I have been writing code recently, which involves web crawling links. I learned about this article on Baidu: superSpider, and suddenly I was curious about common crawler tools and crawlers in scanners. What is the capability of the module, so let’s test it.
Mainly test a blind crawler written by myself, as well as crawlergo, rad, burpsuite pro v202012, awvs 2019
Only crawl a tag href under and src under the script tag;
from urllib.parse import urlparse,urljoin from bs4 import BeautifulSoup import requests import validators from queue import Queue import threading requests.packages.urllib3.disable_warnings() class jsfinder(): def __init__(self,url,cookie=""): self.baseUrl = self.return_entire_url(url) self.headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36", "cookie": cookie} self.q = Queue() self.crawed_list = set() self.urlList = [] self.q.put(url) self.spider_status = 1 def return_entire_url(self,url): if url is not None: if url.startswith('http') or urlparse(url).scheme: return url.strip() else: if self.baseUrl == "": self.baseUrl = "http://" + url print(self.baseUrl) return urljoin(self.baseUrl,url.strip()) else: pass def spider(self): while(not self.q.empty() or self.spider_status): url = self.q.get() if url in self.crawed_list : continue print("requesting:",url) try: resp = requests.get(url=url, headers=self.headers, timeout=5, verify=False) self.htmlParse(resp) self.crawed_list.add(url) except: print("requests error:",url) if self.spider_status == 1: time.sleep(5) self.spider_status = 0 print(self.q.qsize()) def htmlParse(self,response): tempList = [] blacklist = ['#',None,'javascript:'] soup = BeautifulSoup(response.text.encode('utf-8'), 'html.parser') for href in soup.find_all('a'): #print(self.urlParse(href.get('href'))) tempList.append(href.get('href')) for href in soup.find_all('script'): #print(self.urlParse(href.get('src'))) tempList.append(href.get('src')) tempList = list(set(tempList)-set(blacklist)) for i in tempList: url = self.return_entire_url(i) if validators.url(url): print("get:",url) #print(i,self.return_entire_url(i)) if url not in self.crawed_list : self.urlList.append(url) if urlparse(url).netloc in self.baseUrl: self.q.put(url) if __name__ == "__main__": A = jsfinder("http://testphp.vulnweb.com") t = threading.Thread(target=A.spider) t.start() t.join() for i in list(set(A.urlList)): print(i)
Result:
46 links, mixed with many links from other domain names, and many links with parameters
http://testphp.vulnweb.com/product.php?pic=3 http://testphp.vulnweb.com/cart.php https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/ http://testphp.vulnweb.com/hpp/ http://testphp.vulnweb.com/product.php?pic=7 http://testphp.vulnweb.com/guestbook.php http://testphp.vulnweb.com/listproducts.php?cat=2 http://testphp.vulnweb.com/Details/network-attached-storage-dlink/1/ http://testphp.vulnweb.com/categories.php http://testphp.vulnweb.com/artists.php http://www.eclectasy.com/Fractal-Explorer/index.html http://testphp.vulnweb.com/artists.php?artist=1 http://testphp.vulnweb.com/showimage.php?file=./pictures/5.jpg http://testphp.vulnweb.com/showimage.php?file=./pictures/4.jpg http://testphp.vulnweb.com/listproducts.php?artist=1 http://testphp.vulnweb.com/product.php?pic=1 http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/product.php?pic=5 http://testphp.vulnweb.com/listproducts.php?artist=3 http://www.acunetix.com http://testphp.vulnweb.com/showimage.php?file=./pictures/2.jpg http://testphp.vulnweb.com/Details/color-printer/3/ http://testphp.vulnweb.com/listproducts.php?artist=2 http://testphp.vulnweb.com/disclaimer.php http://testphp.vulnweb.com/login.php http://testphp.vulnweb.com/listproducts.php?cat=1 http://testphp.vulnweb.com/artists.php?artist=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg http://testphp.vulnweb.com/Details/web-camera-a4tech/2/ https://www.acunetix.com/vulnerability-scanner/php-security-scanner/ http://testphp.vulnweb.com/listproducts.php?cat=4 http://testphp.vulnweb.com/privacy.php http://testphp.vulnweb.com/AJAX/index.php http://testphp.vulnweb.com/listproducts.php?cat=3 https://www.acunetix.com/vulnerability-scanner/ http://testphp.vulnweb.com/signup.php http://testphp.vulnweb.com/product.php?pic=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/3.jpg https://www.acunetix.com/ http://testphp.vulnweb.com/index.php http://testphp.vulnweb.com?pp=12 http://testphp.vulnweb.com/Mod_Rewrite_Shop/ http://testphp.vulnweb.com/artists.php?artist=3 http://blog.mindedsecurity.com/2009/05/client-side-http-parameter-pollution.html http://testphp.vulnweb.com/product.php?pic=4
and add a few lines to the official sample code
