[BUUCTF][极客大挑战 2019]PHP

备份

根据提示应该就是网站备份文件能被爆破出来

随手写了个爆破脚本,基于御剑字典,只供学习使用

import random
import requests
import time
from multiprocessing import Pool


def multiScan(target, file_name, pool_num, delay):
    local_pool = Pool(pool_num)
    dirs = get_path_dict(file_name)
    # for dir in dirs:
    #     scan(target, dir, delay)
    for dir in dirs:
        local_pool.apply_async(scan, args=(target, dir, delay))
    local_pool.close()
    local_pool.join()


def get_path_dict(file_name) -> dict:
    dir_dict = []
    with open(file_name, encoding="UTF-8") as f:
        for line in f.readlines():
            dir_dict.append(line.strip())
    print(file_name)
    return dir_dict


def scan(target, dir, delay) -> str:
    if 'http://' and 'https://' not in target:
        host = f"http://{
     target}{
     dir}"
    else:
        host = f"{
     target}{
     dir}"

    r = requests.g