私は最近、Web クローリング リンクに関連するコードを書いています。Baidu でこの記事 superSpider について知り、突然、一般的なクローラー ツールとスキャナーのクローラーについて興味を持ちました。モジュールの機能をテストしてみましょう。
主に自分で作成したブラインド クローラーと、crawlergo、rad、burpsuite pro v202012、awvs 2019 をテストします
以下のタグ href のみをクロールしますおよびスクリプト タグの下の src;
from urllib.parse import urlparse,urljoin from bs4 import BeautifulSoup import requests import validators from queue import Queue import threading requests.packages.urllib3.disable_warnings() class jsfinder(): def __init__(self,url,cookie=""): self.baseUrl = self.return_entire_url(url) self.headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36", "cookie": cookie} self.q = Queue() self.crawed_list = set() self.urlList = [] self.q.put(url) self.spider_status = 1 def return_entire_url(self,url): if url is not None: if url.startswith('http') or urlparse(url).scheme: return url.strip() else: if self.baseUrl == "": self.baseUrl = "http://" + url print(self.baseUrl) return urljoin(self.baseUrl,url.strip()) else: pass def spider(self): while(not self.q.empty() or self.spider_status): url = self.q.get() if url in self.crawed_list : continue print("requesting:",url) try: resp = requests.get(url=url, headers=self.headers, timeout=5, verify=False) self.htmlParse(resp) self.crawed_list.add(url) except: print("requests error:",url) if self.spider_status == 1: time.sleep(5) self.spider_status = 0 print(self.q.qsize()) def htmlParse(self,response): tempList = [] blacklist = ['#',None,'javascript:'] soup = BeautifulSoup(response.text.encode('utf-8'), 'html.parser') for href in soup.find_all('a'): #print(self.urlParse(href.get('href'))) tempList.append(href.get('href')) for href in soup.find_all('script'): #print(self.urlParse(href.get('src'))) tempList.append(href.get('src')) tempList = list(set(tempList)-set(blacklist)) for i in tempList: url = self.return_entire_url(i) if validators.url(url): print("get:",url) #print(i,self.return_entire_url(i)) if url not in self.crawed_list : self.urlList.append(url) if urlparse(url).netloc in self.baseUrl: self.q.put(url) if __name__ == "__main__": A = jsfinder("http://testphp.vulnweb.com") t = threading.Thread(target=A.spider) t.start() t.join() for i in list(set(A.urlList)): print(i)
結果:
46 個のリンク、他のドメイン名からの多くのリンク、およびパラメータ付きの多くのリンクと混合
http://testphp.vulnweb.com/product.php?pic=3 http://testphp.vulnweb.com/cart.php https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/ http://testphp.vulnweb.com/hpp/ http://testphp.vulnweb.com/product.php?pic=7 http://testphp.vulnweb.com/guestbook.php http://testphp.vulnweb.com/listproducts.php?cat=2 http://testphp.vulnweb.com/Details/network-attached-storage-dlink/1/ http://testphp.vulnweb.com/categories.php http://testphp.vulnweb.com/artists.php http://www.eclectasy.com/Fractal-Explorer/index.html http://testphp.vulnweb.com/artists.php?artist=1 http://testphp.vulnweb.com/showimage.php?file=./pictures/5.jpg http://testphp.vulnweb.com/showimage.php?file=./pictures/4.jpg http://testphp.vulnweb.com/listproducts.php?artist=1 http://testphp.vulnweb.com/product.php?pic=1 http://testphp.vulnweb.com/showimage.php?file=./pictures/7.jpg http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/product.php?pic=5 http://testphp.vulnweb.com/listproducts.php?artist=3 http://www.acunetix.com http://testphp.vulnweb.com/showimage.php?file=./pictures/2.jpg http://testphp.vulnweb.com/Details/color-printer/3/ http://testphp.vulnweb.com/listproducts.php?artist=2 http://testphp.vulnweb.com/disclaimer.php http://testphp.vulnweb.com/login.php http://testphp.vulnweb.com/listproducts.php?cat=1 http://testphp.vulnweb.com/artists.php?artist=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg http://testphp.vulnweb.com/Details/web-camera-a4tech/2/ https://www.acunetix.com/vulnerability-scanner/php-security-scanner/ http://testphp.vulnweb.com/listproducts.php?cat=4 http://testphp.vulnweb.com/privacy.php http://testphp.vulnweb.com/AJAX/index.php http://testphp.vulnweb.com/listproducts.php?cat=3 https://www.acunetix.com/vulnerability-scanner/ http://testphp.vulnweb.com/signup.php http://testphp.vulnweb.com/product.php?pic=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/3.jpg https://www.acunetix.com/ http://testphp.vulnweb.com/index.php http://testphp.vulnweb.com?pp=12 http://testphp.vulnweb.com/Mod_Rewrite_Shop/ http://testphp.vulnweb.com/artists.php?artist=3 http://blog.mindedsecurity.com/2009/05/client-side-http-parameter-pollution.html http://testphp.vulnweb.com/product.php?pic=4
