dirb:http://dirb.sourceforge.net/gobuster:https://github.com/OJ/gobuster

代理支持Cookie支持基本身份验证摘要授权重试（对于慢速服务器）持久性和非持久性HTTP连接请求方法：GET、POST、PUT、DELETE、PATCH、HEAD、OPTIONS自定义HTTP头修改POST，PUT和PATCHPayload使用不同的请求方法进行变异使用不同的HTTP头进行变异使用不同的文件扩展名进行变异使用斜杠进行变异枚举GET参数值

pip install urlbuster

usage: urlbuster [options] -w <str>/-W <file> BASE_URL       urlbuster -V, --help       urlbuster -h, --version
URL bruteforcer to locate existing and/or hidden files or directories.
Similar to dirb or gobuster, but also allows to iterate over multiple HTTP request methods,multiple useragents and multiple host header values.
positional arguments:  BASE_URL              The base URL to scan.
required arguments:  -w str, --word str    Word to use.  -W f, --wordlist f    Path to wordlist to use.
optional global arguments:  -n, --new             Use a new connection for every request.                        If not specified persistent http connection will be used for all requests.                        Note, using a new connection will decrease performance,                        but ensure to have a clean state on every request.                        A persistent connection on the other hand will use any additional cookie values                        it has received from a previous request.  -f, --follow          Follow redirects.  -k, --insecure        Do not verify TLS certificates.  -v, --verbose         Show also missed URLs.  --code str [str ...]  HTTP status code to treat as success.                        You can use a '.' (dot) as a wildcard.                        Default: 2.. 3.. 403 407 411 426 429 500 505 511  --payload p [p ...]   POST, PUT and PATCH payloads for all requests.                        Note, multiple values are allowed for multiple payloads.                        Note, if duplicates are specified, the last one will overwrite.                        See --mpayload for mutations.                        Format: <key>=<val> [<key>=<val>]  --header h [h ...]    Custom http header string to add to all requests.                        Note, multiple values are allowed for multiple headers.                        Note, if duplicates are specified, the last one will overwrite.                        See --mheaders for mutations.                        Format: <key>:<val> [<key>:<val>]  --cookie c [c ...]    Cookie string to add to all requests.                        Format: <key>=<val> [<key>=<val>]  --proxy str           Use a proxy for all requests.                        Format: http://<host>:<port>                        Format: http://<user>:<pass>@<host>:<port>                        Format: https://<host>:<port>                        Format: https://<user>:<pass>@<host>:<port>                        Format: socks5://<host>:<port>                        Format: socks5://<user>:<pass>@<host>:<port>  --auth-basic str      Use basic authentication for all requests.                        Format: <user>:<pass>  --auth-digest str     Use digest authentication for all requests.                        Format: <user>:<pass>  --timeout sec         Connection timeout in seconds for each request.                        Default: 5.0  --retry num           Connection retries per request.                        Default: 3  --delay sec           Delay between requests to not flood the server.  --output file         Output file to write results to.
optional mutating arguments:  The following arguments will increase the total number of requests to be made by  applying various mutations and testing each mutation on a separate request.
  --method m [m ...]    List of HTTP methods to test each request against.                        Note, each supplied method will double the number of requests.                        Supported methods: GET POST PUT DELETE PATCH HEAD OPTIONS                        Default: GET  --mpayload p [p ...]  POST, PUT and PATCH payloads to mutate all requests..                        Note, multiple values are allowed for multiple payloads.                        Format: <key>=<val> [<key>=<val>]  --mheader h [h ...]   Custom http header string to add to mutate all requests.                        Note, multiple values are allowed for multiple headers.                        Format: <key>:<val> [<key>:<val>]  --ext ext [ext ...]   List of file extensions to to add to words for testing.                        Note, each supplied extension will double the number of requests.                        Format: .zip [.pem]  --slash str           Append or omit a trailing slash to URLs to test.                        Note, a slash will be added after the extensions if they are specified as well.                        Note, using 'both' will double the number of requests.                        Options: both, yes, no                        Default: no
misc arguments:  -h, --help            Show this help message and exit  -V, --version         Show version information
examples
  urlbuster -W /path/to/words http://example.com/  urlbuster -W /path/to/words http://example.com:8000/  urlbuster -k -W /path/to/words https://example.com:10000/

$ urlbuster \  -W /usr/share/dirb/wordlists/common.txt \  --mheader 'User-Agent:Googlebot/2.1 (+http://www.googlebot.com/bot.html)' \  --method 'POST,GET,DELETE,PUT,PATCH' \  http://www.domain.tld/

