dirbをmacOSにインストールして使ってみる
概要
更新履歴
- 2024/02/29 初版
目次
はじめに
このドキュメントはDIRB URL BruteforcerというウェブコンテンツスキャナをmacOSにインストールして使うまでの手順を説明する.DIRBは隠されたウェブオブジェクト を辞書ベースでリクエストを送信し,応答を調査する.そのサイトの監査に用いる.モジュールの入手とビルド,インストール
モジュールの入手
- 執筆現在,HomeBrewで提供されてないので,以下の公式サイトからダウンロードする..
- https://sourceforge.net/projects/dirb/
$ mkdir dirb🆑
$ cd dirb🆑
$ curl -L https://sourceforge.net/projects/dirb/files/dirb/2.22/dirb222.tar.gz/download -o dirb222.tar.gz🆑
% Total % Received % Xferd Average
Speed Time Time
Time Current
Dload
Upload
Total
Spent Left Speed
100 585 0
585 0 0
2604 0 --:--:-- --:--:-- --:--:--
2611
100 323 100 323
0 0
450 0 --:--:-- --:--:-- --:--:-- 26916
100 2004k 100 2004k 0
0 171k 0 0:00:11
0:00:11 --:--:-- 237k
$
- 入手したアーカイブファイルを展開.
$ tar xvzf dirb222.tar.gz🆑
x dirb222/
x dirb222/aclocal.m4
x dirb222/autoheader
x dirb222/autom4te.cache/
x dirb222/config.h.in
x dirb222/configure
x dirb222/configure.ac
x dirb222/depcomp
x dirb222/dirb.1
x dirb222/docs/
x dirb222/docs/CHANGES.txt
x dirb222/docs/FAQ.txt
x dirb222/docs/GENDICT.TXT
x dirb222/docs/INSTALLATION.txt
x dirb222/docs/TODO.txt
x dirb222/docs/TRICKS.txt
x dirb222/gendict_src/
x dirb222/gendict_src/gendict.c
x dirb222/gendict_src/Makefile.am
x dirb222/gendict_src/Makefile.in
x dirb222/install-sh
x dirb222/LICENSE.txt
x dirb222/Makefile.am
x dirb222/Makefile.in
x dirb222/missing
x dirb222/mkinstalldirs
x dirb222/README.txt
x dirb222/src/
x dirb222/src/calculanec.c
x dirb222/src/crea_wordlist.c
x dirb222/src/dirb.c
x dirb222/src/dirb.h
x dirb222/src/estructuras.h
x dirb222/src/funciones.h
x dirb222/src/get_url.c
x dirb222/src/get_url.h
x dirb222/src/global.h
x dirb222/src/http_codes.h
x dirb222/src/lanza_ataque.c
x dirb222/src/Makefile.am
x dirb222/src/Makefile.in
x dirb222/src/options.c
x dirb222/src/resume.c
x dirb222/src/utils.c
x dirb222/src/variables.h
x dirb222/utils/
x dirb222/utils/clean_wordlist.sh
x dirb222/utils/dirb2html.pl
x dirb222/web2dic/
x dirb222/web2dic/html2dic.c
x dirb222/web2dic/Makefile.am
x dirb222/web2dic/Makefile.in
x dirb222/web2dic/web2dic.sh
x dirb222/win32/
x dirb222/win32/cygcrypto-0.9.8.dll
x dirb222/win32/cygcurl-4.dll
x dirb222/win32/cygssh2-1.dll
x dirb222/win32/cygssl-0.9.8.dll
x dirb222/win32/cygwin1.dll
x dirb222/win32/cygz.dll
x dirb222/wordlists/
x dirb222/wordlists/big.txt
x dirb222/wordlists/catala.txt
x dirb222/wordlists/common.txt
x dirb222/wordlists/euskera.txt
x dirb222/wordlists/extensions_common.txt
x dirb222/wordlists/indexes.txt
x dirb222/wordlists/mutations_common.txt
x dirb222/wordlists/others/
x dirb222/wordlists/others/best1050.txt
x dirb222/wordlists/others/best110.txt
x dirb222/wordlists/others/best15.txt
x dirb222/wordlists/others/names.txt
x dirb222/wordlists/small.txt
x dirb222/wordlists/spanish.txt
x dirb222/wordlists/stress/
x dirb222/wordlists/stress/alphanum_case.txt
x dirb222/wordlists/stress/alphanum_case_extra.txt
x dirb222/wordlists/stress/char.txt
x dirb222/wordlists/stress/doble_uri_hex.txt