そして、公式のサンプルコードに数行を追加します
#!/usr/bin/python3 # coding: utf-8 import simplejson import subprocess def main(): target = "http://testphp.vulnweb.com/" cmd = ["/home/loser/MySimpleScanner-master-v2/tools/crawlergo", "-c", "/usr/bin/google-chrome", "-o", "json", target] rsp = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) output, error = rsp.communicate() # "--[Mission Complete]--" 是任务结束的分隔字符串 result = simplejson.loads(output.decode().split("--[Mission Complete]--")[1]) req_list = result["req_list"] for req in req_list: print(req) #print(req_list[0]) if __name__ == '__main__': main()
結果:
48 アイテム
{'url': 'http://testphp.vulnweb.com/', 'method': 'GET', 'headers': {'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'Target'} {'url': 'https://testphp.vulnweb.com/', 'method': 'GET', 'headers': {'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'Target'} {'url': 'http://testphp.vulnweb.com/artists.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/index.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/categories.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/disclaimer.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/guestbook.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/AJAX/index.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/cart.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/login.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/userinfo.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/privacy.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/hpp/', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/Mod_Rewrite_Shop/', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/search.php?test=query', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'searchFor=Crawlergo', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/search.php?test=query', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'searchFor=Crawlergo&goButton=go', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/signup.php', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/login.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/userinfo.php', 'method': 'POST', 'headers': {'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'Content-Type': 'application/x-www-form-urlencoded', 'Origin': 'http://testphp.vulnweb.com', 'Referer': 'http://testphp.vulnweb.com/login.php', 'Spider-Name': 'crawlergo', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': 'uname=crawlergo%40gmail.com&pass=Crawlergo6.', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/listproducts.php?cat=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/categories.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/artists.php?artist=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/artists.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'DOM'} {'url': 'http://testphp.vulnweb.com/comment.php?aid=1', 'method': 'GET', 'headers': {'Referer': 'http://testphp.vulnweb.com/artists.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'OpenWindow'} {'url': 'http://testphp.vulnweb.com/AJAX/artists.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/categories.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/titles.php', 'method': 'GET', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36'}, 'data': '', 'source': 'XHR'} {'url': 'http://testphp.vulnweb.com/AJAX/showxml.php', 'method': 'POST', 'headers': {'Accept': '*/*', 'Referer': 'http://testphp.vulnweb.com/AJAX/index.php', 'Spider-Name': 'crawlergo', 'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.0 Safari/537.36', 'content-type': 'text/xml'}, 'data': 'nodetext1 nodetext2