#!/usr/bin/python3 # coding: utf-8 import simplejson import subprocess def main(): target = "http://testphp.vulnweb.com/" cmd = ["/home/loser/MySimpleScanner-master-v2/tools/crawlergo", "-c", "/usr/bin/google-chrome", "-o", "json", target] rsp = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, error = rsp.communicate() # "--[Mission Complete]--" 是任务结束的分隔字符串 result = simplejson.loads(output.decode().split("--[Mission Complete]--")[1]) req_list = result["req_list"] for req in req_list: print(req) #print(req_list[0]) if __name__ == '__main__': main()
Result:
48 items
{'url': 'http://testphp.vulnweb.com/', 'method': 'GET', 'headers': {'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'Target'} {'url': 'https://testphp.vulnweb.com/', 'method': 'GET', 'headers': {'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'Target'} {'url': 'http://testphp.vulnweb.com/artists.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/index.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/categories.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/disclaimer.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/guestbook.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/AJAX/index.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/cart.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/login.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/userinfo.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/privacy.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/hpp/', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/Mod_Rewrite_Shop/', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/search.php?test=query', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'searchFor=Crawlergo', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/search.php?test=query', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'searchFor=Crawlergo&goButton=go', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/signup.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/login.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/userinfo.php', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/login.php', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'uname=crawlergo%40gmail.com&pass=Crawlergo6.', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/listproducts.php?cat=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/categories.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/artists.php?artist=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/artists.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/comment.php?aid=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/artists.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'OpenWindow'} {'url': 'http://testphp.vulnweb.com/AJAX/artists.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/categories.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/titles.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/showxml.php', 'method': 'POST', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36', 'content-type': 'text/xml'}, 'data': 'nodetext1 nodetext2
After cleaning:
http://testphp.vulnweb.com/ https://testphp.vulnweb.com/ http://testphp.vulnweb.com/artists.php http://testphp.vulnweb.com/index.php http://testphp.vulnweb.com/categories.php http://testphp.vulnweb.com/disclaimer.php http://testphp.vulnweb.com/guestbook.php http://testphp.vulnweb.com/AJAX/index.php http://testphp.vulnweb.com/cart.php http://testphp.vulnweb.com/login.php http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/privacy.php http://testphp.vulnweb.com/hpp/ http://testphp.vulnweb.com/Mod_Rewrite_Shop/ http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/signup.php http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/listproducts.php?cat=1 http://testphp.vulnweb.com/artists.php?artist=1 http://testphp.vulnweb.com/comment.php?aid=1 http://testphp.vulnweb.com/AJAX/artists.php http://testphp.vulnweb.com/AJAX/categories.php http://testphp.vulnweb.com/AJAX/titles.php http://testphp.vulnweb.com/AJAX/showxml.php http://testphp.vulnweb.com/hpp/?pp=12 http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/listproducts.php?artist=1 http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg&size=160 http://testphp.vulnweb.com/product.php?pic=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg http://testphp.vulnweb.com/comment.php?pid=1 http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12 http://testphp.vulnweb.com/hpp/params.php? http://testphp.vulnweb.com/hpp/params.php?aaaa%2F=Submit http://testphp.vulnweb.com/AJAX/showxml.php http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/cart.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php
./rad_linux_amd64 --target http://testphp.vulnweb.com --text-output rad.log
Result: 42 entries, due to the existence of get and post The difference is that after cleaning, there are 39 duplicate items.
