{"id":13815278,"url":"https://github.com/H4ckForJob/dirmap","last_synced_at":"2025-05-15T07:32:19.148Z","repository":{"id":37470946,"uuid":"180784386","full_name":"H4ckForJob/dirmap","owner":"H4ckForJob","description":"An advanced web directory \u0026 file scanning tool that will be more powerful than DirBuster, Dirsearch, cansina, and Yu Jian.一个高级web目录、文件扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑。","archived":false,"fork":false,"pushed_at":"2024-10-24T03:50:40.000Z","size":1493,"stargazers_count":3267,"open_issues_count":42,"forks_count":556,"subscribers_count":50,"default_branch":"master","last_synced_at":"2025-05-14T00:57:46.749Z","etag":null,"topics":["dirscanner","pentest-tool","scanner","scanner-web"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/H4ckForJob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-11T12:10:16.000Z","updated_at":"2025-05-13T07:15:07.000Z","dependencies_parsed_at":"2024-01-14T18:19:57.656Z","dependency_job_id":"442a5af6-8517-4bc7-b26e-bc4596e843e4","html_url":"https://github.com/H4ckForJob/dirmap","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/H4ckForJob%2Fdirmap","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/H4ckForJob%2Fdirmap/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/H4ckForJob%2Fdirmap/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/H4ckForJob%2Fdirmap/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/H4ckForJob","download_url":"https://codeload.github.com/H4ckForJob/dirmap/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254296033,"owners_count":22047188,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dirscanner","pentest-tool","scanner","scanner-web"],"created_at":"2024-08-04T04:03:14.808Z","updated_at":"2025-05-15T07:32:19.075Z","avatar_url":"https://github.com/H4ckForJob.png","language":"Python","funding_links":[],"categories":["Python","扫描器、资产收集、子域名","Python (1887)","3. Common Tools"],"sub_categories":["网络服务_其他"],"readme":"\u003c!--\n * @Author: xxlin\n * @Date: 2019-04-11 20:34:14\n * @LastEditors: ttttmr\n * @LastEditTime: 2019-06-03 23:49:33\n --\u003e\n# Dirmap\n\n[English](./README_EN.md)\n\n一个高级web目录扫描工具，功能将会强于DirBuster、Dirsearch、cansina、御剑\n\n![dirmap](doc/dirmap.png)\n\n# 需求分析\n\n经过大量调研，总结一个优秀的web目录扫描工具至少具备以下功能：\n\n- 并发引擎\n- 能使用字典\n- 能纯爆破\n- 能爬取页面动态生成字典\n- 能fuzz扫描\n- 自定义请求\n- 自定义响应结果处理...\n\n那么接下来看看Dirmap的**特点**吧\n\n# 功能特点\n\n1. 支持n个target\\*n个payload并发\n2. 支持递归扫描\n3. 支持自定义需要递归扫描的状态码\n4. 支持(单|多)字典扫描\n5. 支持自定义字符集爆破\n6. 支持爬虫动态字典扫描\n7. 支持自定义标签fuzz目标url\n8. 自定义请求User-Agent\n9. 自定义请求随机延时\n10. 自定义请求超时时间\n11. 自定义请求代理\n12. 自定义正则表达式匹配假性404页面\n13. 自定义要处理的响应状态码\n14. 自定义跳过大小为x的页面\n15. 自定义显示content-type\n16. 自定义显示页面大小\n17. 