Konan – 高级Web目录扫描爆破工具,支持多线程/代理/字典/子目录等
- 发表于
- 安全工具
Konan - Web目录扫描程序
Konan是一个开源的用于Web目录扫描的工具,针对目录和文件名。类似的还有DirBuster,dirmap等。下面也对其它类似工具的功能对比。
支持平台
同类工具功能对比
| 功能 | Konan | dirsearch | dirb | gobuster |
|---|---|---|---|---|
| 多线程 | yes | yes | yes | yes |
| 支持多扩展 | yes | yes | no | no |
| HTTP代理支持 | yes | yes | yes | yes |
| 报告 | yes (text and json) | yes (text and json) | yes (text) | no |
| 随机代理 | yes | yes | no | no |
正则 regexp忽略单词 | yes | no | no | no |
| 字典拆分扩展名 | yes | no | no | no |
| 多种方法 | yes | no | no | no |
| 响应大小过程 | yes | no | no | no |
| 暴力破解子目录 | yes | no | no | no |
| 暴力破解递归子目录 | yes | no | no | no |
| URL注入点 | yes | no | no | no |
Konan安装
git clone https://github.com/m4ll0k/Konan.git konan
cd konan && pip install -r requirements.txt运行
python konan.pyKonan使用
基本:
python konan.py -u/--url http://example.com/
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.39%- 01:32:50 -200- GET -4958- http://testphp.vulnweb.com/index.php
0.43%- 01:32:52 -200- GET -4732- http://testphp.vulnweb.com/search.php
0.54%- 01:32:57 -200- GET -5523- http://testphp.vulnweb.com/login.php
0.81%- 01:33:12 -200- GET -4830- http://testphp.vulnweb.com/logout.php
8.77%- 01:40:02 -302- GET -14- http://testphp.vulnweb.com/userinfo.php-> login.php注入点:
python konan.py -u/--url http://example.com/%%/index.php
URL: http://testphp.vulnweb.com/%%/index.php
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.39%- 01:32:50 -200- GET -4958- http://testphp.vulnweb.com/test/index.php
0.43%- 01:32:52 -200- GET -4732- http://testphp.vulnweb.com/search/index.php python konan.py -u/--url http://example.com/test%% -w /root/numbers.txt
URL: http://testphp.vulnweb.com/test%%
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.39%- 01:32:50 -200- GET -4958- http://testphp.vulnweb.com/test12
0.43%- 01:32:52 -200- GET -4732- http://testphp.vulnweb.com/test34 字典扫描, 默认 /db/dict.txt:
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt
Provide extensions with -e/--extension option and force extension for every wordlist entry with -f/--force option:
python konan.py -u/--url http://example.com/ -e/--extension php,html -f/--force
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.39%- 02:00:21 -200- GET -4958- http://testphp.vulnweb.com/index.html
0.43%- 02:00:23 -200- GET -4732- http://testphp.vulnweb.com/search.php
0.54%- 02:00:30 -200- GET -5523- http://testphp.vulnweb.com/login.php
0.81%- 02:00:46 -200- GET -4830- http://testphp.vulnweb.com/logout.html
0.87%- 02:00:50 -200- GET -6115- http://testphp.vulnweb.com/categories.html状态码排除:
python konan.py -u/--url http://example.com/ -x/--exclude 400,403,401
仅提供输出的状态代码:
python konan.py -u/--url http://example.com/ -o/--only 200,301,302
字典小写 (isATest -> isatest) 和大写 (isAtest -> ISATEST):
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt [-l/--lowercase OR -p/--uppercase]
字典拆分 (test.php -> to -> test):
python konan.py -u/--url http://example.com/ -w/--wordlist /root/dict.txt -s/--split
Wordlist Ignore word,letters,number,..etc provided by regexp (\w*.php|\w*.html,^[0-9_-]+):_
python konan.py -u/--url http://example.com/ -w/--wordlist -I/--ignore "\?+"
Output without -I/--ignore options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.39%- 02:06:31 -200- GET -4958- http://testphp.vulnweb.com/???.php
0.43%- 02:06:32 -200- GET -4732- http://testphp.vulnweb.com/???????????
0.54%- 02:06:35 -200- GET -5523- http://testphp.vulnweb.com/admin/ Output with -I/--ignore (in this case \?+) options:
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.54%- 02:06:35 -200- GET -5523- http://testphp.vulnweb.com/admin/
递归:
python konan.py -u/--url http://example.com/ -E/--recursive
Recursive directory found and directory provided by -D/--dir-rec:
python konan.py -u/--url http://example.com/ -E/--recursive -D/--dir-rec "admin,tests,dev,internal"
暴力破解目录 -S/--sub-dir:
python konan.py -u/--url http://example.com/ -S/--sub-dir "admin,test,internal,dev"
多种方法 (检查 GET,POST,PUT 和 DELETE 输入词):
Note: Much web application if not make the request with right method return 404 code, this option test all methods
python konan.py -u/--url http://example.com/ -m/--methods"
Content size process (show response if the response size is ">[number]","<[number]","=[number]"):
python konan.py -u/--url http://example.com/ -C/--length "<1000"
URL: http://testphp.vulnweb.com/
PERCENT - TIME - CODE- METHOD- LENGTH - URL
-------------------------------------------------------
0.19%- 02:11:46 -301- GET -184 - http://testphp.vulnweb.com/admin-> http://testphp.vulnweb.com/admin/
1.73%- 02:12:37 -301- GET -184 - http://testphp.vulnweb.com/images-> http://testphp.vulnweb.com/images/
原文连接:Konan – 高级Web目录扫描爆破工具,支持多线程/代理/字典/子目录等
所有媒体,可在保留署名、
原文连接的情况下转载,若非则不得使用我方内容。