x dirb222/wordlists/stress/test_ext.txt
x dirb222/wordlists/stress/unicode.txt
x dirb222/wordlists/stress/uri_hex.txt
x dirb222/wordlists/vulns/
x dirb222/wordlists/vulns/apache.txt
x dirb222/wordlists/vulns/axis.txt
x dirb222/wordlists/vulns/cgis.txt
x dirb222/wordlists/vulns/coldfusion.txt
x dirb222/wordlists/vulns/domino.txt
x dirb222/wordlists/vulns/fatwire.txt
x dirb222/wordlists/vulns/fatwire_pagenames.txt
x dirb222/wordlists/vulns/frontpage.txt
x dirb222/wordlists/vulns/hpsmh.txt
x dirb222/wordlists/vulns/hyperion.txt
x dirb222/wordlists/vulns/iis.txt
x dirb222/wordlists/vulns/iplanet.txt
x dirb222/wordlists/vulns/jboss.txt
x dirb222/wordlists/vulns/jersey.txt
x dirb222/wordlists/vulns/jrun.txt
x dirb222/wordlists/vulns/netware.txt
x dirb222/wordlists/vulns/oracle.txt
x dirb222/wordlists/vulns/ror.txt
x dirb222/wordlists/vulns/sap.txt
x dirb222/wordlists/vulns/sharepoint.txt
x dirb222/wordlists/vulns/sunas.txt
x dirb222/wordlists/vulns/tests.txt
x dirb222/wordlists/vulns/tomcat.txt
x dirb222/wordlists/vulns/vignette.txt
x dirb222/wordlists/vulns/weblogic.txt
x dirb222/wordlists/vulns/websphere.txt
$
- 権限付与.
$ chmod 766 dirb222🆑
$ cd dirb222🆑
$ find . -type d -exec chmod 766 {} \;🆑
$ chmod +x configure🆑
$
ビルドする
- configureを実行.
$ ./configure🆑
checking for a BSD-compatible install... /usr/local/opt/coreutils/libexec/gnubin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... no
checking for awk... awk
checking whether make sets $(MAKE)... yes
checking for libcurl >= 7.10.1... 8.6.0
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking dependency style of gcc... gcc3
checking for curl_easy_init in -lcurl... yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating gendict_src/Makefile
config.status: creating web2dic/Makefile
config.status: creating config.h
config.status: executing depfiles commands
DIRB 2.22 build configuration.
Now you must execute: "make"
$
- 特に問題なさそう.
- makeする.
$ make🆑
/Library/Developer/CommandLineTools/usr/bin/make all-recursive
Making all in src
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT crea_wordlist.o -MD -MP -MF ".deps/crea_wordlist.Tpo" -c -o
crea_wordlist.o crea_wordlist.c; \
then mv -f ".deps/crea_wordlist.Tpo"
".deps/crea_wordlist.Po"; else rm -f ".deps/crea_wordlist.Tpo"; exit 1;
fi
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT dirb.o -MD -MP -MF ".deps/dirb.Tpo" -c -o dirb.o dirb.c; \
then mv -f ".deps/dirb.Tpo" ".deps/dirb.Po"; else rm -f ".deps/dirb.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT get_url.o -MD -MP -MF ".deps/get_url.Tpo" -c -o get_url.o
get_url.c; \
then mv -f ".deps/get_url.Tpo" ".deps/get_url.Po"; else rm -f ".deps/get_url.Tpo"; exit 1; fi
get_url.c:222:90: warning: illegal character encoding in string literal [-Winvalid-source-encoding]
if(strstr(ptr, "Parent Directory")!=0 || strstr(ptr,
"Up To ")!=0 || strstr(ptr, "Atr<E1>s A ")!=0 || strstr(ptr, "Al
directorio pri")!=0 || strstr(ptr, "Directory Listing For")!=0) {
^~~~
1 warning generated.