按域名去重复保存结果\n\n# 使用方法\n\n## 环境准备\n\n```shell\ngit clone https://github.com/H4ckForJob/dirmap.git \u0026\u0026 cd dirmap \u0026\u0026 python3 -m pip install -r requirement.txt\n```\n\n## 快速使用\n\n### 输入目标\n\n单目标，默认为http\n\n```shell\npython3 dirmap.py -i https://target.com -lcf\n```\n\n```shell\npython3 dirmap.py -i 192.168.1.1 -lcf\n```\n\n子网（CIDR格式）\n\n```shell\npython3 dirmap.py -i 192.168.1.0/24 -lcf\n```\n\n网络范围\n\n```shell\npython3 dirmap.py -i 192.168.1.1-192.168.1.100 -lcf\n```\n\n### 文件读取\n\n```shell\npython3 dirmap.py -iF targets.txt -lcf\n```\n\n`targets.txt`中支持上述格式\n\n### 结果保存\n\n1. 结果将自动保存在项目根目录下的`output`文件夹中\n2. 每一个目标生成一个txt，命名格式为`目标域名.txt`\n3. 结果自动去重复，不用担心产生大量冗余\n\n## 高级使用\n\n自定义dirmap配置，开始探索dirmap高级功能\n\n暂时采用加载配置文件的方式进行详细配置，**不支持使用命令行参数进行详细配置**！\n\n编辑项目根目录下的`dirmap.conf`，进行配置\n\n`dirmap.conf`配置详解\n\n```\n#递归扫描处理配置\n[RecursiveScan]\n#是否开启递归扫描:关闭:0;开启:1\nconf.recursive_scan = 0\n#遇到这些状态码，开启递归扫描。默认配置[301,403]\nconf.recursive_status_code = [301,403]\n#URL超过这个长度就退出扫描\nconf.recursive_scan_max_url_length = 60\n#这些后缀名不递归扫\nconf.recursive_blacklist_exts = [\"html\",'htm','shtml','png','jpg','webp','bmp','js','css','pdf','ini','mp3','mp4']\n#设置排除扫描的目录。默认配置空。其他配置：e.g:['/test1','/test2']\n#conf.exclude_subdirs = ['/test1','/test2']\nconf.exclude_subdirs = \"\"\n\n#扫描模式处理配置(4个模式，1次只能选择1个)\n[ScanModeHandler]\n#字典模式:关闭:0;单字典:1;多字典:2\nconf.dict_mode = 1\n#单字典模式的路径\nconf.dict_mode_load_single_dict = \"dict_mode_dict.txt\"\n#多字典模式的路径，默认配置dictmult\nconf.dict_mode_load_mult_dict = \"dictmult\"\n#爆破模式:关闭:0;开启:1\nconf.blast_mode = 0\n#生成字典最小长度。默认配置3\nconf.blast_mode_min = 3\n#生成字典最大长度。默认配置3\nconf.blast_mode_max = 3\n#默认字符集:a-z。暂未使用。\nconf.blast_mode_az = \"abcdefghijklmnopqrstuvwxyz\"\n#默认字符集:0-9。暂未使用。\nconf.blast_mode_num = \"0123456789\"\n#自定义字符集。默认配置\"abc\"。使用abc构造字典\nconf.blast_mode_custom_charset = \"abc\"\n#自定义继续字符集。默认配置空。\nconf.blast_mode_resume_charset = \"\"\n#爬虫模式:关闭:0;开启:1\nconf.crawl_mode = 0\n#用于生成动态敏感文件payload的后缀字典\nconf.crawl_mode_dynamic_fuzz_suffix = \"crawl_mode_suffix.txt\"\n#解析robots.txt文件。暂未实现。\nconf.crawl_mode_parse_robots = 0\n#解析html页面的xpath表达式\nconf.crawl_mode_parse_html = \"//*/@href | //*/@src | //form/@action\"\n#是否进行动态爬虫字典生成。默认配置1，开启爬虫动态字典生成。其他配置：e.g:关闭:0;开启:1\nconf.crawl_mode_dynamic_fuzz = 1\n#Fuzz模式:关闭:0;单字典:1;多字典:2\nconf.fuzz_mode = 0\n#单字典模式的路径。\nconf.fuzz_mode_load_single_dict = \"fuzz_mode_dir.txt\"\n#多字典模式的路径。默认配置:fuzzmult\nconf.fuzz_mode_load_mult_dict = \"fuzzmult\"\n#设置fuzz标签。默认配置{dir}。使用{dir}标签当成字典插入点，将http://target.com/{dir}.php替换成http://target.com/字典中的每一行.php。其他配置：e.g:{dir};{ext}\n#conf.fuzz_mode_label = \"{ext}\"\nconf.fuzz_mode_label = \"{dir}\"\n\n#处理payload配置。暂未实现。\n[PayloadHandler]\n\n#处理请求配置\n[RequestHandler]\n#自定义请求头。默认配置空。其他配置：e.g:test1=test1,test2=test2\n#conf.request_headers = \"test1=test1,test2=test2\"\nconf.request_headers = \"\"\n#自定义请求User-Agent。默认配置chrome的ua。\nconf.request_header_ua = \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36\"\n#自定义请求cookie。默认配置空，不设置cookie。其他配置e.g:cookie1=cookie1; cookie2=cookie2;\n#conf.request_header_cookie = \"cookie1=cookie1; cookie2=cookie2\"\nconf.request_header_cookie = \"\"\n#自定义401认证。暂未实现。因为自定义请求头功能可满足该需求(懒XD)\nconf.request_header_401_auth = \"\"\n#自定义请求方法。默认配置get方法。