-
Notifications
You must be signed in to change notification settings - Fork 203
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
507 additions
and
311 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,27 +12,15 @@ URLFinder是一款快速、全面、易用的页面信息提取工具 | |
|
||
有什么需求或bug欢迎各位师傅提交lssues | ||
|
||
#### 注意: | ||
## 功能说明: | ||
|
||
fuzz功能是基于抓到的404目录和路径。将其当作字典,随机组合并碰撞出有效路径,从而解决路径拼接错误的问题 | ||
|
||
为了更好的兼容和防止漏抓链接,放弃了低误报率,错误的链接会变多但漏抓概率变低,可通过 ‘-s 200’ 筛选状态码过滤无效的链接(但不推荐只看200状态码) | ||
|
||
结果会优先显示输入的url顶级域名,其他域名不做区分显示在 other | ||
|
||
## 功能说明 | ||
1.提取页面与JS中的JS、URL链接和敏感信息 | ||
2.提取到的链接会显示状态码、响应大小、标题等(带cookie操作时请使用-m 3 安全模式,防止误操作) | ||
3.提取批量URL | ||
4.yml配置 自定义Headers请求头、代理、抓取规则、黑名单等 | ||
5.结果导出到csv、json、html | ||
6.记录抓取来源,便于手动分析 | ||
7.指定抓取域名(支持正则表达式) | ||
8.指定baseurl路径(指定目录拼接) | ||
9.使用代理ip | ||
10.对404链接Fuzz(测试版,有问题提issue) | ||
结果会优先显示200,按从小到大排序(输入的域名最优先,就算是404也会排序在其他子域名的200前面) | ||
|
||
结果会优先显示输入的url顶级域名,其他域名不做区分显示在 other | ||
结果会优先显示200,按从小到大排序(输入的域名最优先,就算是404也会排序在其他子域名的200前面) | ||
为了更好的兼容和防止漏抓链接,放弃了低误报率,错误的链接会变多但漏抓概率变低,可通过 ‘-s 200’ 筛选状态码过滤无效的链接(但不推荐只看200状态码) | ||
|
||
## 使用截图 | ||
|
||
|
@@ -54,7 +42,7 @@ URLFinder.exe -u http://www.baidu.com -s 200,403 -m 2 | |
``` | ||
URLFinder.exe -s all -m 2 -f url.txt -o d:/ | ||
``` | ||
参数: | ||
参数(更多参数使用 -i 配置): | ||
``` | ||
-a 自定义user-agent请求头 | ||
-b 自定义baseurl路径 | ||
|
@@ -63,14 +51,16 @@ URLFinder.exe -s all -m 2 -f url.txt -o d:/ | |
-f 批量url抓取,需指定url文本路径 | ||
-ff 与-f区别:全部抓取的数据,视为同一个url的结果来处理(只打印一份结果 | 只会输出一份结果) | ||
-h 帮助信息 | ||
-i 加载yaml配置文件,可自定义请求头 抓取规则等(不存在时,会在当前目录创建一个默认yaml配置文件) | ||
-i 加载yaml配置文件,可自定义请求头、抓取规则等(不存在时,会在当前目录创建一个默认yaml配置文件) | ||
-m 抓取模式: | ||
1 正常抓取(默认) | ||
2 深入抓取 (URL深入一层 JS深入三层 防止抓偏) | ||
3 安全深入抓取(过滤delete,remove等敏感路由) | ||
-max 最大抓取数 | ||
-o 结果导出到csv、json、html文件,需指定导出文件目录(.代表当前目录) | ||
-s 显示指定状态码,all为显示全部 | ||
-t 设置线程数(默认50) | ||
-time 设置超时时间(默认5,单位秒) | ||
-u 目标URL | ||
-x 设置代理,格式: http://username:[email protected]:8877 | ||
-z 提取所有目录对404链接进行fuzz(只对主域名下的链接生效,需要与-s一起使用) | ||
|
@@ -117,7 +107,14 @@ SET GOOS=darwin | |
SET GOARCH=arm64 | ||
go build -ldflags "-s -w" -o ./URLFinder-macos-arm64 | ||
``` | ||
## 更新说明 | ||
## 更新说明 | ||
2023/5/11 | ||
变化 -i 配置文件可自定义:线程数、抓取深度、敏感路由、超时时间、最大抓取数 | ||
新增 -time 设置超时时间 | ||
新增 -max 设置最大抓取数 | ||
新增 添加版本更新提示 | ||
修复 已知bug | ||
|
||
2023/5/5 | ||
修复 多个任务时html结果混乱 | ||
新增 结果添加302跳转信息 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -7,6 +7,9 @@ import ( | |
"os" | ||
) | ||
|
||
var Update = "2023.5.11" | ||
var XUpdate string | ||
|
||
var ( | ||
H bool | ||
I bool | ||
|
@@ -22,6 +25,8 @@ var ( | |
O string | ||
X string | ||
T = 50 | ||
TI = 5 | ||
MA = 99999 | ||
Z int | ||
) | ||
|
||
|
@@ -34,26 +39,28 @@ func init() { | |
flag.StringVar(&FF, "ff", "", "set urlFile one\n与-f区别:全部抓取的数据,视为同一个url的结果来处理(只打印一份结果 | 只会输出一份结果)") | ||
flag.BoolVar(&H, "h", false, "this help\n帮助信息") | ||