クリーニング後:
http://testphp.vulnweb.com/ https://testphp.vulnweb.com/ http://testphp.vulnweb.com/artists.php http://testphp.vulnweb.com/index.php http://testphp.vulnweb.com/categories.php http://testphp.vulnweb.com/disclaimer.php http://testphp.vulnweb.com/guestbook.php http://testphp.vulnweb.com/AJAX/index.php http://testphp.vulnweb.com/cart.php http://testphp.vulnweb.com/login.php http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/privacy.php http://testphp.vulnweb.com/hpp/ http://testphp.vulnweb.com/Mod_Rewrite_Shop/ http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/signup.php http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/listproducts.php?cat=1 http://testphp.vulnweb.com/artists.php?artist=1 http://testphp.vulnweb.com/comment.php?aid=1 http://testphp.vulnweb.com/AJAX/artists.php http://testphp.vulnweb.com/AJAX/categories.php http://testphp.vulnweb.com/AJAX/titles.php http://testphp.vulnweb.com/AJAX/showxml.php http://testphp.vulnweb.com/hpp/?pp=12 http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/search.php?test=query http://testphp.vulnweb.com/listproducts.php?artist=1 http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg&size=160 http://testphp.vulnweb.com/product.php?pic=2 http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg http://testphp.vulnweb.com/comment.php?pid=1 http://testphp.vulnweb.com/userinfo.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12 http://testphp.vulnweb.com/hpp/params.php? http://testphp.vulnweb.com/hpp/params.php?aaaa%2F=Submit http://testphp.vulnweb.com/AJAX/showxml.php http://testphp.vulnweb.com/secured/newuser.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/cart.php http://testphp.vulnweb.com/comment.php http://testphp.vulnweb.com/comment.php
./rad_linux_amd64 --target http://testphp.vulnweb.com --text-output rad.log
結果: get および post の存在により 42 エントリ違いは、クリーニング後、重複アイテムが 39 個あることです。
GET http://testphp.vulnweb.com/ GET http://testphp.vulnweb.com/index.php GET http://testphp.vulnweb.com/artists.php GET http://testphp.vulnweb.com/cart.php GET http://testphp.vulnweb.com/guestbook.php GET http://testphp.vulnweb.com/AJAX/index.php GET http://testphp.vulnweb.com/images/ GET http://testphp.vulnweb.com/login.php POST http://testphp.vulnweb.com/search.php?test=query GET http://testphp.vulnweb.com/categories.php GET http://testphp.vulnweb.com/disclaimer.php GET http://testphp.vulnweb.com/userinfo.php POST http://testphp.vulnweb.com/guestbook.php POST http://testphp.vulnweb.com/userinfo.php GET http://testphp.vulnweb.com/Flash/ GET http://testphp.vulnweb.com/AJAX/artists.php GET http://testphp.vulnweb.com/privacy.php GET http://testphp.vulnweb.com/AJAX/infoartist.php?id=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/ GET http://testphp.vulnweb.com/hpp/ GET http://testphp.vulnweb.com/artists.php?artist=1 GET http://testphp.vulnweb.com/comment.php?aid=1 GET http://testphp.vulnweb.com/signup.php GET http://testphp.vulnweb.com/listproducts.php?cat=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ GET http://testphp.vulnweb.com/hpp/?pp=12 POST http://testphp.vulnweb.com/comment.php POST http://testphp.vulnweb.com/secured/newuser.php GET http://testphp.vulnweb.com/product.php?pic=1 GET http://testphp.vulnweb.com/listproducts.php?artist=1 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1.html GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/ GET http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg GET http://testphp.vulnweb.com/showimage.php?file=./pictures/1.jpg&size=160 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/ POST http://testphp.vulnweb.com/cart.php GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/ GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2.html GET http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/
クロールには時間がかかります。スクリーンショットを撮ったとき、アイテムは 49 個ありましたが、時間が経つと、後で振り返ってみると、その数はすでに 100 を超えていました。
