# wscan v2.4
wscan——一个基于协程的轻量级Web目录扫描器
写来平时用来打CTF,探测敏感信息和目录结构的,主要目的还是要优雅 、快捷一点 **:)**
适用于CTF这类网站页面不多,需要敏感文件、目录结构探测的网站扫描
## 安装
```bash
$ python3 -m pip install wscan
```
## 特性
- Fuzz网站目录
- 遍历爬取网站url
- 多协程更效率
- 可随机User-agent
- 自定义Fuzz后缀名
- 指定爬取协程数
- 404页面识别(粗略)
- **友好的界面以及优雅快捷的使用方法 : )**
## Demo
## 用法:
**Type** ``-h`` **for help** ::
$ wscan [-u URL] [-f] [-m] [Extend options]
* **-u URL**: 目标URL
* **-f**: 启用Fuzz功能
* **-m**: 启用链接爬取功能(就是遍历爬取,网站大的话会炸锅)
* **-b BASE**: Fuzz的基址 **如:** -b /cms/app. \[ Default: / \] (将会从/cms/app为基础,在其后面添加字典路径进行Fuzz)
* **-e EXTEND**: Fuzz的后缀名. [Default: php]
* **-max NUM**: 协程最大值. \[ Default: 20 \]
* **-t TIMEOUT**: 请求超时时间. [Default: 12]
* **-404 NOT_FOUND**: 自定义404页面的关键字,用于判断自定义404页面。如: "Not found"
* **-o**: 指定输出路径
* **-s**: 爬取静态资源链接(一般XSS、CSRF等题里面会用到静态资源如js,css,img等)
* **--no-re**: 爬链接的时候禁止重定向
* **--no-map**: 在扫描报告中不输出站点结构图
* **-v,-vv**: -v显示详细信息,-vv显示最详细的信息
* **-h**: 帮助
#### 例子
```bash
$ wscan -u "http://www.example.com/" -f -m
```
## 安装依赖
- Python >=3.5
- aiohttp
- colorama
- bs4
感谢开源作者 [maurosoria](https://github.com/maurosoria) 开源的 [dirsearch](https://github.com/maurosoria/dirsearch)为wscan提供的灵感以及Fuzz字典。
English Document
====================
wscan is a Fast & Simple web site scanner.
Base on aiohttp and refer to the dirsearch of multi-threading version.
Can both run on Linux & Windows.
## Install
```bash
$ python3 -m pip install wscan
```
## Features
- Fuzz web site path
- Mapping a site map
- Multi-co-routine
- User-agent randomization
- Custom extensions
- Custom maximum of co-routine
- Friendly interface
- Elegant and convenient :)
## Demo
## Usage:
**Type** ``-h`` **for help** ::
$ wscan [-u URL] [-f] [-m] [Extend options]
* **-u URL**: Target URL.
* **-f**: Fuzz target url with dictionary .
* **-m**: Crawl all URL on the target to get a map.
* **-b BASE**: Base URL of fuzzing **e.g** -b /cms/app. \[ Default: / \]
* **-e EXTEND**: Suffix name used for fuzzing. [Default: php]
* **-max NUM**: Max num of co-routine. \[ Default: 20 \]
* **-t TIMEOUT**: Requests timeout. [Default: 12]
* **-o**: Output dir
* **-404 NOT_FOUND**: Customize a 404 identification, it'll be used as a keyword for searching text. e.g. "Not found"
* **-s**: Crawl static resources when mapping target.
* **--no-re**: Don't redirect when requesting.
* **-o**: Don't record site map in scan report
* **-v,-vv**: Show more detail.
* **-h**: Show this help message and exit.
