0x01 參考了烏雲漏洞鏈接
https://raw.githubusercontent.com/w2n1ck/wooyunDic/master/dicc.txt
0x02 把比較典型提取了出來
#coding=utf-8 # python3.6 import sys import imp imp.reload(sys) import os import os.path import requests from urllib.parse import unquote
suffixList = ['.rar','.zip','.tar','.tar.gz'] keyList = ['www','wwwroot','site','web','website','backup','data','mdb','WWW','新建文件夾','ceshi','databak', 'db','database','sql','bf','備份','1','2','11','111','a','123','test','admin','app','bbs','htdocs','wangzhan'] def run(url): num1 = url.find('.') num2 = url.find('.', num1 + 1) keyList.append(url[num1 + 1:num2]) keyList.append(url) keyList.append(url.replace('.', '_')) keyList.append(url.replace('.', '')) keyList.append(url[num1 + 1:]) keyList.append(url[num1 + 1:].replace('.', '_')) #用法 python3 bfuzz.py www.baidu.com url =sys.argv[1] run(url) tempList = [] for key in keyList: for suff in suffixList: tempList.append(key + suff) fobj = open(url+".txt" , 'w') for each in tempList: fobj.write('%s%s' % (each,'\n')) fobj.flush()
0x03 部分字典效果
