an async webpath scanner based on asyhttp.
To install simply cone the repository and install the requirements.
$ git clone [email protected]:pyno/dirfy.git
$ cd dirfy
$ pip3 install -r dependencies.txtSimple usage:
$ python3 dirfy.py -u http://url.to.testget help:
$ python3 dirfy.py -hMain features of dirfy:
- cmdline
- Asynchronous HTTP(S)
- Proxy support (-p)
- Extensions search (-e)
- Configurable path dictionary (-d)
- Configurable speed (-c)
- Configurable redirection behaviour (-r)
- Support for false positives detection (-f)
- Request logging (-n to disalbe)
- Custom headers (-H)
Some typicall advanced usages includes the false positives exclusions. Dirfy detects the presence of a page by looking at the HTTP return code: 200 means we found something. Oftentimes, especially when following redirects, this leads to false positives:
HTTP/1.1 200 OK
Content-Length: 57
Content-Type: text/html
Connection: Closed
<html>
<body>
Resource not found
</body>
</hmtml>HTTP/1.1 200 OK
Content-Length: 57
Content-Type: text/html
Connection: Closed
<html>
<body>
Please log-in
...
</body>
</hmtml>To exclude such responses from results, just include in the file false_pos.txt
Resource not found
Please log-in
and invoke dirfy as follow:
$ python3 dirfy.py -u http://url.to.test -f false_pos.txtNote that each line of the file is treated as an indicator of a false positive.
Dirfy logs each request made in a file named log.txt. To disable logging, just run it with -n option.