wscan


Namewscan JSON
Version 2.4.5 PyPI version JSON
download
home_pagehttps://github.com/testzero-wz/wscan/
SummaryA Fast & Simple web site scanner.
upload_time2024-06-22 14:23:03
maintainerNone
docs_urlNone
authorT3stzer0
requires_pythonNone
licenseMIT
keywords wscan scanner fuzz sitemap base on aiohttp
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # wscan v2.4

wscan——一个基于协程的轻量级Web目录扫描器

写来平时用来打CTF,探测敏感信息和目录结构的,主要目的还是要优雅 、快捷一点 **:)**

适用于CTF这类网站页面不多,需要敏感文件、目录结构探测的网站扫描

## 安装


```bash
$ python3 -m pip install wscan
```

## 特性


- Fuzz网站目录
- 遍历爬取网站url
- 多协程更效率
- 可随机User-agent
- 自定义Fuzz后缀名
- 指定爬取协程数
- 404页面识别(粗略)
- **友好的界面以及优雅快捷的使用方法 : )**

## Demo


![Demo](https://i.loli.net/2018/10/21/5bcbf4e2841b4.gif)

## 用法:


**Type** ``-h`` **for help** :: 

  $ wscan [-u URL] [-f] [-m] [Extend options]


* **-u  URL**:          目标URL  
* **-f**:   启用Fuzz功能
* **-m**:   启用链接爬取功能(就是遍历爬取,网站大的话会炸锅)
* **-b  BASE**:  Fuzz的基址 **如:** -b /cms/app.   \[ Default: / \] (将会从/cms/app为基础,在其后面添加字典路径进行Fuzz)
* **-e  EXTEND**:   Fuzz的后缀名. [Default: php]
* **-max   NUM**:     协程最大值. \[ Default: 20 \] 
* **-t TIMEOUT**:     请求超时时间. [Default: 12]
* **-404 NOT_FOUND**:      自定义404页面的关键字,用于判断自定义404页面。如: "Not found"
* **-o**:       指定输出路径
* **-s**:       爬取静态资源链接(一般XSS、CSRF等题里面会用到静态资源如js,css,img等)
* **--no-re**:      爬链接的时候禁止重定向
* **--no-map**:      在扫描报告中不输出站点结构图
* **-v,-vv**:      -v显示详细信息,-vv显示最详细的信息
* **-h**:       帮助

#### 例子 

```bash
  $ wscan -u "http://www.example.com/" -f -m 
```




## 安装依赖

- Python >=3.5
- aiohttp
- colorama
- bs4

感谢开源作者 [maurosoria](https://github.com/maurosoria)  开源的 [dirsearch](https://github.com/maurosoria/dirsearch)为wscan提供的灵感以及Fuzz字典。




English Document
====================


wscan is a Fast & Simple web site scanner.

Base on aiohttp and refer to the dirsearch of multi-threading version.

Can both run on Linux & Windows.

## Install



```bash
$ python3 -m pip install wscan
```



## Features


- Fuzz web site path
- Mapping a site map
- Multi-co-routine
- User-agent randomization
- Custom extensions
- Custom maximum of co-routine
- Friendly interface
- Elegant and convenient :)

## Demo


![Demo](https://i.loli.net/2018/10/21/5bcbf4e2841b4.gif)

## Usage:


**Type** ``-h`` **for help** :: 

  $ wscan [-u URL] [-f] [-m] [Extend options]


* **-u  URL**:          Target URL.   

* **-f**:   Fuzz target url with dictionary .

* **-m**:   Crawl all URL on the target to get a map. 

* **-b  BASE**:  Base URL of fuzzing **e.g** -b /cms/app.   \[ Default: / \]

* **-e  EXTEND**:   Suffix name used for fuzzing. [Default: php]

* **-max   NUM**:     Max num of co-routine. \[ Default: 20 \]

* **-t TIMEOUT**:     Requests timeout. [Default: 12]

* **-o**:       Output dir

* **-404 NOT_FOUND**:       Customize a 404 identification, it'll be used as a keyword for searching text. e.g. "Not found"

* **-s**:       Crawl static resources when mapping target.