http://testphp.vulnweb.com GET / burp.f5s@306052ce 200 5175 HTML Home of Acunetix Art 1611359458449 http://testphp.vulnweb.com GET /AJAX/ burp.f5s@cd68998 200 4453 HTML ajax test 1611359674072 http://testphp.vulnweb.com GET /AJAX/index.php burp.f5s@126828be 200 4453 HTML ajax test 1611359674872 http://testphp.vulnweb.com GET /Flash/ burp.f5s@510aed85 200 514 HTML Index of /Flash/ 1611359682400 http://testphp.vulnweb.com GET /Flash/add.fla burp.f5s@63ce2348 200 154877 HTML 1611359714830 http://testphp.vulnweb.com GET /Flash/add.swf burp.f5s@5becece0 200 17674 flash 1611359684049 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/ burp.f5s@81212fb 200 1191 HTML 1611359686649 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-1/ burp.f5s@ef2a0b9 200 316 HTML 1611359784523 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/ burp.f5s@1cb4164c 200 291 HTML 1611359788669 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/2.php burp.f5s@200362d6 200 386 script 1611360605080 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/3.php burp.f5s@389e39e7 200 386 script 1611360605176 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/BuyProduct-3/ burp.f5s@23f2b125 200 291 HTML 1611360609454 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/cart/ burp.f5s@1fc8c561 200 291 HTML 1611360609615 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/ burp.f5s@2466019c 200 291 HTML 1611360609749 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/Mod_Rewrite_Shop burp.f5s@6d7e45f6 200 386 script 1611360666497 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/index burp.f5s@5bb3bae5 200 386 script 1611360665770 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/categories/logo burp.f5s@2099f3f 200 386 script 1611360665634 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-2/cgi-bin/ burp.f5s@16f71403 200 291 HTML 1611360609615 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/ burp.f5s@9b9a2de 200 308 HTML 1611359793221 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/RateProduct-1.asp burp.f5s@4f1b459e 200 386 script 1611360727449 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/params.php burp.f5s@1a5db25 200 386 script 1611360725439 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/privacy.aspx burp.f5s@2fdc801e 200 386 script 1611360725841 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/BuyProduct-3/product.asp burp.f5s@6b377869 200 386 script 1611360727028 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/ burp.f5s@7e95f724 200 529 HTML 1611359733180 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/1/ burp.f5s@51c66720 200 535 HTML 1611360417812 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/color-printer/3/2/ burp.f5s@1ad1d176 200 495 HTML 1611360417956 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ burp.f5s@4af51675 200 535 HTML 1611359721331 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/Details.php burp.f5s@1b88f4d8 200 386 script 1611360185772 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/Flash.html burp.f5s@79957fee 200 386 script 1611360185898 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/disclaimer.html burp.f5s@6d5b4bcb 200 386 script 1611360185841 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/favicon.html burp.f5s@f7faeab 200 386 script 1611360185721 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ burp.f5s@538da5a8 200 495 HTML 1611359725032 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/Mod_Rewrite_Shop/ burp.f5s@135ca38 200 386 script 1611360306031 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/ burp.f5s@3607ccc6 200 386 script 1611360304942 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-1.htm burp.f5s@447f265b 200 386 script 1611360785562 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-2.htm burp.f5s@7ae17b99 200 386 script 1611360786103 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/BuyProduct-3.htm burp.f5s@55aa0af7 200 386 script 1611360784930 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/logo/artists.php