// *=========================================================================
// * Intro 扫描网站敏感目录的js脚本 // * Usage 把本脚本wwwcan.js、字典文件Dictionary.txt放在同一目录下 // 在命令提示符下输入:Cscript.exe wwwcan.js www.baidu.com // 扫描结果保存在同目录下的Result.txt文件中 // * Author 雨中风铃 // * WEB http://hi.baidu.com/yanfei6 // *========================================================================= function getResponse(strURL) { var strResult; try { var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1"); WinHttpReq.SetTimeouts(30000, 30000, 30000, 30000); WinHttpReq.Open("GET", strURL, false); WinHttpReq.Send(); strResult = strURL + " -> " strResult += WinHttpReq.Status + " " + WinHttpReq.StatusText; } catch (objError) { strResult = objError.description; } WScript.Echo(strResult); if (WinHttpReq.Status != 404) SaveResult(strResult); } function ScanPath(strURL) { var ForReading = 1; var fso = new ActiveXObject("Scripting.FileSystemObject"); var filename = "Dictionary.txt"; var f = fso.OpenTextFile(filename, ForReading); while (!f.AtEndOfStream) { var r = f.ReadLine().replace(/^\s+|\s+$/g,""); if (r.length == 0 ) continue; getResponse(strURL + r); } f.Close(); } function SaveResult(strURL) { var ForAppending = 8; var fso = new ActiveXObject("Scripting.FileSystemObject"); var filename = "Result.txt"; var f = fso.OpenTextFile(filename, ForAppending, true); f.WriteLine(strURL); f.Close(); } function CheckInput() { var strURL; objArgs = WScript.Arguments; if (objArgs.length != 1) WScript.Quit(1); strURL = objArgs(0); if (strURL.substr(0, 7).toLowerCase() != "http://") { strURL = "http://" + strURL; } if (strURL.charAt(strURL.length-1) != "/") { strURL = strURL + "/"; } return strURL; } var strURL = CheckInput(); ScanPath(strURL); ---------------------------------------代码完毕,以下是收集的字典文件Dictionary.txt(来自南非教主)----------------------------------- admin.asp adminlogin.asp admin_index.asp admin_left.asp admin_login.asp admin_main.asp adminup.asp admin_up.asp admin_upload.asp admin_upfile.asp admin_uploads.asp admin_upfiles.asp ad_login.asp ad_admin.asp ad_upload.asp ad_upfile.asp addpic.asp addimg.asp add_img.asp add_form.asp add_pic.asp user.asp userlogin.asp user_index.asp user_left.asp user_login.asp user_main.asp userup.asp user_up.asp user_upload.asp user_upfile.asp user_uploads.asp user_upfiles.asp backup.asp backupdb.asp conn.asp config.asp dir.asp install.asp login.asp login1.asp logon.asp main.asp manage.asp photomanager.asp?pictype=images/photo pic_upload.asp setup.asp Neeao_sql_user.asp tool.asp tools.asp upimage.asp upimg.asp upimgs.asp upimages.asp upload.asp uploada.asp uploadfile.asp upload1.asp uploadface.asp upload_dialog.asp upload_file.asp upload_face.asp upload_flash.asp upload_form.asp upload_other.asp upload_class.asp upload_photo.asp upload_photos.asp upload_pic.asp upload_Product.asp upload_soft.asp upload_files.asp uploadpic.asp upfile.asp upfilea.asp upfile1.asp upfile2.asp upfiles.asp Upfile_pic.asp?mytype=tour upfile_other.asp upfile_photo.asp upfile_soft.asp upfile_flash.asp upfile_dialog.asp upfile_softpic.asp up.asp ups.asp up1.asp upme.asp 1.asp 2.asp 11.asp diy.asp diy1.asp data.mdb %23data.mdb www.rar web.rar wwwroot.rar user.rar include.rar inc.rar new.rar news.rar 新建 文本文档.txt 用户密码.txt 密码.txt 帐号密码.txt 使用说明.txt 说明.txt 使用手册.txt 程序说明.txt 系统说明.txt 程序说明.txt 安装说明.txt 安装必读.txt 安装手册.txt 管理员.txt 管理.txt 1.txt 2.txt 123.txt 11.txt robots.txt 新建 Microsoft Word 文档.doc 使用说明.doc 说明.doc 使用手册.doc 程序说明.doc 系统说明.doc 程序说明.doc 安装说明.doc 安装必读.doc 安装手册.doc admin admin1 admin2 admin123 admins admin888 adm administrator administrators adminusers asp Backup Back Bak boss CN Chinese CuteSoft_Client cuteeditor Data databackup databack database datas db dbbackup dbback dbbak EN English eweb eWebEditor eWebEdit Editor Edit FCKEditor guanli Houtai htadmin htguali houtaiguanli HTML HTMLEdit HTMLEditor INC Include Login Logins Logon Main Manage Manager Management Manages Member Master Masters Nadmin NEW NEWS NEWSadmin NEWadmin southidceditor southeditor southedit System sysadm SYSadmin Sys_admin szwyadmin Temp TextEditor Up upfile upfiles Upload uploads User Users userfiles WEB web_admin web_manage WebEdit WebEditor WebMaster Webadmin Webadmins webdata web_data WebManage WebManages WebLogin WWW
查看更多关于扫描网站敏感目录的js脚本 - 网站安全 - 自学ph的详细内容...