### Example
```bash
$ wscan -u "http://www.example.com/" -f -m
```
## Requires
- Python >=3.5
- aiohttp
- colorama
- bs4
## 更新日志
#### V2.4.1
##### 2019-12-16:
1. 修复Linux下字符重叠问题
#### V2.4
##### 2019-12-15:
1. 修复bug: coroutine never wait
2. 修复bug: InvalidURL Error
3. 优化扫描日志输出
3.1 日志保存路径设置为当前目录(避免Linux下Permission Denied)
3.2 生成扫描后正常响应的请求路径记录,即日志中Web urls部分
4. 添加新特性
4.1 404页面识别(粗略),后面看情况添加simhash计算相似度,避免太臃肿。
4.2 指定请求超时时间、日志生成细节等参数
#### v2.3
##### 2019/9/20
1. 优化爬虫协程以及站点展示
Raw data
{
"_id": null,
"home_page": "https://github.com/testzero-wz/wscan/",
"name": "wscan",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": "wscan scanner fuzz sitemap base on aiohttp",
"author": "T3stzer0",
"author_email": "testzero.wz@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/87/68/524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb/wscan-2.4.5.tar.gz",
"platform": null,
"description": "# wscan v2.4\n\nwscan\u2014\u2014\u4e00\u4e2a\u57fa\u4e8e\u534f\u7a0b\u7684\u8f7b\u91cf\u7ea7Web\u76ee\u5f55\u626b\u63cf\u5668\n\n\u5199\u6765\u5e73\u65f6\u7528\u6765\u6253CTF\uff0c\u63a2\u6d4b\u654f\u611f\u4fe1\u606f\u548c\u76ee\u5f55\u7ed3\u6784\u7684\uff0c\u4e3b\u8981\u76ee\u7684\u8fd8\u662f\u8981\u4f18\u96c5 \u3001\u5feb\u6377\u4e00\u70b9 **:)**\n\n\u9002\u7528\u4e8eCTF\u8fd9\u7c7b\u7f51\u7ad9\u9875\u9762\u4e0d\u591a\uff0c\u9700\u8981\u654f\u611f\u6587\u4ef6\u3001\u76ee\u5f55\u7ed3\u6784\u63a2\u6d4b\u7684\u7f51\u7ad9\u626b\u63cf\n\n## \u5b89\u88c5\n\n\n```bash\n$ python3 -m pip install wscan\n```\n\n## \u7279\u6027\n\n\n- Fuzz\u7f51\u7ad9\u76ee\u5f55\n- \u904d\u5386\u722c\u53d6\u7f51\u7ad9url\n- \u591a\u534f\u7a0b\u66f4\u6548\u7387\n- \u53ef\u968f\u673aUser-agent\n- \u81ea\u5b9a\u4e49Fuzz\u540e\u7f00\u540d\n- \u6307\u5b9a\u722c\u53d6\u534f\u7a0b\u6570\n- 404\u9875\u9762\u8bc6\u522b\uff08\u7c97\u7565\uff09\n- **\u53cb\u597d\u7684\u754c\u9762\u4ee5\u53ca\u4f18\u96c5\u5feb\u6377\u7684\u4f7f\u7528\u65b9\u6cd5 : )**\n\n## Demo\n\n\n\n\n## \u7528\u6cd5:\n\n\n**Type** ``-h`` **for help** :: \n\n $ wscan [-u URL] [-f] [-m] [Extend options]\n\n\n* **-u URL**: \u76ee\u6807URL \n* **-f**: \u542f\u7528Fuzz\u529f\u80fd\n* **-m**: \u542f\u7528\u94fe\u63a5\u722c\u53d6\u529f\u80fd\uff08\u5c31\u662f\u904d\u5386\u722c\u53d6\uff0c\u7f51\u7ad9\u5927\u7684\u8bdd\u4f1a\u70b8\u9505\uff09\n* **-b BASE**: Fuzz\u7684\u57fa\u5740 **\u5982:** -b /cms/app. \\[ Default: / \\] \uff08\u5c06\u4f1a\u4ece/cms/app\u4e3a\u57fa\u7840\uff0c\u5728\u5176\u540e\u9762\u6dfb\u52a0\u5b57\u5178\u8def\u5f84\u8fdb\u884cFuzz\uff09\n* **-e EXTEND**: Fuzz\u7684\u540e\u7f00\u540d. [Default: php]\n* **-max NUM**: \u534f\u7a0b\u6700\u5927\u503c. \\[ Default: 20 \\] \n* **-t TIMEOUT**: \u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4. [Default: 12]\n* **-404 NOT_FOUND**: \u81ea\u5b9a\u4e49404\u9875\u9762\u7684\u5173\u952e\u5b57\uff0c\u7528\u4e8e\u5224\u65ad\u81ea\u5b9a\u4e49404\u9875\u9762\u3002\u5982\uff1a \"Not found\"\n* **-o**: \u6307\u5b9a\u8f93\u51fa\u8def\u5f84\n* **-s**: \u722c\u53d6\u9759\u6001\u8d44\u6e90\u94fe\u63a5\uff08\u4e00\u822cXSS\u3001CSRF\u7b49\u9898\u91cc\u9762\u4f1a\u7528\u5230\u9759\u6001\u8d44\u6e90\u5982js\uff0ccss\uff0cimg\u7b49\uff09\n* **--no-re**: \u722c\u94fe\u63a5\u7684\u65f6\u5019\u7981\u6b62\u91cd\u5b9a\u5411\n* **--no-map**: \u5728\u626b\u63cf\u62a5\u544a\u4e2d\u4e0d\u8f93\u51fa\u7ad9\u70b9\u7ed3\u6784\u56fe\n* **-v,-vv**: -v\u663e\u793a\u8be6\u7ec6\u4fe1\u606f\uff0c-vv\u663e\u793a\u6700\u8be6\u7ec6\u7684\u4fe1\u606f\n* **-h**: \u5e2e\u52a9\n\n#### \u4f8b\u5b50 \n\n```bash\n $ wscan -u \"http://www.example.com/\" -f -m \n```\n\n\n\n\n## \u5b89\u88c5\u4f9d\u8d56\n\n- Python >=3.5\n- aiohttp\n- colorama\n- bs4\n\n\u611f\u8c22\u5f00\u6e90\u4f5c\u8005 [maurosoria](https://github.com/maurosoria) \u5f00\u6e90\u7684 [dirsearch](https://github.com/maurosoria/dirsearch)\u4e3awscan\u63d0\u4f9b\u7684\u7075\u611f\u4ee5\u53caFuzz\u5b57\u5178\u3002\n\n\n\n\nEnglish Document\n====================\n\n\nwscan is a Fast & Simple web site scanner.