其他配置：e.g:get;head\n#conf.request_method = \"head\"\nconf.request_method = \"get\"\n#自定义每个请求超时时间。默认配置3秒。\nconf.request_timeout = 3\n#随机延迟(0-x)秒发送请求。参数必须是整数。默认配置0秒，无延迟。\nconf.request_delay = 0\n#自定义单个目标，请求协程线程数。默认配置30线程\nconf.request_limit = 30\n#自定义最大重试次数。暂未实现。\nconf.request_max_retries = 1\n#设置持久连接。是否使用session()。暂未实现。\nconf.request_persistent_connect = 0\n#302重定向。默认False，不重定向。其他配置：e.g:True;False\nconf.redirection_302 = False\n#payload后添加后缀。默认空，扫描时，不添加后缀。其他配置：e.g:txt;php;asp;jsp\n#conf.file_extension = \"txt\"\nconf.file_extension = \"\"\n\n#处理响应配置\n[ResponseHandler]\n#设置要记录的响应状态。默认配置[200]，记录200状态码。其他配置：e.g:[200,403,301]\n#conf.response_status_code = [200,403,301]\nconf.response_status_code = [200]\n#是否记录content-type响应头。默认配置1记录\n#conf.response_header_content_type = 0\nconf.response_header_content_type = 1\n#是否记录页面大小。默认配置1记录\n#conf.response_size = 0\nconf.response_size = 1\n#是否自动检测404页面。默认配置True，开启自动检测404.其他配置参考e.g:True;False\n#conf.auto_check_404_page = False\nconf.auto_check_404_page = True\n#自定义匹配503页面正则。暂未实现。感觉用不着，可能要废弃。\n#conf.custom_503_page = \"page 503\"\nconf.custom_503_page = \"\"\n#自定义正则表达式，匹配页面内容\n#conf.custom_response_page = \"([0-9]){3}([a-z]){3}test\"\nconf.custom_response_page = \"\"\n#跳过显示页面大小为x的页面，若不设置，请配置成\"None\"，默认配置“None”。其他大小配置参考e.g:None;0b;1k;1m\n#conf.skip_size = \"0b\"\nconf.skip_size = \"None\"\n\n#代理选项\n[ProxyHandler]\n#代理配置。默认设置“None”，不开启代理。其他配置e.g:{\"http\":\"http://127.0.0.1:8080\",\"https\":\"https://127.0.0.1:8080\"}\n#conf.proxy_server = {\"http\":\"http://127.0.0.1:8080\",\"https\":\"https://127.0.0.1:8080\"}\nconf.proxy_server = None\n\n#Debug选项\n[DebugMode]\n#打印payloads并退出\nconf.debug = 0\n\n#update选项\n[CheckUpdate]\n#github获取更新。暂未实现。\nconf.update = 0\n```\n\n# TODO\n\n- [x] 命令行参数解析全局初始化\n- [x] engine初始化\n  - [x] 设置线程数\n- [x] target初始化\n  - [x] 自动解析处理输入格式( -i,inputTarget)\n    - [x] IP\n    - [x] Domain\n    - [x] URL\n    - [x] IP/MASK\n    - [x] IP Start-End\n  - [x] 文件读入(-iF,inputLocalFile)\n- [ ] bruter初始化\n  - [ ] 加载配置方式()\n    - [ ] 读取命令行参数值\n    - [x] 读取配置文件(-lcf,loadConfigFile)\n  - [x] 递归模式选项(RecursiveScan)\n    - [x] 递归扫描(-rs,recursive_scan)\n    - [x] 需要递归的状态码(-rd,recursive_status_code)\n    - [x] 排除某些目录(-es,exclude_subdirs)\n  - [ ] 扫描模式选项(ScanModeHandler)\n    - [x] 字典模式(-dm,dict_mode)\n      - [x] 加载单个字典(-dmlsd,dict_mode_load_single_dict)\n      - [x] 加载多个字典(-dmlmd,dict_mode_load_mult_dict)\n    - [ ] 爆破模式(-bm,blast_mode)\n      - [x] 爆破目录长度范围(必选)\n        - [x] 最小长度(-bmmin,blast_mode_min)\n        - [x] 最大长度(-bmmax,blast_mode_max)\n      - [ ] 基于默认字符集\n        - [ ] 基于a-z\n        - [ ] 基于0-9\n      - [x] 基于自定义字符集(-bmcc,blast_mode_custom_charset)\n      - [x] 断点续生成payload(-bmrc,blast_mode_resume_charset)\n    - [ ] 爬虫模式(-cm,crawl_mode)\n      - [x] 自定义解析标签(-cmph,crawl_mode_parse_html)(a:href,img:src,form:action,script:src,iframe:src,div:src,frame:src,embed:src)\n      - [ ] 解析robots.txt(-cmpr,crawl_mode_parse_robots)\n      - [x] 