------------------+-------+-------+-----------+----------+```JSON格式数据
{ "result": [ { "target": "http://testphp.vulnweb.com/", "path": ".idea/workspace.xml", "status": 200, "redirect": "", "title": "", "length": 12437, "content_type": "text/xml", "lines": 217, "words": 774, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea/workspace.xml" }, { "target": "http://testphp.vulnweb.com/", "path": "admin", "status": 301, "redirect": "http://testphp.vulnweb.com/admin/", "title": "301 Moved Permanently", "length": 169, "content_type": "text/html", "lines": 8, "words": 11, "type": "folder", "mark": "30x", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/admin" }, { "target": "http://testphp.vulnweb.com/", "path": "login.php", "status": 200, "redirect": "", "title": "login page", "length": 5009, "content_type": "text/html", "lines": 120, "words": 432, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/login.php" }, { "target": "http://testphp.vulnweb.com/", "path": ".idea/.name", "status": 200, "redirect": "", "title": "", "length": 6, "content_type": "application/octet-stream", "lines": 1, "words": 1, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea/.name" }, { "target": "http://testphp.vulnweb.com/", "path": ".idea/vcs.xml", "status": 200, "redirect": "", "title": "", "length": 173, "content_type": "text/xml", "lines": 8, "words": 13, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea/vcs.xml" }, { "target": "http://testphp.vulnweb.com/", "path": ".idea/", "status": 200, "redirect": "", "title": "Index of /.idea/", "length": 937, "content_type": "text/html", "lines": 14, "words": 46, "type": "whitelist", "mark": "index of", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea/" }, { "target": "http://testphp.vulnweb.com/", "path": "cgi-bin/", "status": 403, "redirect": "", "title": "403 Forbidden", "length": 276, "content_type": "text/html", "lines": 10, "words": 28, "type": "folder", "mark": "403", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/cgi-bin/" }, { "target": "http://testphp.vulnweb.com/", "path": ".idea/encodings.xml", "status": 200, "redirect": "", "title": "", "length": 171, "content_type": "text/xml", "lines": 6, "words": 11, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea/encodings.xml" }, { "target": "http://testphp.vulnweb.com/", "path": "search.php", "status": 200, "redirect": "", "title": "search", "length": 4218, "content_type": "text/html", "lines": 104, "words": 364, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/search.php" }, { "target": "http://testphp.vulnweb.com/", "path": "product.php", "status": 200, "redirect": "", "title": "picture details", "length": 4576, "content_type": "text/html", "lines": 111, "words": 377, "type": "check", "mark": "", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/product.php" }, { "target": "http://testphp.vulnweb.com/", "path": "admin/", "status": 200, "redirect": "", "title": "Index of /admin/", "length": 248, "content_type": "text/html", "lines": 8, "words": 16, "type": "whitelist", "mark": "index of", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/admin/" }, { "target": "http://testphp.vulnweb.com/", "path": ".idea", "status": 301, "redirect": "http://testphp.vulnweb.com/.idea/", "title": "301 Moved Permanently", "length": 169, "content_type": "text/html", "lines": 8, "words": 11, "type": "folder", "mark": "30x", "subdomain": "testphp.vulnweb.com", "depth": 0, "url": "http://testphp.vulnweb.com/.idea" } ], "total": 12, "target": "http://testphp.vulnweb.com/"}字典(主要)
1、Afuzz所利用的字典是一个text文本文件,每一个路径单独每一行;
2、关于后缀,Afuzz会利用-e参数供应的后缀更换%EXT%关键词,如果没设置-e的话,则利用默认值;
3、我们可以基于域名来天生字典,Afuzz可以利用主机更换%subdomain%,利用根域名更换%rootdomain%,利用子域名更换%sub%,利用域名更换%domain%;
利用样例
普通后缀:
index.%EXT%
设置asp和aspx后缀将天生下列字典:
indexindex.aspindex.aspx
主机:
%subdomain%.%ext%%sub%.bak%domain%.zip%rootdomain%.zip
通报https://test-www.hackerone.com和php后缀将天生下列字典:
test-www.hackerone.com.phptest-www.ziptest.zipwww.ziptestwww.ziphackerone.ziphackerone.com.zip项目地址
Afuzz:https://github.com/RapidDNS/Afuzz
参考链接https://github.com/xmendez/wfuzz
https://github.com/s0md3v/Arjun
