[研究]dirb 2.22 - Web 內容掃描器(Web Content Scanner)
2025-05-06
https://www.kali.org/tools/dirb/
DIRB 是 Web 內容掃描器(Web Content Scanner)。它尋找現有的(和/或隱藏的)Web 物件。它的基本工作原理是針對 Web 伺服器發起基於字典的攻擊並分析回應。
DIRB 隨附一組預先配置的攻擊詞彙表,方便使用,但您也可以使用自訂詞彙表。 DIRB 有時也可以用作經典的 CGI 掃描器,但請記住它是內容掃描器而不是漏洞掃描器。
DIRB 的主要目的是協助專業的 Web 應用程式稽核。特別是在安全相關的測試中。它涵蓋了經典 Web 漏洞掃描器未涵蓋的一些漏洞。 DIRB 尋找其他通用 CGI 掃描器無法尋找的特定 Web 物件。它不會搜尋漏洞,也不會尋找可能存在漏洞的網路內容。
**********
敝人使用Kali Linux 提供的,請參考
[研究] kali-linux-2025.1c-vmware-amd64.7z 下載、安裝
https://shaurong.blogspot.com/2025/05/kali-linux-20251c-vmware-amd647z.html
┌──(kali㉿kali)-[~]
└─$ dirb
-----------------
DIRB v2.22
By The Dark Raver
-----------------
dirb <url_base> [<wordlist_file(s)>] [options]
========================= NOTES =========================
<url_base> : Base URL to scan. (Use -resume for session resuming)
<wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)
======================== HOTKEYS ========================
'n' -> Go to next directory.
'q' -> Stop scan. (Saving state for resume)
'r' -> Remaining scan stats.
======================== OPTIONS ========================
-a <agent_string> : Specify your custom USER_AGENT.
-b : Use path as is.
-c <cookie_string> : Set a cookie for the HTTP request.
-E <certificate> : path to the client certificate.
-f : Fine tunning of NOT_FOUND (404) detection.
-H <header_string> : Add a custom header to the HTTP request.
-i : Use case-insensitive search.
-l : Print "Location" header when found.
-N <nf_code>: Ignore responses with this HTTP code.
-o <output_file> : Save output to disk.
-p <proxy[:port]> : Use this proxy. (Default port is 1080)
-P <proxy_username:proxy_password> : Proxy Authentication.
-r : Don't search recursively.
-R : Interactive recursion. (Asks for each directory)
-S : Silent Mode. Don't show tested words. (For dumb terminals)
-t : Don't force an ending '/' on URLs.
-u <username:password> : HTTP Authentication.
-v : Show also NOT_FOUND pages.
-w : Don't stop on WARNING messages.
-X <extensions> / -x <exts_file> : Append each word with this extensions.
-z <millisecs> : Add a milliseconds delay to not cause excessive Flood.
======================== EXAMPLES =======================
dirb http://url/directory/ (Simple Test)
dirb http://url/ -X .html (Test files with '.html' extension)
dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist)
dirb https://secure_url/ (Simple Test with SSL)
┌──(kali㉿kali)-[~]
└─$
|
另外參考這篇,架設的靶機
[研究] Damn Vulnerable Web App (DVWA) 1.10 滲透測試練習(靶機)平台安裝 (Windows 2025)
https://shaurong.blogspot.com/2025/05/damn-vulnerable-web-app-dvwa-110.html
┌──(kali㉿kali)-[~]
└─$ dirb https://192.168.128.144/dvwa
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Thu May 8 02:43:35 2025
URL_BASE: https://192.168.128.144/dvwa/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: https://192.168.128.144/dvwa/ ----
==> DIRECTORY: https://192.168.128.144/dvwa/config/
==> DIRECTORY: https://192.168.128.144/dvwa/docs/
==> DIRECTORY: https://192.168.128.144/dvwa/external/
+ https://192.168.128.144/dvwa/favicon.ico (CODE:200|SIZE:1406)
+ https://192.168.128.144/dvwa/index.php (CODE:302|SIZE:0)
+ https://192.168.128.144/dvwa/nul (CODE:403|SIZE:305)
+ https://192.168.128.144/dvwa/php.ini (CODE:200|SIZE:148)
+ https://192.168.128.144/dvwa/phpinfo.php (CODE:302|SIZE:0)
+ https://192.168.128.144/dvwa/robots.txt (CODE:200|SIZE:26)
---- Entering directory: https://192.168.128.144/dvwa/config/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: https://192.168.128.144/dvwa/docs/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
---- Entering directory: https://192.168.128.144/dvwa/external/ ----
(!) WARNING: Directory IS LISTABLE. No need to scan it.
(Use mode '-w' if you want to scan it anyway)
-----------------
END_TIME: Thu May 8 02:43:38 2025
DOWNLOADED: 4612 - FOUND: 6
┌──(kali㉿kali)-[~]
└─$
|
(完)
相關
沒有留言:
張貼留言