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT lanza_ataque.o -MD -MP -MF ".deps/lanza_ataque.Tpo" -c -o
lanza_ataque.o lanza_ataque.c; \
then mv -f ".deps/lanza_ataque.Tpo" ".deps/lanza_ataque.Po"; else rm -f ".deps/lanza_ataque.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT calculanec.o -MD -MP -MF ".deps/calculanec.Tpo" -c -o
calculanec.o calculanec.c; \
then mv -f ".deps/calculanec.Tpo" ".deps/calculanec.Po"; else rm -f ".deps/calculanec.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT utils.o -MD -MP -MF ".deps/utils.Tpo" -c -o utils.o utils.c; \
then mv -f ".deps/utils.Tpo" ".deps/utils.Po"; else rm -f ".deps/utils.Tpo"; exit 1; fi
utils.c:158:72: warning: format specifies type 'int' but the argument has type 'unsigned long' [-Wformat]
if(options.debuging>4) printf("[++++] location_cmp() A[%d]: '%s'\n", strlen(A), uri_decode(A));
~~
^~~~~~~~~
%lu
utils.c:169:72: warning: format specifies type 'int' but the argument has type 'unsigned long' [-Wformat]
if(options.debuging>4) printf("[++++] location_cmp() B[%d]: '%s'\n", strlen(B), uri_decode(B));
~~
^~~~~~~~~
%lu
utils.c:173:84: warning: format specifies type 'int' but the argument has type 'unsigned long' [-Wformat]
if(options.debuging>4) printf("[++++] location_cmp() RESULT:
%d (%d)\n", result, strlen(A)>strlen(B) ? strlen(A) : strlen(B));
~~
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
3 warnings generated.
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT options.o -MD -MP -MF ".deps/options.Tpo" -c -o options.o
options.c; \
then mv -f ".deps/options.Tpo" ".deps/options.Po"; else rm -f ".deps/options.Tpo"; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I..
-I/usr/local/Cellar/curl/8.6.0/include -Wall -g
-O2 -MT resume.o -MD -MP -MF ".deps/resume.Tpo" -c -o resume.o resume.c;
\
then mv -f ".deps/resume.Tpo" ".deps/resume.Po"; else rm -f ".deps/resume.Tpo"; exit 1; fi
gcc -Wall -g -O2 -o dirb
-L/usr/local/Cellar/curl/8.6.0/lib -lcurl crea_wordlist.o dirb.o
get_url.o lanza_ataque.o calculanec.o utils.o options.o resume.o
-lcurl
cp dirb ../
Making all in gendict_src
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -Wall -g -g
-O2 -MT gendict.o -MD -MP -MF ".deps/gendict.Tpo" -c -o gendict.o
gendict.c; \
then mv -f ".deps/gendict.Tpo" ".deps/gendict.Po"; else rm -f ".deps/gendict.Tpo"; exit 1; fi
gcc -Wall -g -g -O2 -o gendict gendict.o -lcurl
cp gendict ../
Making all in web2dic
if gcc -DHAVE_CONFIG_H -I. -I. -I.. -Wall -g -g
-O2 -MT html2dic.o -MD -MP -MF ".deps/html2dic.Tpo" -c -o html2dic.o
html2dic.c; \
then mv -f ".deps/html2dic.Tpo" ".deps/html2dic.Po"; else rm -f ".deps/html2dic.Tpo"; exit 1; fi
html2dic.c:25:80: warning: illegal character encoding in string literal [-Winvalid-source-encoding]
char
word[]="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_<F1><E1><E9><ED><F3><FA><C1><C9><CD><D3><DA><E0><E8><EC><F2><F9><C0><C8><CC><D2><D9>";
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
html2dic.c:79:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "ñ")==0) putchar('<F1>');
^
html2dic.c:80:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "á")==0) putchar('<E1>');
^
html2dic.c:81:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "é")==0) putchar('<E9>');
^
html2dic.c:82:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "í")==0) putchar('<ED>');
^
html2dic.c:83:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "ó")==0) putchar('<F3>');
^
html2dic.c:84:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "ú")==0) putchar('<FA>');
^
html2dic.c:85:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "Á")==0) putchar('<C1>');
^
html2dic.c:86:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "É")==0) putchar('<C9>');
^
html2dic.c:87:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "Í")==0) putchar('<CD>');
^
html2dic.c:88:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "Ó")==0) putchar('<D3>');
^
html2dic.c:89:46: warning: illegal character encoding in character literal [-Winvalid-source-encoding]
if(strcmp(buffer, "Ú")==0) putchar('<DA>');
^
12 warnings generated.