burp.f5s@5d438d78 200 386 script 1611360785810 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/network-attached-storage-dlink/ burp.f5s@60333575 200 386 script 1611360306304 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/RateProduct-1.html burp.f5s@11ffb759 200 316 HTML 1611359785570 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/RateProduct-3.html burp.f5s@1487ea23 200 308 HTML 1611359795219 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/images/ burp.f5s@55ee8d86 200 656 HTML Index of /Mod_Rewrite_Shop/images/ 1611359714160 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/index.php burp.f5s@2c8f82d3 200 1191 HTML 1611360008044 http://testphp.vulnweb.com GET /admin/ burp.f5s@40a6ad64 200 405 HTML Index of /admin/ 1611359695435 http://testphp.vulnweb.com GET /admin/create.sql burp.f5s@6b5b91a1 200 771 script 1611359768567 http://testphp.vulnweb.com GET /categories.php burp.f5s@4af8b3f1 200 6332 HTML picture categories 1611359533220 http://testphp.vulnweb.com GET /hpp/ burp.f5s@1ab12967 200 419 HTML HTTP Parameter Pollution Example 1611359684548 http://testphp.vulnweb.com GET /hpp/params.php burp.f5s@6f896ad8 200 214 1611359777049 http://testphp.vulnweb.com GET /images/ burp.f5s@58683811 200 520 HTML Index of /images/ 1611359667907 http://testphp.vulnweb.com GET /secured/ burp.f5s@57007fd6 200 214 1611359774940 http://testphp.vulnweb.com GET /secured/newuser.php burp.f5s@44698e40 200 631 HTML add new user 1611359776066 http://testphp.vulnweb.com GET /AJAX burp.f5s@6012f3bf 301 371 HTML 301 Moved Permanently 1611359538410 http://testphp.vulnweb.com GET /Flash burp.f5s@7923f71c 301 372 HTML 301 Moved Permanently 1611359540411 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop burp.f5s@2d09c921 301 383 HTML 301 Moved Permanently 1611359667359 http://testphp.vulnweb.com GET /Mod_Rewrite_Shop/images burp.f5s@251a494e 301 390 HTML 301 Moved Permanently 1611359707781 http://testphp.vulnweb.com GET /admin burp.f5s@52e2d959 301 372 HTML 301 Moved Permanently 1611359667311 http://testphp.vulnweb.com GET /hpp burp.f5s@341f4f0e 301 370 HTML 301 Moved Permanently 1611359538318 http://testphp.vulnweb.com GET /images burp.f5s@57bcd86d 301 373 HTML 301 Moved Permanently 1611359667272 http://testphp.vulnweb.com GET /artists.php burp.f5s@209bbbed 0 0 0 http://testphp.vulnweb.com GET /cart.php burp.f5s@647786b6 0 0 0 http://testphp.vulnweb.com GET /disclaimer.php burp.f5s@2a5ec209 0 0 0 http://testphp.vulnweb.com GET /guestbook.php burp.f5s@1b90189f 0 0 0 http://testphp.vulnweb.com GET /index.php burp.f5s@66298cd3 0 0 0 http://testphp.vulnweb.com GET /login.php burp.f5s@3e33e496 0 0 0 http://testphp.vulnweb.com GET /privacy.php burp.f5s@622137d3 0 0 0 http://testphp.vulnweb.com GET /userinfo.php burp.f5s@79ee9fe8 0 0 0
スキャンは、以前に比べて比較的高速です。げっぷ. 自分のウェブサイトのせいなのかはわかりません. スキャン結果 405 件ですが、その多くは Mod_Rewrite モジュールの下にあります. Crawlergo と rad は私の手書きクローラーと同レベルのようです。 。あくまでもデータ量の観点から。 。
まず、ベンチマーク データと rad データを比較してみましょう
最初に交差を取得します。
17 個の交差データがあり、それぞれから交差データを減算し、並べ替えて比較します
よく見ると、中央の列のベンチマーク データの基本パスは基本的に左側の交差列で確認できますが、右側の rad 列の黄色の部分は基本的に表示されていないことがわかります。左がベンチマークデータ。以前の burpsuite と awvs レポートを確認しました。追加部分は基本的に
http://testphp.vulnweb.com/Mod_Rewrite_Shop/
ディレクトリにあります。ベンチマーク クローラーと rad. このディレクトリに存在します。
ベンチマークとcrawlergoの比較を見てください18個の交差があります
右側にはまだいくつかありますが、左側には基本的にはありません、しかし、左側と右側のものです。ディレクトリの右側には詳細が見つかりませんでした。
crawlergo と rad の比較を見てください。
7 つの簡単な要約
いくつかのツールは、手書きコード内でクリアされていないディレクトリとパスをスキャンしており、その機能は非常に強力です。
もちろん、その数はどのくらいでしょうか? 問題は、burosuite と awvs には一連のセキュリティ スキャンやその他の用途があるため、URL を取得するためだけに、crawlergo と rad に依存する方が便利であるということです。
crawlergo と rad の違いは、crawlergo によって返されるデータには、自動的に入力されたフォーム データを含むすべてのヘッダーが含まれるのに対し、rad は Get http://xxx
などのリクエスト メソッド URL のみを返すことです。最後に表を作成しましたが、これは私自身の見解を表しているだけであり、正確ではない可能性があります
以上がCrawlergo、RAD、Burpsuite、および awvs クローラーを比較する方法の詳細内容です。詳細については、PHP 中国語 Web サイトの他の関連記事を参照してください。
![[Web フロントエンド] Node.js クイック スタート](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