GET http://testphp.vulnweb.com/ GET http://testphp.vulnweb.com/index.php GET http://testphp.vulnweb.com/artists.php GET http://testphp.vulnweb.com/cart.php GET http://testphp.vulnweb.com/guestbook.php GET http://testphp.vulnweb.com/AJAX/index.php GET http://testphp.vulnweb.com/images/ GET http://testphp.vulnweb.com/login.php POST http://testphp.vulnweb.com/search.php?test=query GET http://testphp.vulnweb.com/categories.php GET http://testphp.vulnweb.com/disclaimer.php GET http://testphp.vulnweb.com/userinfo.php POST http://testphp.vulnweb.com/guestbook.php POST http://testphp.vulnweb.com/userinfo.php GET http://testphp.vulnweb.com/Flash/ GET http://testphp.vulnweb.com/AJAX/artists.php GET http://testphp.vulnweb.com/privacy.php GET http://testphp.vulnweb.com/AJAX/infoartist.php?id=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/ GET http://testphp.vulnweb.com/hpp/ GET http://testphp.vulnweb.com/artists.php?artist=1 GET http://testphp.vulnweb.com/comment.php?aid=1 GET http://testphp.vulnweb.com/signup.php GET http://testphp.vulnweb.com/listproducts.php?cat=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ GET http://testphp.vulnweb.com/hpp/?pp=12 POST http://testphp.vulnweb.com/comment.php POST http://testphp.vulnweb.com/secured/newuser.php GET http://testphp.vulnweb.com/product.php?pic=1 GET http://testphp.vulnweb.com/listproducts.php?artist=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/ GET http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg GET http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg&size=160 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/ POST http://testphp.vulnweb.com/cart.php GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html GET http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/
Crawling is more time-consuming. When taking screenshots, there were 49 items, but as time goes by, the number is still rising. Later, When I looked back, the number was already over 100
http://testphp.vulnweb.com GET / burp.f5s@306052ce 200 5175 HTML Home of Acunetix Art 1611359458449 http://testphp.vulnweb.com GET /AJAX/ burp.f5s@cd68998 200 4453 HTML ajax test 1611359674072 http://testphp.vulnweb.com GET /AJAX/index.php burp.f5s@126828be 200 4453 HTML ajax test 1611359674872 http://testphp.vulnweb.com GET /Flash/ burp.f5s@510aed85 200 514 HTML Index of /Flash/ 1611359682400 http://testphp.vulnweb.com GET /Flash/add.fla burp.f5s@63ce2348 200 154877 HTML 1611359714830 http://testphp.vulnweb.com GET /Flash/add.swf burp.f5s@5becece0 200 17674 flash 1611359684049 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/ burp.f5s@81212fb 200 1191 HTML 1611359686649 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-1/ burp.f5s@ef2a0b9 200 316 HTML 1611359784523 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/ burp.f5s@1cb4164c 200 291 HTML 1611359788669 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/2.php burp.f5s@200362d6 200 386 script 1611360605080 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/3.php burp.f5s@389e39e7 200 386 script 1611360605176 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/BuyProduct-3/ burp.f5s@23f2b125 200 291 HTML 1611360609454 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/cart/ burp.f5s@1fc8c561 200 291 HTML 1611360609615 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/ burp.f5s@2466019c 200 291 HTML 1611360609749 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/Mod_Rewrite_Shop burp.f5s@6d7e45f6 200 386 script 1611360666497 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/index burp.f5s@5bb3bae5 200 386 script 1611360665770 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/logo burp.f5s@2099f3f 200 386 script 1611360665634 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/cgi-bin/ burp.f5s@16f71403 200 291 HTML 1611360609615 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/ burp.f5s@9b9a2de 200 308 HTML 1611359793221 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/RateProduct-1.asp burp.f5s@4f1b459e 200 386 script 1611360727449 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/params.php burp.f5s@1a5db25 200 386 script 1611360725439 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/privacy.aspx burp.f5s@2fdc801e 200 386 script 1611360725841 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/product.asp burp.f5s@6b377869 200 386 script 1611360727028 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/ burp.f5s@7e95f724 200 529 HTML 1611359733180 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/1/ burp.f5s@51c66720 200 535 HTML 1611360417812 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/2/ burp.f5s@1ad1d176 200 495 HTML 1611360417956 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ burp.f5s@4af51675 200 535 HTML 1611359721331 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/Details.php burp.f5s@1b88f4d8 200 386 script 1611360185772 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/Flash.html burp.f5s@79957fee 200 386 script 1611360185898 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/disclaimer.html burp.f5s@6d5b4bcb 200 386 script 1611360185841 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/favicon.html burp.f5s@f7faeab 200 386 script 1611360185721 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ burp.f5s@538da5a8 200 495 HTML 1611359725032 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/Mod_Rewrite_Shop/ burp.f5s@135ca38 200 386 script 1611360306031 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/ burp.f5s@3607ccc6 200 386 script 1611360304942 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-1.htm