简单写了个fuzz脚本
下细想了一下实现方法,发现好多内容都可以从之前写的脚本里搬过来,比如从文档中读取payload呀,类似爬虫里的拼接url和构造ua头发包呀,所以多写东西还是有好处呀。
代码如下:
import requests
import linecache
post_get=input('请输入网站类型 >>:')
headers = {
'User-Agent': "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/" +
"537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36"
}
#每次修改网站
url = 'http://057930fe-2cff-4f1c-b9cc-c2270e8d05fe.node3.buuoj.cn/index.php'
global fuzz_list
fuzz_list=[]
#从以前写的端口扫描搬过来的一行一行读取文件,稍做优化
def read_fuzzword():
global fuzz_list
txt_lenth = int(len(open('./fuzzword.txt','r').readlines()))
print('总fuzz数为%s' %(txt_lenth))
for i in range(1,txt_lenth+1):
fuzzword=linecache.getline('./fuzzword.txt',i)
fuzzword=fuzzword.replace('\n','')
fuzz_list.append(fuzzword)
def get(url):
global fuzz_list
for i in fuzz_list:
target_url = url + i
r=requests.get(url=target_url,headers=headers)
back_text = r.content
backcode = r.status_code
test_code = i + (20-len(i))*' '
result = 'word:%s code:%s lenth:%s'%(test_code,backcode,len(back_text))
print(result)
def post(url):
global fuzz_list
for i in fuzz_list:
#修改此处传参名
r=requests.post(url,data={'id':i})
back_text = r.content
backcode = r.status_code
test_code = i + (20-len(i))*' '
result = 'word:%s code:%s lenth:%s'%(test_code,backcode,len(back_text))
print(result)
if __name__ == '__main__':
read_fuzzword()
if post_get == 'post':
post(url)
elif post_get == 'get':
get(url)
感觉毕竟只是测试一下可用字符,就不用加线程了,另外要看返回内容就把back_text给print出来就行。(果然还是没有burp方便。