首页 渗透工具 正文
  • 本文约4301字,阅读需22分钟
  • 6391
  • 0

Konan – 高级Web目录扫描爆破工具,支持多线程/代理/字典/子目录等

Konan - Web目录扫描程序

Konan是一个开源的用于Web目录扫描的工具,针对目录和文件名。类似的还有DirBuster,dirmap等。下面也对其它类似工具的功能对比。

Konan - 高级Web目录扫描爆破工具,支持多线程/代理/字典/子目录等
Konan目录扫描

支持平台

  • Linux
  • Windows
  • MacOSX

同类工具功能对比

功能Konandirsearchdirbgobuster
多线程yesyesyesyes
支持多扩展yesyesnono
HTTP代理支持yesyesyesyes
报告yes (text and json)yes (text and json)yes (text)no
随机代理yesyesnono
正则 regexp忽略单词yesnonono
字典拆分扩展名yesnonono
多种方法yesnonono
响应大小过程yesnonono
暴力破解子目录yesnonono
暴力破解递归子目录yesnonono
URL注入点yesnonono

Konan安装

git clone https://github.com/m4ll0k/Konan.git konan
cd konan && pip install -r requirements.txt

运行

python konan.py

Konan使用

基本:python konan.py -u/--url http://example.com/

URL: http://testphp.vulnweb.com/

PERCENT -   TIME   - CODE  -   METHOD  - LENGTH - URL
-------------------------------------------------------
0.39%    - 01:32:50 -  200  - GET -  4958    - http://testphp.vulnweb.com/index.php 
0.43%    - 01:32:52 -  200  - GET -  4732    - http://testphp.vulnweb.com/search.php 
0.54%    - 01:32:57 -  200  - GET -  5523    - http://testphp.vulnweb.com/login.php 
0.81%    - 01:33:12 -  200  - GET -  4830    - http://testphp.vulnweb.com/logout.php 
8.77%    - 01:40:02 -  302  - GET -  14      - http://testphp.vulnweb.com/userinfo.php  -> login.php

注入点:python konan.py -u/--url http://example.com/%%/index.php

  • python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt

字典扫描, 默认 /db/dict.txt:

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt

Provide extensions with -e/--extension option and force extension for every wordlist entry with -f/--force option:

python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force

URL: http://testphp.vulnweb.com/

PERCENT -   TIME   - CODE  -   METHOD  - LENGTH - URL
-------------------------------------------------------
0.39%    - 02:00:21 -  200  - GET -  4958    - http://testphp.vulnweb.com/index.html 
0.43%    - 02:00:23 -  200  - GET -  4732    - http://testphp.vulnweb.com/search.php 
0.54%    - 02:00:30 -  200  - GET -  5523    - http://testphp.vulnweb.com/login.php 
0.81%    - 02:00:46 -  200  - GET -  4830    - http://testphp.vulnweb.com/logout.html 
0.87%    - 02:00:50 -  200  - GET -  6115    - http://testphp.vulnweb.com/categories.html

状态码排除:

  • python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401

仅提供输出的状态代码:

  • python konan.py -u/--url http://example.com/ -o/--only 200,301,302

字典小写 (isATest -> isatest) 和大写 (isAtest -> ISATEST):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]

字典拆分 (test.php -> to -> test):

  • python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split

Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_

  • python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"

Output without -I/--ignore options:

Output with -I/--ignore (in this case \?+) options:

递归:

  • python konan.py -u/--url http://example.com/ -E/--recursive

Recursive directory found and directory provided by -D/--dir-rec:

  • python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"

暴力破解目录 -S/--sub-dir:

  • python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"

多种方法 (检查 GET,POST,PUT 和 DELETE 输入词):

Note: Much web application if not make the request with right method return 404 code, this option test all methods

  • python konan.py -u/--url http://example.com/ -m/--methods"

Content size process (show response if the response size is ">[number]","<[number]","=[number]"):

  • python konan.py -u/--url http://example.com/ -C/--length "<1000"
    URL: http://testphp.vulnweb.com/
    
    PERCENT -   TIME   - CODE  -   METHOD  - LENGTH - URL
    -------------------------------------------------------
    0.19%    - 02:11:46 -  301  - GET -  184     - http://testphp.vulnweb.com/admin  -> http://testphp.vulnweb.com/admin/
    1.73%    - 02:12:37 -  301  - GET -  184     - http://testphp.vulnweb.com/images  -> http://testphp.vulnweb.com/images/​
温馨提示:本文最后更新于2019年8月14日 19:31,若内容或图片失效,请在下方留言或联系博主。
评论
博主关闭了评论