分类 标签 存档 黑客派 订阅 搜索

Golang 初练手 - 多线程网站路径爆破

88 浏览

以前用 Python 写过这个工具,前两天看了 golang 的基础,就想着用这个语言把这个工具重写一遍

先放张图演示1.gif

用法

    Example : Buster.exe -u=https://www.baidu.com -d=asp.txt -t=5
    Buster是你的程序名字
    -u后面填网址参数,格式如上
    -d选字典
    -t是线程数
    当你第一次运行请直接在命令行运行你的程序,什么参数都别加,他会有提示信息告诉你怎么做的

话不多说,直接上代码,字典采用的以前搜集的一个珍藏的大字典,跑起来可能耗时比较久,文件外链会放在底下

package main

import (
    "bufio"
    "flag"
    "fmt"
    "io/ioutil"
    "net/http"
    "os"
    "sync"
)

var urls chan string
var no404URL = make(chan string)
var wg sync.WaitGroup //等待goroutine完成

func main() {

    var baseURL string
    var dicPath string
    var threadCount int
    flag.StringVar(&baseURL, "u", "https://www.baidu.com", "website which you want to burst")
    flag.StringVar(&dicPath, "d", "asp.txt", "dic which you want to use")
    flag.IntVar(&threadCount, "t", 5, "number of Thread")
    flag.Parse()

    if len(os.Args) == 1 {
        fmt.Println("------------------------------------")
        fmt.Println(" Author      |       Akkuamn")
        fmt.Println("------------------------------------")
        fmt.Println(" Update-v1.0 |      2017-02-07")
        fmt.Println("-------------------------------------")
        fmt.Printf("\nUsage : \n\tExample : %s -u=https://www.baidu.com -d=asp.txt -t=5\n\n", os.Args[0])
        fmt.Printf("View more help via %s -h\n\n", os.Args[0])
        listDic("dic")
    } else {
        dicPath = "./dic/" + dicPath
        start(baseURL, dicPath, threadCount)
        wg.Wait() //等待goroutine完成
    }
}

func start(baseURL string, dicPath string, threadCount int) {

    dicFile, dicError := os.OpenFile(dicPath, os.O_RDONLY, 0)
    if dicError != nil {
        fmt.Printf("\nOpenFile Error:文件打开出错,请检查字典文件是否存在,或文件名是否准确\n")
        return
    }
    defer dicFile.Close()

    //把处理后的需要爆破的url全部传到信道urls
    ReturnBurstURL(dicFile, baseURL)

    //单独开goroutine从信道no404URL取数据写入文件
    go func() {
        resultTxt, err := os.OpenFile("result.txt", os.O_CREATE|os.O_TRUNC|os.O_RDWR, 0660)
        if err != nil {
            fmt.Println("OpenFile Error:" + err.Error())
        }
        resultWriter := bufio.NewWriter(resultTxt)
        defer resultTxt.Close()
        for {
            _, err = resultWriter.WriteString(<-no404URL)
            if err != nil {
                fmt.Println("resultWriter Error:" + err.Error())
            }
            resultWriter.Flush()
        }
    }()

    //并发访问网址并将状态码不为404的网址加入信道no404URL
    for i := 0; i < threadCount; i++ {
        wg.Add(1)
        go func(i int) {
            for len(urls) > 0 {
                url := <-urls
                status := HTTPStatus(url)
                fmt.Printf("[%d]%s-----%s\n", i, status, url)
                if status != "404 Not Found" {
                    no404URL <- status + "-----" + url + "\n"
                }
            }
            wg.Done()
        }(i)
    }
}

//返回HTTP访问状态码
func HTTPStatus(url string) (status string) {
    client := http.DefaultClient
    reqest, err := http.NewRequest("HEAD", url, nil)
    if err == nil {
        reqest.Header.Set("User-Agent", "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:51.0) Gecko/20100101 Firefox/51.0")
        reqest.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
        response, err1 := client.Do(reqest)
        if err1 != nil {
            fmt.Println("HTTPRequest Error:" + err1.Error())
        }

        defer response.Body.Close()
        return response.Status
    } else {
        fmt.Println("NewRequest Error:" + err.Error())
        return "400 Bad Request"
    }
}

//把处理后的需要爆破的url全部传到信道urls
func ReturnBurstURL(fURL *os.File, baseurl string) {
    var urlList []string
    allURLTxt := bufio.NewScanner(fURL)
    for allURLTxt.Scan() {
        newurl := baseurl + "/" + allURLTxt.Text()
        urlList = append(urlList, newurl)
    }
    urls = make(chan string, len(urlList))
    for _, url := range urlList {
        urls <- url
    }
    fmt.Printf("\n读取字典完成,准备开始,请等待...\n")
}

//罗列出可用字典
func listDic(dicDir string) {
    dirList, err := ioutil.ReadDir(dicDir)
    if err != nil {
        fmt.Println("ReadDir Error : " + err.Error() + "\n")
    }
    fmt.Println("Dic you can select : ")
    for _, file := range dirList {
        fmt.Printf("    %s\n", file.Name())
    }
}

只编译了 win 平台下的,如果有需要可以自行编译

源码及字典及 win 程序
密码: g1gd

评论  
留下你的脚步
推荐阅读