gcc -Wall -g -g -O2 -o html2dic html2dic.o -lcurl
make[2]: Nothing to be done for `all-am'.
$
- warningがいくつか出ているがエラーではないのでよしとしよう.
- インストールの実行.
$ make install🆑
Making install in src
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/usr/local/opt/coreutils/libexec/gnubin/install -c 'dirb' '/usr/local/bin/dirb'🈁
make[2]: Nothing to be done for `install-data-am'.
Making install in gendict_src
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/usr/local/opt/coreutils/libexec/gnubin/install -c 'gendict' '/usr/local/bin/gendict'
make[2]: Nothing to be done for `install-data-am'.
Making install in web2dic
test -z "/usr/local/bin" || mkdir -p -- "/usr/local/bin"
/usr/local/opt/coreutils/libexec/gnubin/install -c 'html2dic' '/usr/local/bin/html2dic'
make[2]: Nothing to be done for `install-data-am'.
make[2]: Nothing to be done for `install-exec-am'.
test -z "/usr/local/share/man/man1" || mkdir -p -- "/usr/local/share/man/man1"
/usr/local/opt/coreutils/libexec/gnubin/install -c -m 644 './dirb.1' '/usr/local/share/man/man1/dirb.1'
$
- インストールしたdirbを確認.
$ which dirb🆑
/usr/local/bin/dirb
$ ls -la /usr/local/bin/dirb🆑
-rwxr-xr-x 1 ujpadmin admin 92056 2 29 00:37 /usr/local/bin/dirb
$
- インストール完了.
dirbを使ってみる
- コマンドパラメータを確認.
$ dirb🆑
-----------------
DIRB v2.22
By The Dark Raver
-----------------
./dirb <url_base> [<wordlist_file(s)>] [options]
========================= NOTES =========================
<url_base> : Base URL to scan. (Use -resume for session resuming)
<wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)
======================== HOTKEYS ========================
'n' -> Go to next directory.
'q' -> Stop scan. (Saving state for resume)
'r' -> Remaining scan stats.
======================== OPTIONS ========================
-a <agent_string> : Specify your custom USER_AGENT.
-c <cookie_string> : Set a cookie for the HTTP request.
-f : Fine tunning of NOT_FOUND (404) detection.
-H <header_string> : Add a custom header to the HTTP request.
-i : Use case-insensitive search.
-l : Print "Location" header when found.
-N <nf_code>: Ignore responses with this HTTP code.
-o <output_file> : Save output to disk.
-p <proxy[:port]> : Use this proxy. (Default port is 1080)
-P <proxy_username:proxy_password> : Proxy Authentication.
-r : Don't search recursively.
-R : Interactive recursion. (Asks for each directory)
-S : Silent Mode. Don't show tested words. (For dumb terminals)
-t : Don't force an ending '/' on URLs.
-u <username:password> : HTTP Authentication.
-v : Show also NOT_FOUND pages.
-w : Don't stop on WARNING messages.
-X <extensions> / -x <exts_file> : Append each word with this extensions.
-z <milisecs> : Add a miliseconds delay to not cause excessive Flood.