flag.BoolVar(&I, "i", false, "set configFile\n加载yaml配置文件(不存在时,会在当前目录创建一个默认yaml配置文件)") | ||
flag.IntVar(&M, "m", 1, "set mode\n抓取模式 \n 1 normal\n 正常抓取(默认) \n 2 thorough\n 深入抓取 (url深入一层,js深入三层,防止抓偏) \n 3 security\n 安全深入抓取(过滤delete,remove等敏感路由) \n ") | ||
flag.IntVar(&M, "m", 1, "set mode\n抓取模式 \n 1 normal\n 正常抓取(默认) \n 2 thorough\n 深入抓取(默认url深入一层,js深入三层,-i可以自定义) \n 3 security\n 安全深入抓取(过滤delete,remove等敏感路由.-i可自定义) ") | ||
flag.IntVar(&MA, "max", 99999, "set maximum\n最大抓取链接数") | ||
flag.StringVar(&O, "o", "", "set outFile\n结果导出到csv、json、html文件,需指定导出文件目录(.代表当前目录)") | ||
flag.StringVar(&S, "s", "", "set Status\n显示指定状态码,all为显示全部(多个状态码用,隔开)") | ||
flag.IntVar(&T, "t", 50, "set thread\n设置线程数(默认50)\n") | ||
flag.IntVar(&T, "t", 50, "set Thread\n设置线程数(默认50)") | ||
flag.IntVar(&TI, "time", 5, "set Timeout\n设置超时时间(默认5,单位秒)") | ||
flag.StringVar(&U, "u", "", "set Url\n目标URL") | ||
flag.StringVar(&X, "x", "", "set httpProxy\n设置代理,格式: http://username:[email protected]:8809") | ||
flag.IntVar(&Z, "z", 0, "set Fuzz\n对404链接进行fuzz(只对主域名下的链接生效,需要与-s一起使用) \n 1 decreasing\n 目录递减fuzz \n 2 2combination\n 2级目录组合fuzz(适合少量链接使用) \n 3 3combination\n 3级目录组合fuzz(适合少量链接使用) \n") | ||
flag.StringVar(&X, "x", "", "set Proxy\n设置代理,格式: http://username:[email protected]:8809") | ||
flag.IntVar(&Z, "z", 0, "set Fuzz\n对404链接进行fuzz(只对主域名下的链接生效,需要与 -s 一起使用) \n 1 decreasing\n 目录递减fuzz \n 2 2combination\n 2级目录组合fuzz(适合少量链接使用) \n 3 3combination\n 3级目录组合fuzz(适合少量链接使用) ") | ||
|
||
// 改变默认的 Usage | ||
flag.Usage = usage | ||
} | ||
func usage() { | ||
fmt.Fprintf(os.Stderr, `Usage: URLFinder [-a user-agent] [-b baseurl] [-c cookie] [-d domainName] [-f urlFile] [-ff urlFile one] [-h help] [-i configFile] [-m mode] [-o outFile] [-s Status] [-t thread] [-u Url] [-x httpProxy] [-z fuzz] | ||
fmt.Fprintf(os.Stderr, `Usage: URLFinder [-a user-agent] [-b baseurl] [-c cookie] [-d domainName] [-f urlFile] [-ff urlFile one] [-h help] [-i configFile] [-m mode] [-max maximum] [-o outFile] [-s Status] [-t thread] [-time timeout] [-u url] [-x proxy] [-z fuzz] | ||
Options: | ||
`) | ||
flag.PrintDefaults() | ||
} | ||
|
||
func Parse() { | ||
color.LightCyan.Println(" __ __ ___ _ _ \n /\\ /\\ /__\\ / / / __(_)_ __ __| | ___ _ __ \n/ / \\ \\/ \\/// / / _\\ | | '_ \\ / _` |/ _ \\ '__|\n\\ \\_/ / _ \\ /___ / | | | | | (_| | __/ | \n \\___/\\/ \\_\\____\\/ |_|_| |_|\\__,_|\\___|_| \n\nBy: pingc0y\nUpdateTime: 2023/5/5\nGithub: https://github.com/pingc0y/URLFinder \n") | ||
color.LightCyan.Printf(" __ __ ___ _ _ \n /\\ /\\ /__\\ / / / __(_)_ __ __| | ___ _ __ \n/ / \\ \\/ \\/// / / _\\ | | '_ \\ / _` |/ _ \\ '__|\n\\ \\_/ / _ \\ /___ / | | | | | (_| | __/ | \n \\___/\\/ \\_\\____\\/ |_|_| |_|\\__,_|\\___|_| \n\nBy: pingc0y\nUpdate: %s | %s\nGithub: https://github.com/pingc0y/URLFinder \n\n", Update, XUpdate) | ||
flag.Parse() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.