 ██╗   ██╗██████╗ ██╗     ██████╗ ██╗   ██╗███████╗████████╗███████╗██████╗   ██║   ██║██╔══██╗██║     ██╔══██╗██║   ██║██╔════╝╚══██╔══╝██╔════╝██╔══██╗   ██║   ██║██████╔╝██║     ██████╔╝██║   ██║███████╗   ██║   █████╗  ██████╔╝   ██║   ██║██╔══██╗██║     ██╔══██╗██║   ██║╚════██║   ██║   ██╔══╝  ██╔══██╗   ╚██████╔╝██║  ██║███████╗██████╔╝╚██████╔╝███████║   ██║   ███████╗██║  ██║    ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝  ╚═════╝ ╚══════╝   ╚═╝   ╚══════╝╚═╝  ╚═╝
                               0.5.0 by cytopia
      SETTINGS            Base URL:          https://www.everythingcli.org/            Valid codes:       2.., 3.., 403, 407, 411, 426, 429, 500, 505, 511            Connection:        Non-persistent            Redirects:         Don't follow            Payloads:          None            Timeout:           5.0s            Retries:           3            Delay:             None
      MUTATIONS            Mutating headers:  2            Mutating payloads: 0 (POST)            Methods:           5 (POST, GET, DELETE, PUT, PATCH)            Slashes:           no            Extensions:        1 (empty extension)            Words:             4614
      TOTAL REQUESTS: 46140      START TIME:     2020-01-29 08:52:12

--------------------------------------------------------------------------------Connection:      keep-aliveAccept-Encoding: gzip, deflateAccept:          */*User-Agent:      python-requests/2.22.0
[301] [GET]      http://domain.tld/robots.txt
--------------------------------------------------------------------------------Connection:      keep-aliveAccept-Encoding: gzip, deflateAccept:          */*User-Agent:      Googlebot/2.1 (+http://www.googlebot.com/bot.html)
[200] [GET]      http://domain.tld/robots.txt[301] [POST]     http://domain.tld/robots.txt[301] [GET]      http://domain.tld/robots.txt[301] [DELETE]   http://domain.tld/robots.txt[301] [PUT]      http://domain.tld/robots.txt[301] [PATCH]    http://domain.tld/robots.tx

基本：$ urlbuster \   -W /path/to/wordlist.txt \   http://www.domain.tld/Burpsuite代理：$ urlbuster \   -W /path/to/wordlist.txt \   --proxy 'http://localhost:8080' \   http://www.domain.tld/将结果存储至文件：$ urlbuster \   -W /path/to/wordlist.txt \   --output out.txt \   http://www.domain.tld/基础认证扫描：$ urlbuster \   -W /path/to/wordlist.txt \   --auth-basic 'user:pass' \   http://www.domain.tld/使用会话Cookie：$ urlbuster \   -W /path/to/wordlist.txt \   --cookie 'PHPSESSID=a79b00e7-035a-2bb4-352a-439d855feabf' \   http://www.domain.tld/

查找站点根目录中的文件：$ urlbuster \   -W /path/to/wordlist.txt \   --code 200 301 302 \   --ext .zip .tar .tar.gz .gz .rar \   http://www.domain.tld/查找站点子目录中的文件：$ urlbuster \   -W /path/to/wordlist.txt \   --code 200 301 302 \   --ext .zip .tar .tar.gz .gz .rar \   http://www.domain.tld/wp-content/

爆破查询参数：$ urlbuster \   -W /path/to/wordlist.txt \   --method GET \   --code 200 301 302 \   http://www.domain.tld/search?q=爆破POST请求：$ urlbuster \   -W /path/to/wordlist.txt \   --code 200 301 302 \   --method POST \   --payload \     'user=somename' \     'pass=somepass' \     '[email protected]' \     'submit=yes' \   http://www.domain.tld/爆破变异POST请求：$ urlbuster \   -w index.php \   --code 200 301 302 \   --method POST \   --mpayload \     'user=somename1' \     'user=somename2' \     'user=somename3' \     'pass=somepass1' \     'pass=somepass2' \     'pass=somepass3' \     '[email protected]' \     '[email protected]' \     '[email protected]' \     'submit=yes' \   http://www.domain.tld/wp-admin/用户代理SQL注入：$ urlbuster \   -W /path/to/wordlist.txt \   --code 5.. \   --method GET POST \   --mheader \     "User-Agent: ;" \     "User-Agent: ' or \"" \     "User-Agent: -- or #" \     "User-Agent: ' OR '1" \     "User-Agent: ' OR 1 -- -" \     "User-Agent: \" OR 1 = 1 -- -" \     "User-Agent: '='" \     "User-Agent: 'LIKE'" \     "User-Agent: '=0--+" \     "User-Agent:  OR 1=1" \     "User-Agent: ' OR 'x'='x" \     "User-Agent: ' AND id IS NULL; --" \   http://www.domain.tld/查找潜在的vhost：$ urlbuster \   -w / \   --method GET POST \   --mheader \     "Host: internal1.lan" \     "Host: internal2.lan" \     "Host: internal3.lan" \     "Host: internal4.lan" \     "Host: internal5.lan" \     "Host: internal6.lan" \   http://10.0.0.1

Urlbuster：https://github.com/cytopia/urlbuster

 热文推荐  

• 蓝队应急响应姿势之Linux
  
• 通过DNSLOG回显验证漏洞
  
• 记一次服务器被种挖矿溯源
  
• 内网渗透初探 | 小白简单学习内网渗透
  
• 实战|通过恶意 pdf 执行 xss 漏洞
  
• 免杀技术有一套（免杀方法大集结）(Anti-AntiVirus)
  
• 内网渗透之内网信息查看常用命令
  
• 关于漏洞的基础知识
  
• 任意账号密码重置的6种方法
  
• 干货 | 横向移动与域控权限维持方法总汇
  
• 手把手教你Linux提权