OWASP Web目录扫描程序
opendoor的Python项目详细描述
opendoor owasp是控制台多功能网站扫描仪。这个 应用程序找到所有可能的登录方式,索引/目录, 受限访问点、子域、隐藏数据和大型备份。这个 扫描由内置字典和外部 还有字典。匿名性和速度是通过使用 代理服务器。软件是为提供信息而编写的 GPL许可下的开源产品。
- 当前版本3.2.36-rc(04.06.2017)
- 目录-35888
- 子域-101000
*在实时商业系统和 禁止组织!*
Alt文本
机具
- [X]多线程控制
- [x]扫描报告
- [X]目录扫描仪
- [x]子域扫描程序
- [X]http(s)(端口)支持
- [X]保持长池运行
- [X]动态请求头
- [x]自定义wordlst的前缀
- [X]自定义词表、代理、忽略列表
- [X]调试级别(1-3)
- [X]扩展筛选器
- [X]自定义报告目录
- [x]自定义配置向导(使用随机技术)
- [X]分析技术
- 检测重定向
- 检测/Apache的索引
- 检测大文件
- 证明所需页面
- [X]随机化技术
- 每个请求的随机用户代理
- 每个请求的随机代理
- 无序排列单词表
本地安装和运行
git clone https://github.com/stanislav-web/OpenDoor.git cd OpenDoor/ pip install -r requirements.txt chmod +x opendoor.py python3 opendoor.py --host http://www.example.com
全局安装(最好用于操作系统发行版)
git clone https://github.com/stanislav-web/OpenDoor.git cd OpenDoor/ python3 setup.py build && python3 setup.py install opendoor --host http://www.example.com
更新
python3 opendoor.py --update opendoor --update
更改日志(上次更改)
V3.3.36-RC(2017年8月4日)
- Add config wizard (allows you to configure own project)
V3.2.36-RC(2017年6月4日)
- Added custom reports directory --reports-dir /home/user/Reports - Added user guide --docs - Reusable proxy requests pooling in --tor, --torlist - Prevent socks5 proxies warnings - Optimizing scan execution - Request's delays allow to use of milliseconds - Python2.7 no longer support
帮助
usage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS] [-d DELAY] [--timeout TIMEOUT] [-r RETRIES] [--accept-cookies] [--debug DEBUG] [--tor] [--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST] [--reports REPORTS] [--reports-dir REPORTS_DIR] [--random-agent] [--random-list] [--prefix PREFIX] [-e EXTENSIONS] [-i] [--update] [--version] [--examples] [--docs] [--wizard [WIZARD]] optional arguments: -h, --help show this help message and exit required named options: --host HOST Target host (ip); --host http://example.com Application tools: --update Update from CVS --version Get current version --examples Examples of usage --docs Read documentation --wizard [WIZARD] Run wizard scanner from your config Debug tools: --debug DEBUG Debug level 1 - 3 Reports tools: --reports REPORTS Scan reports (json,std,txt,html) --reports-dir REPORTS_DIR Path to custom reports dir Request tools: -p PORT, --port PORT Custom port (Default 80) -m METHOD, --method METHOD Request method (use HEAD as default) -d DELAY, --delay DELAY Delay between requests threading --timeout TIMEOUT Request timeout (30 sec default) -r RETRIES, --retries RETRIES Max retries to reconnect (default 3) --accept-cookies Accept and route cookies from responses --tor Using built-in proxylist --torlist TORLIST Path to custom proxylist --proxy PROXY Custom permanent proxy server --random-agent Randomize user-agent per request Sniff tools: -i, --indexof Detect Apache Index of/ Stream tools: -t THREADS, --threads THREADS Allowed threads Wordlist tools: -s SCAN, --scan SCAN Scan type scan=directories or scan=subdomains -w WORDLIST, --wordlist WORDLIST Path to custom wordlist --random-list Shuffle scan list --prefix PREFIX Append path prefix to scan host -e EXTENSIONS, --extensions EXTENSIONS Extensions filter -e php,json e.g
维护人员
- @stanislav webhttps://github.com/stanislav-web(开发人员)
测试
pip install -r requirements-dev.txt coverage run --source=src/ setup.py test