cda31e86c7
- 靶场环境: DVWA/WebGoat/Pikachu/BWAPP/SQLi-Labs/XSS-Labs - SQL注入工具: sqli-scanner.py, blind-sqli.py, sqli-exploit.go - XSS工具: xss-fuzzer.py, xss-scanner.go - 认证攻击: web-brute.py, jwt-cracker.py - 服务端安全: port-scanner.py, tls-scanner.py - 防御配置: nginx-hardening.conf - 案例研究: 福建政采网安全评估报告 (13份) - 同步脚本: sync-gitea.sh
22 行
832 B
Bash
22 行
832 B
Bash
#!/bin/bash
|
|
export PATH="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin"
|
|
|
|
TARGET_IPS="112.54.45.252 120.35.30.176 114.115.172.176"
|
|
PATHS="/ /login /admin /api /api/v1 /gateway /actuator /actuator/health /swagger-ui.html /v2/api-docs /.env /.git/config /robots.txt /server-status /portal"
|
|
|
|
echo "Starting HTTP Web Directory Fuzzing on port 8080..."
|
|
|
|
for ip in $TARGET_IPS; do
|
|
for path in $PATHS; do
|
|
# Perform silent request to get the status code only
|
|
code=$(curl -k -s -o /dev/null -w "%{http_code}" -m 3 "http://$ip:8080$path" 2>/dev/null)
|
|
|
|
# Only print if valid code and not 404 (or connection refused 000)
|
|
if [ "$code" != "404" ] && [ "$code" != "000" ] && [ ! -z "$code" ]; then
|
|
echo "[HTTP $code] http://$ip:8080$path"
|
|
fi
|
|
done
|
|
done
|
|
|
|
echo "Fuzzing complete."
|