======================== EXAMPLES =======================
./dirb http://url/directory/ (Simple Test)
./dirb http://url/ -X .html (Test files with '.html' extension)
./dirb http://url/ /usr/share/dirb/wordlists/vulns/apache.txt (Test with apache.txt wordlist)
./dirb https://secure_url/ (Simple Test with SSL)
$
ワードリストの確認
- dirbは辞書ベースで稼働するので,どの辞書を使うか指定できる.
- 辞書はwordlistsディレクトリに用意されている.
- 何があるか確認.
$ ls -la ./wordlists/🆑
total 248
drwxrw-rw- 14 ujpadmin staff 448 11 19 2014 .
drwxrw-rw- 32 ujpadmin staff 1024 2 29 00:41 ..
-rw-r--r-- 1 ujpadmin staff 184073 1 25 2012 big.txt
-rw-r--r-- 1 ujpadmin staff 1292 1 27 2012 catala.txt
-rw-r--r-- 1 ujpadmin staff 35849 11 17 2014 common.txt
-rw-r--r-- 1 ujpadmin staff 1492 5 23 2012 euskera.txt
-rw-r--r-- 1 ujpadmin staff 142 12 30 2005 extensions_common.txt
-rw-r--r-- 1 ujpadmin staff 75 3 16 2012 indexes.txt
-rw-r--r-- 1 ujpadmin staff 244 12 30 2005 mutations_common.txt
drwxrw-rw- 6 ujpadmin staff 192 11 19 2014 others
-rw-r--r-- 1 ujpadmin staff 6561 3 5 2014 small.txt
-rw-r--r-- 1 ujpadmin staff 3731 11 13 2014 spanish.txt
drwxrw-rw- 9 ujpadmin staff 288 11 19 2014 stress
drwxrw-rw- 28 ujpadmin staff 896 11 19 2014 vulns
$
- どの程度の量があるか確認.
$ wc -l ./wordlists/big.txt🆑
20469 ./wordlists/big.txt
$ wc -l ./wordlists/common.txt🆑
4614 ./wordlists/common.txt
$ wc -l ./wordlists/small.txt🆑
959 ./wordlists/small.txt
$
small.txtのリストの一部を確認.
$ head -n 20 ./wordlists/small.txt🆑
0
00
01
02
03
1
10
100
1000
123
2
20
200
2000
2001
2002
2003
2004
2005
3
$ tail -n 20 ./wordlists/small.txt🆑
zap
zip
zipfiles
zips
~adm
~admin
~administrator
~bin
~ftp
~guest
~mail
~operator
~root
~sys
~sysadm
~sysadmin
~test
~user
~webmaster
~www
$
- その他の辞書ファイルを確認.
$ ls -la ./wordlists/stress/🆑
total 624
drwxrw-rw- 9 ujpadmin staff 288 11 19 2014 .
drwxrw-rw- 14 ujpadmin staff 448 11 19 2014 ..
-rw-r--r-- 1 ujpadmin staff 124 4 6 2006 alphanum_case.txt
-rw-r--r-- 1 ujpadmin staff 189 4 6 2006 alphanum_case_extra.txt
-rw-r--r-- 1 ujpadmin staff 52 4 6 2006 char.txt
-rw-r--r-- 1 ujpadmin staff 1536 6 30 2005 doble_uri_hex.txt
-rw-r--r-- 1 ujpadmin staff 158184 12 24 2004 test_ext.txt
-rw-r--r-- 1 ujpadmin staff 458752 5 3 2007 unicode.txt
-rw-r--r-- 1 ujpadmin staff 1024 7 24 2006 uri_hex.txt
[MacPro2013:ujpadmin 01:23:31 ~/bin/dirb/dirb222 ]
$ ls -la ./wordlists/vulns/🆑
total 492
drwxrw-rw- 28 ujpadmin staff 896 11 19 2014 .
drwxrw-rw- 14 ujpadmin staff 448 11 19 2014 ..