* **--no-re**:       Don't redirect when requesting. 

* **-o**:       Don't record site map in scan report

* **-v,-vv**:      Show more detail.

* **-h**:       Show this help message and exit.


### Example 

```bash
  $ wscan -u "http://www.example.com/" -f -m 
```




## Requires
- Python >=3.5
- aiohttp
- colorama
- bs4




## 更新日志
#### V2.4.1
##### 2019-12-16:
1. 修复Linux下字符重叠问题


#### V2.4
##### 2019-12-15:
1. 修复bug: coroutine never wait
2. 修复bug: InvalidURL Error
3. 优化扫描日志输出
   3.1 日志保存路径设置为当前目录(避免Linux下Permission Denied)
   3.2 生成扫描后正常响应的请求路径记录,即日志中Web urls部分
4. 添加新特性
   4.1 404页面识别(粗略),后面看情况添加simhash计算相似度,避免太臃肿。
   4.2 指定请求超时时间、日志生成细节等参数
   
#### v2.3
##### 2019/9/20
1. 优化爬虫协程以及站点展示


            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/testzero-wz/wscan/",
    "name": "wscan",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "wscan scanner fuzz sitemap base on aiohttp",
    "author": "T3stzer0",
    "author_email": "testzero.wz@gmail.com",
    "download_url": "https://files.pythonhosted.org/packages/87/68/524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb/wscan-2.4.5.tar.gz",
    "platform": null,
    "description": "# wscan v2.4\n\nwscan\u2014\u2014\u4e00\u4e2a\u57fa\u4e8e\u534f\u7a0b\u7684\u8f7b\u91cf\u7ea7Web\u76ee\u5f55\u626b\u63cf\u5668\n\n\u5199\u6765\u5e73\u65f6\u7528\u6765\u6253CTF\uff0c\u63a2\u6d4b\u654f\u611f\u4fe1\u606f\u548c\u76ee\u5f55\u7ed3\u6784\u7684\uff0c\u4e3b\u8981\u76ee\u7684\u8fd8\u662f\u8981\u4f18\u96c5 \u3001\u5feb\u6377\u4e00\u70b9 **:)**\n\n\u9002\u7528\u4e8eCTF\u8fd9\u7c7b\u7f51\u7ad9\u9875\u9762\u4e0d\u591a\uff0c\u9700\u8981\u654f\u611f\u6587\u4ef6\u3001\u76ee\u5f55\u7ed3\u6784\u63a2\u6d4b\u7684\u7f51\u7ad9\u626b\u63cf\n\n## \u5b89\u88c5\n\n\n```bash\n$ python3 -m pip install wscan\n```\n\n## \u7279\u6027\n\n\n- Fuzz\u7f51\u7ad9\u76ee\u5f55\n- \u904d\u5386\u722c\u53d6\u7f51\u7ad9url\n- \u591a\u534f\u7a0b\u66f4\u6548\u7387\n- \u53ef\u968f\u673aUser-agent\n- \u81ea\u5b9a\u4e49Fuzz\u540e\u7f00\u540d\n- \u6307\u5b9a\u722c\u53d6\u534f\u7a0b\u6570\n- 404\u9875\u9762\u8bc6\u522b\uff08\u7c97\u7565\uff09\n- **\u53cb\u597d\u7684\u754c\u9762\u4ee5\u53ca\u4f18\u96c5\u5feb\u6377\u7684\u4f7f\u7528\u65b9\u6cd5 : )**\n\n## Demo\n\n\n![Demo](https://i.loli.net/2018/10/21/5bcbf4e2841b4.gif)\n\n## \u7528\u6cd5:\n\n\n**Type** ``-h`` **for help** :: \n\n  $ wscan [-u URL] [-f] [-m] [Extend options]\n\n\n* **-u  URL**:          \u76ee\u6807URL  \n* **-f**:   \u542f\u7528Fuzz\u529f\u80fd\n* **-m**:   \u542f\u7528\u94fe\u63a5\u722c\u53d6\u529f\u80fd\uff08\u5c31\u662f\u904d\u5386\u722c\u53d6\uff0c\u7f51\u7ad9\u5927\u7684\u8bdd\u4f1a\u70b8\u9505\uff09\n* **-b  BASE**:  Fuzz\u7684\u57fa\u5740 **\u5982:** -b /cms/app.   \\[ Default: / \\] \uff08\u5c06\u4f1a\u4ece/cms/app\u4e3a\u57fa\u7840\uff0c\u5728\u5176\u540e\u9762\u6dfb\u52a0\u5b57\u5178\u8def\u5f84\u8fdb\u884cFuzz\uff09\n* **-e  EXTEND**:   Fuzz\u7684\u540e\u7f00\u540d. [Default: php]\n* **-max   NUM**:     \u534f\u7a0b\u6700\u5927\u503c. \\[ Default: 20 \\] \n* **-t TIMEOUT**:     \u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4. [Default: 12]\n* **-404 NOT_FOUND**:      \u81ea\u5b9a\u4e49404\u9875\u9762\u7684\u5173\u952e\u5b57\uff0c\u7528\u4e8e\u5224\u65ad\u81ea\u5b9a\u4e49404\u9875\u9762\u3002\u5982\uff1a \"Not found\"\n* **-o**:       \u6307\u5b9a\u8f93\u51fa\u8def\u5f84\n* **-s**:       \u722c\u53d6\u9759\u6001\u8d44\u6e90\u94fe\u63a5\uff08\u4e00\u822cXSS\u3001CSRF\u7b49\u9898\u91cc\u9762\u4f1a\u7528\u5230\u9759\u6001\u8d44\u6e90\u5982js\uff0ccss\uff0cimg\u7b49\uff09\n* **--no-re**:      \u722c\u94fe\u63a5\u7684\u65f6\u5019\u7981\u6b62\u91cd\u5b9a\u5411\n* **--no-map**:      \u5728\u626b\u63cf\u62a5\u544a\u4e2d\u4e0d\u8f93\u51fa\u7ad9\u70b9\u7ed3\u6784\u56fe\n* **-v,-vv**:      -v\u663e\u793a\u8be6\u7ec6\u4fe1\u606f\uff0c-vv\u663e\u793a\u6700\u8be6\u7ec6\u7684\u4fe1\u606f\n* **-h**:       \u5e2e\u52a9\n\n#### \u4f8b\u5b50 \n\n```bash\n  $ wscan -u \"http://www.example.com/\" -f -m \n```\n\n\n\n\n## \u5b89\u88c5\u4f9d\u8d56\n\n- Python >=3.5\n- aiohttp\n- colorama\n- bs4\n\n\u611f\u8c22\u5f00\u6e90\u4f5c\u8005 [maurosoria](https://github.com/maurosoria)  \u5f00\u6e90\u7684 [dirsearch](https://github.com/maurosoria/dirsearch)\u4e3awscan\u63d0\u4f9b\u7684\u7075\u611f\u4ee5\u53caFuzz\u5b57\u5178\u3002\n\n\n\n\nEnglish Document\n====================\n\n\nwscan is a Fast & Simple web site scanner.\n\nBase on aiohttp and refer to the dirsearch of multi-threading version.\n\nCan both run on Linux & Windows.\n\n## Install\n\n\n\n```bash\n$ python3 -m pip install wscan\n```\n\n\n\n## Features\n\n\n- Fuzz web site path\n- Mapping a site map\n- Multi-co-routine\n- User-agent randomization\n- Custom extensions\n- Custom maximum of co-routine\n- Friendly interface\n- Elegant and convenient :)\n\n## Demo\n\n\n![Demo](https://i.loli.net/2018/10/21/5bcbf4e2841b4.gif)\n\n## Usage:\n\n\n**Type** ``-h`` **for help** :: \n\n  $ wscan [-u URL] [-f] [-m] [Extend options]\n\n\n* **-u  URL**:          Target URL.   \n\n* **-f**:   Fuzz target url with dictionary .\n\n* **-m**:   Crawl all URL on the target to get a map. \n\n* **-b  BASE**:  Base URL of fuzzing **e.g** -b /cms/app.   \\[ Default: / \\]\n\n* **-e  EXTEND**:   Suffix name used for fuzzing. [Default: php]\n\n* **-max   NUM**:     Max num of co-routine. \\[ Default: 20 \\]\n\n* **-t TIMEOUT**:     Requests timeout. [Default: 12]\n\n* **-o**:       Output dir\n\n* **-404 NOT_FOUND**:       Customize a 404 identification, it'll be used as a keyword for searching text. e.g. \"Not found\"\n\n* **-s**:       Crawl static resources when mapping target.