\n\nBase on aiohttp and refer to the dirsearch of multi-threading version.\n\nCan both run on Linux & Windows.\n\n## Install\n\n\n\n```bash\n$ python3 -m pip install wscan\n```\n\n\n\n## Features\n\n\n- Fuzz web site path\n- Mapping a site map\n- Multi-co-routine\n- User-agent randomization\n- Custom extensions\n- Custom maximum of co-routine\n- Friendly interface\n- Elegant and convenient :)\n\n## Demo\n\n\n\n\n## Usage:\n\n\n**Type** ``-h`` **for help** :: \n\n $ wscan [-u URL] [-f] [-m] [Extend options]\n\n\n* **-u URL**: Target URL. \n\n* **-f**: Fuzz target url with dictionary .\n\n* **-m**: Crawl all URL on the target to get a map. \n\n* **-b BASE**: Base URL of fuzzing **e.g** -b /cms/app. \\[ Default: / \\]\n\n* **-e EXTEND**: Suffix name used for fuzzing. [Default: php]\n\n* **-max NUM**: Max num of co-routine. \\[ Default: 20 \\]\n\n* **-t TIMEOUT**: Requests timeout. [Default: 12]\n\n* **-o**: Output dir\n\n* **-404 NOT_FOUND**: Customize a 404 identification, it'll be used as a keyword for searching text. e.g. \"Not found\"\n\n* **-s**: Crawl static resources when mapping target.\n\n* **--no-re**: Don't redirect when requesting. \n\n* **-o**: Don't record site map in scan report\n\n* **-v,-vv**: Show more detail.\n\n* **-h**: Show this help message and exit.\n\n\n### Example \n\n```bash\n $ wscan -u \"http://www.example.com/\" -f -m \n```\n\n\n\n\n## Requires\n- Python >=3.5\n- aiohttp\n- colorama\n- bs4\n\n\n\n\n## \u66f4\u65b0\u65e5\u5fd7\n#### V2.4.1\n##### 2019-12-16:\n1. \u4fee\u590dLinux\u4e0b\u5b57\u7b26\u91cd\u53e0\u95ee\u9898\n\n\n#### V2.4\n##### 2019-12-15:\n1. \u4fee\u590dbug: coroutine never wait\n2. \u4fee\u590dbug: InvalidURL Error\n3. \u4f18\u5316\u626b\u63cf\u65e5\u5fd7\u8f93\u51fa\n 3.1 \u65e5\u5fd7\u4fdd\u5b58\u8def\u5f84\u8bbe\u7f6e\u4e3a\u5f53\u524d\u76ee\u5f55\uff08\u907f\u514dLinux\u4e0bPermission Denied\uff09\n 3.2 \u751f\u6210\u626b\u63cf\u540e\u6b63\u5e38\u54cd\u5e94\u7684\u8bf7\u6c42\u8def\u5f84\u8bb0\u5f55\uff0c\u5373\u65e5\u5fd7\u4e2dWeb urls\u90e8\u5206\n4. \u6dfb\u52a0\u65b0\u7279\u6027\n 4.1 404\u9875\u9762\u8bc6\u522b\uff08\u7c97\u7565\uff09\uff0c\u540e\u9762\u770b\u60c5\u51b5\u6dfb\u52a0simhash\u8ba1\u7b97\u76f8\u4f3c\u5ea6\uff0c\u907f\u514d\u592a\u81c3\u80bf\u3002\n 4.2 \u6307\u5b9a\u8bf7\u6c42\u8d85\u65f6\u65f6\u95f4\u3001\u65e5\u5fd7\u751f\u6210\u7ec6\u8282\u7b49\u53c2\u6570\n \n#### v2.3\n##### 2019/9/20\n1. \u4f18\u5316\u722c\u866b\u534f\u7a0b\u4ee5\u53ca\u7ad9\u70b9\u5c55\u793a\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "A Fast & Simple web site scanner.",
"version": "2.4.5",
"project_urls": {
"Homepage": "https://github.com/testzero-wz/wscan/"
},
"split_keywords": [
"wscan",
"scanner",
"fuzz",
"sitemap",
"base",
"on",
"aiohttp"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "8768524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb",
"md5": "776638e7b52a8206f9a35e8ea488afea",
"sha256": "4de61e1c590fc40883eb903a7c585ce0374c5aafab70e53271e8b53fcbfd820b"
},
"downloads": -1,
"filename": "wscan-2.4.5.tar.gz",
"has_sig": false,
"md5_digest": "776638e7b52a8206f9a35e8ea488afea",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 45349,
"upload_time": "2024-06-22T14:23:03",
"upload_time_iso_8601": "2024-06-22T14:23:03.452488Z",
"url": "https://files.pythonhosted.org/packages/87/68/524455b6a6760b3daf1bee71dc6c206650a905bd5ed2dfde00419102fdfb/wscan-2.4.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-06-22 14:23:03",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "testzero-wz",
"github_project": "wscan",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "wscan"
}
JSON