-rw-r--r-- 1 ujpadmin staff 230 6 30 2004 apache.txt
-rw-r--r-- 1 ujpadmin staff 259 12 30 2011 axis.txt
-rw-r--r-- 1 ujpadmin staff 122829 8 31 2007 cgis.txt
-rw-r--r-- 1 ujpadmin staff 706 6 7 2005 coldfusion.txt
-rw-r--r-- 1 ujpadmin staff 4648 10 26 2011 domino.txt
-rw-r--r-- 1 ujpadmin staff 1869 5 18 2011 fatwire.txt
-rw-r--r-- 1 ujpadmin staff 135331 5 30 2013 fatwire_pagenames.txt
-rw-r--r-- 1 ujpadmin staff 523 4 8 2010 frontpage.txt
-rw-r--r-- 1 ujpadmin staff 3896 3 16 2012 hpsmh.txt
-rw-r--r-- 1 ujpadmin staff 20644 5 14 2009 hyperion.txt
-rw-r--r-- 1 ujpadmin staff 485 6 1 2004 iis.txt
-rw-r--r-- 1 ujpadmin staff 365 5 24 2004 iplanet.txt
-rw-r--r-- 1 ujpadmin staff 395 10 10 2013 jboss.txt
-rw-r--r-- 1 ujpadmin staff 2148 4 29 2013 jersey.txt
-rw-r--r-- 1 ujpadmin staff 306 6 7 2005 jrun.txt
-rw-r--r-- 1 ujpadmin staff 465 11 9 2008 netware.txt
-rw-r--r-- 1 ujpadmin staff 29182 9 21 2013 oracle.txt
-rw-r--r-- 1 ujpadmin staff 2442 6 29 2012 ror.txt
-rw-r--r-- 1 ujpadmin staff 33300 10 1 2013 sap.txt
-rw-r--r-- 1 ujpadmin staff 44075 9 15 2011 sharepoint.txt
-rw-r--r-- 1 ujpadmin staff 970 9 8 2004 sunas.txt
-rw-r--r-- 1 ujpadmin staff 220 10 19 2003 tests.txt
-rw-r--r-- 1 ujpadmin staff 2474 2 2 2012 tomcat.txt
-rw-r--r-- 1 ujpadmin staff 536 2 7 2007 vignette.txt
-rw-r--r-- 1 ujpadmin staff 7117 8 27 2013 weblogic.txt
-rw-r--r-- 1 ujpadmin staff 12564 6 27 2013 websphere.txt
$ ls -la ./wordlists/others/🆑
total 80
drwxrw-rw- 6 ujpadmin staff 192 11 19 2014 .
drwxrw-rw- 14 ujpadmin staff 448 11 19 2014 ..
-rw-r--r-- 1 ujpadmin staff 9030 4 8 2010 best1050.txt
-rw-r--r-- 1 ujpadmin staff 959 4 1 2010 best110.txt
-rw-r--r-- 1 ujpadmin staff 124 4 1 2010 best15.txt
-rw-r--r-- 1 ujpadmin staff 60266 10 19 2003 names.txt
$
- 代表的なWebサーバのプロダクトのリストもあるので,ターゲットが何を使っているか予測することもできるかもしれない.
スキャンしてみる
- dirbコマンドを使って実際のスキャンを実行してみる.
- なおこれはブルートフォースアタックになるので,自分の管理下にあるWebサイト以外に対して行わないこと.
$ dirb http://www.example.jp:80 ./wordlists/common.txt🆑
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Thu Feb 29 00:42:06 2024
URL_BASE: http://www.
example
.jp:80/
WORDLIST_FILES: ./wordlists/common.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://www.
example
.jp:80/ ----
+ http://www.
example
.jp:80/ads (CODE:200|SIZE:59)
+ http://www.
example
.jp:80/display (CODE:200|SIZE:421)
+ http://www.
example
.jp:80/index (CODE:200|SIZE:1803)
+ http://www.
example
.jp:80/index.php (CODE:200|SIZE:1803)
+ http://www.
example
.jp:80/login (CODE:200|SIZE:715)
-----------------
END_TIME: Thu Feb 29 00:42:19 2024
DOWNLOADED: 4612 - FOUND: 5
$
- 今回はシンプルなサイトにしたが5つのファイルが見つかった模様.
- この場合loginページはリンクをつけてないので,探査によって発見できたといえる.