\n\n* **--no-re**:       Don't redirect when requesting. \n\n* **-o**:       Don't record site map in scan report\n\n* **-v,-vv**:      Show more detail.\n\n* **-h**:       Show this help message and exit.\n\n\n### Example \n\n```bash\n  $ wscan -u \"http://www.example.com/\" -f -m \n```\n\n\n\n\n## Requires\n- Python >=3.5\n- aiohttp\n- colorama\n- bs4\n\n\n\n\n## \u66f4\u65b0\u65e5\u5fd7\n#### V2.4.1\n##### 2019-12-16:\n1. \u4fee\u590dLinux\u4e0b\u5b57\u7b26\u91cd\u53e0\u95ee\u9898\n\n\n#### V2.4\n##### 2019-12-15:\n1. \u4fee\u590dbug: coroutine never wait\n2. \u4fee\u590dbug: InvalidURL Error\n3. \u4f18\u5316\u626b\u63cf\u65e5\u5fd7\u8f93\u51fa\n   3.1 \u65e5\u5fd7\u4fdd\u5b58\u8def\u5f84\u8bbe\u7f6e\u4e3a\u5f53\u524d\u76ee\u5f55\uff08\u907f\u514dLinux\u4e0bPermission Denied\uff09\n   3.2 \u751f\u6210\u626b\u63cf\u540e\u6b63\u5e38\u54cd\u5e94\u7684\u8bf7\u6c42\u8def\u5f84\u8bb0\u5f55\uff0c\u5373\u65e5\u5fd7\u4e2dWeb urls\u90e8\u5206\n4. \u6dfb\u52a0\u65b0\u7279\u6027\n   4.1 404\u9875\u9762\u8bc6\u522b\uff08\u7c97\u7565\uff09\uff0c\u540e\u9762\u770b\u60c5\u51b5\u6dfb\u52a0simhash\u8ba1\u7b97\u76f8\u4f3c\u5ea6\uff0c\u907f\u514d\u592a\u81c3\u80bf\u3002\n   4.2 \u6307\u5b9a\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\u3001\u65e5\u5fd7\u751f\u6210\u7ec6\u8282\u7b49\u53c2\u6570\n   \n#### v2.3\n##### 2019/9/20\n1. \u4f18\u5316\u722c\u866b\u534f\u7a0b\u4ee5\u53ca\u7ad9\u70b9\u5c55\u793a\n\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "A Fast & Simple web site scanner.",
    "version": "2.4.5",
    "project_urls": {
        "Homepage": "https://github.com/testzero-wz/wscan/"
    },
    "split_keywords": [
        "wscan",
        "scanner",
        "fuzz",
        "sitemap",
        "base",
        "on",
        "aiohttp"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "8768524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb",
                "md5": "776638e7b52a8206f9a35e8ea488afea",
                "sha256": "4de61e1c590fc40883eb903a7c585ce0374c5aafab70e53271e8b53fcbfd820b"
            },
            "downloads": -1,
            "filename": "wscan-2.4.5.tar.gz",
            "has_sig": false,
            "md5_digest": "776638e7b52a8206f9a35e8ea488afea",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 45349,
            "upload_time": "2024-06-22T14:23:03",
            "upload_time_iso_8601": "2024-06-22T14:23:03.452488Z",
            "url": "https://files.pythonhosted.org/packages/87/68/524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb/wscan-2.4.5.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-06-22 14:23:03",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "testzero-wz",
    "github_project": "wscan",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": false,
    "lcname": "wscan"
}
        
Elapsed time: 4.47355s