burp.f5s@447f265b 200 386 script 1611360785562 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-2.htm burp.f5s@7ae17b99 200 386 script 1611360786103 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-3.htm burp.f5s@55aa0af7 200 386 script 1611360784930 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/artists.php burp.f5s@5d438d78 200 386 script 1611360785810 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/network-attached-storage-dlink/ burp.f5s@60333575 200 386 script 1611360306304 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/RateProduct-1.html burp.f5s@11ffb759 200 316 HTML 1611359785570 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/RateProduct-3.html burp.f5s@1487ea23 200 308 HTML 1611359795219 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/images/ burp.f5s@55ee8d86 200 656 HTML Index of /Mod_Rewrite_Shop/images/ 1611359714160 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/index.php burp.f5s@2c8f82d3 200 1191 HTML 1611360008044 http://testphp.vulnweb.com GET /admin/ burp.f5s@40a6ad64 200 405 HTML Index of /admin/ 1611359695435 http://testphp.vulnweb.com GET /admin/create.sql burp.f5s@6b5b91a1 200 771 script 1611359768567 http://testphp.vulnweb.com GET /categories.php burp.f5s@4af8b3f1 200 6332 HTML picture categories 1611359533220 http://testphp.vulnweb.com GET /hpp/ burp.f5s@1ab12967 200 419 HTML HTTP Parameter Pollution Example 1611359684548 http://testphp.vulnweb.com GET /hpp/params.php burp.f5s@6f896ad8 200 214 1611359777049 http://testphp.vulnweb.com GET /images/ burp.f5s@58683811 200 520 HTML Index of /images/ 1611359667907 http://testphp.vulnweb.com GET /secured/ burp.f5s@57007fd6 200 214 1611359774940 http://testphp.vulnweb.com GET /secured/newuser.php burp.f5s@44698e40 200 631 HTML add new user 1611359776066 http://testphp.vulnweb.com GET /AJAX burp.f5s@6012f3bf 301 371 HTML 301 Moved Permanently 1611359538410 http://testphp.vulnweb.com GET /Flash burp.f5s@7923f71c 301 372 HTML 301 Moved Permanently 1611359540411 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop burp.f5s@2d09c921 301 383 HTML 301 Moved Permanently 1611359667359 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/images burp.f5s@251a494e 301 390 HTML 301 Moved Permanently 1611359707781 http://testphp.vulnweb.com GET /admin burp.f5s@52e2d959 301 372 HTML 301 Moved Permanently 1611359667311 http://testphp.vulnweb.com GET /hpp burp.f5s@341f4f0e 301 370 HTML 301 Moved Permanently 1611359538318 http://testphp.vulnweb.com GET /images burp.f5s@57bcd86d 301 373 HTML 301 Moved Permanently 1611359667272 http://testphp.vulnweb.com GET /artists.php burp.f5s@209bbbed 0 0 0 http://testphp.vulnweb.com GET /cart.php burp.f5s@647786b6 0 0 0 http://testphp.vulnweb.com GET /disclaimer.php burp.f5s@2a5ec209 0 0 0 http://testphp.vulnweb.com GET /guestbook.php burp.f5s@1b90189f 0 0 0 http://testphp.vulnweb.com GET /index.php burp.f5s@66298cd3 0 0 0 http://testphp.vulnweb.com GET /login.php burp.f5s@3e33e496 0 0 0 http://testphp.vulnweb.com GET /privacy.php burp.f5s@622137d3 0 0 0 http://testphp.vulnweb.com GET /userinfo.php burp.f5s@79ee9fe8 0 0 0
The scan is relatively fast compared to burp. I don’t know if it’s because of my own website. The scan results The number is 405, but many of them are under the Mod_Rewrite module. Crawlergo and rad seem to be on the same level as my handwritten crawler. . Only in terms of data volume. .
First, let’s compare the benchmark data with rad data
Get the intersection first,
There are 17 intersection data, subtract the intersection data from each, sort and compare
If you look carefully, you will find that the basic path of the benchmark data in the middle column can basically be viewed in the intersection column on the left, while the yellow part of the rad column on the right is basically not in the benchmark data on the left. I checked the previous burpsuite and awvs reports. The extra parts are basically in the
http://testphp.vulnweb.com/Mod_Rewrite_Shop/
directory. They are present in the benchmark crawler and rad. this directory.
Look at the comparison between the benchmark and crawlergoThere are 18 intersections
There are still some on the right and basically none on the left, but those on the left and right No details were found on the right side of the directory.
Look at the comparison between crawlergo and rad
Seven simple summary
Several tools have scanned the directories and paths that have not been cleared in the handwritten code, and their capabilities are quite strong.
Of course, how much is the number? The problem is that because burosuite and awvs have a series of security scans and other uses, it is more convenient to rely on crawlergo and rad just to get the URL.
The difference between crawlergo and rad is that the data returned by crawlergo includes all headers, including its automatically filled form data, while rad only returns the request method URL, such as Get http://xxx
Finally I made a table, which only represents my own views and may not be accurate
The above is the detailed content of How to compare crawlergo, rad, burpsuite and awvs crawlers. For more information, please follow other related articles on the PHP Chinese website!
How to type the inscription on the coin circle?
Windows 10 service outage time
How to integrate idea with Tomcat
Laptop sound card driver
How to recover browser history on computer
What are the four main IO models in Java?
What does unsigned integer mean?
How to solve the problem when the computer CPU temperature is too high
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