爬虫类动态fuzz扫描(-cmdf,crawl_mode_dynamic_fuzz)\n    - [x] fuzz模式(-fm,fuzz_mode)\n      - [x] fuzz单个字典(-fmlsd,fuzz_mode_load_single_dict)\n      - [x] fuzz多个字典(-fmlmd,fuzz_mode_load_mult_dict)\n      - [x] fuzz标签(-fml,fuzz_mode_label)\n  - [ ] 请求优化选项(RequestHandler)\n    - [x] 自定义请求超时(-rt,request_timeout)\n    - [x] 自定义请求延时(-rd,request_delay)\n    - [x] 限制单个目标主机协程数扫描(-rl,request_limit)\n    - [ ] 限制重试次数(-rmr,request_max_retries)\n    - [ ] http持久连接(-rpc,request_persistent_connect)\n    - [x] 自定义请求方法(-rm,request_method)(get、head)\n    - [x] 302状态处理(-r3,redirection_302)(是否重定向)\n    - [x] 自定义header\n      - [x] 自定义其他header(-rh,request_headers)(解决需要401认证)\n      - [x] 自定义ua(-rhua,request_header_ua)\n      - [x] 自定义cookie(-rhc,request_header_cookie)\n  - [ ] 字典处理选项(PayloadHandler)\n    - [ ] 字典处理(payload修改-去斜杠)\n    - [ ] 字典处理(payload修改-首字符加斜杠)\n    - [ ] 字典处理(payload修改-单词首字母大写)\n    - [ ] 字典处理(payload修改-去扩展)\n    - [ ] 字典处理(payload修改-去除非字母数字)\n  - [ ] 响应结果处理模块(ResponseHandler)\n    - [x] 跳过大小为x字节的文件(-ss,skip_size)\n    - [x] 自动检测404页面(-ac4p,auto_check_404_page)\n    - [ ] 自定义503页面(-c5p,custom_503_page)\n    - [ ] 自定义正则匹配响应内容并进行某种操作\n      - [x] 自定义正则匹配响应(-crp,custom_response_page)\n      - [ ] 某种操作(暂时未定义)\n    - [x] 输出结果为自定义状态码(-rsc,response_status_code)\n    - [x] 输出payload为完整路径(默认输出完成url)\n    - [x] 输出结果展示content-type\n    - [x] 自动去重复保存结果\n  - [ ] 状态处理模块(StatusHandler)\n    - [ ] 状态显示(等待开始、进行中、暂停中、异常、完成)\n    - [x] 进度显示\n    - [ ] 状态控制(开始、暂停、继续、停止)\n    - [ ] 续扫模块(暂未配置)\n    - [ ] 断点续扫\n    - [ ] 选行续扫\n  - [ ] 日志记录模块(ScanLogHandler)\n    - [ ] 扫描日志\n    - [ ] 错误日志\n  - [ ] 代理模块(ProxyHandler)\n    - [x] 单个代理(-ps,proxy_server)\n    - [ ] 代理池\n  - [x] 调试模式选项(DebugMode)\n    - [x] debug(--debug)\n  - [ ] 检查更新选项(CheckUpdate)\n    - [ ] update(--update)\n\n# 默认字典文件\n\n字典文件存放在项目根目录中的`data`文件夹中\n\n1. dict_mode_dict.txt       “字典模式”字典，使用dirsearch默认字典\n2. crawl_mode_suffix.txt    “爬虫模式”字典，使用FileSensor默认字典\n3. fuzz_mode_dir.txt        “fuzz模式”字典，使用DirBuster默认字典\n4. fuzz_mode_ext.txt        “fuzz模式”字典，使用常见后缀制作的字典\n5. dictmult                 该目录为“字典模式”默认多字典文件夹，包含：BAK.min.txt(备份文件小字典)，BAK.txt(备份文件大字典)，LEAKS.txt(信息泄露文件字典)\n6. fuzzmult                 该目录为“fuzz模式”默认多字典文件夹，包含：fuzz_mode_dir.txt(默认目录字典)，fuzz_mode_ext.txt(默认后缀字典)\n\n# 已知缺陷\n\n1. “爬虫模式”只爬取了目标的当前页面，用于生成动态字典。项目将来会将“爬虫模块”与“生成动态字典功能”分离。\n2. 关于bruter.py第517行`bar.log.start()`出错。解决方案：请安装progressbar2。卸载progressbar。防止导入同名模块。感谢某位表哥提醒。\n\n```shell\n执行命令：\npython3 -m pip uninstall progressbar\npython3 -m pip install progressbar2\n```\n\n# 维护工作\n\n1. 若使用过程中出现问题，欢迎发issue\n2. 本项目正在维护，未来将会有新的功能加入，具体参照“TODO”列表，未打勾项\n\n# 致谢声明\n\ndirmap在编写过程中，借鉴了大量的优秀开源项目的模式与思想，特此说明并表示感谢。\n\n- [Sqlmap](https://github.com/sqlmapproject/sqlmap)\n- [POC-T](https://github.com/Xyntax/POC-T)\n- [Saucerframe](https://github.com/saucer-man/saucerframe)\n- [gwhatweb](https://github.com/boy-hack/gwhatweb)\n- [dirsearch](https://github.com/maurosoria/dirsearch)\n- [cansina](https://github.com/deibit/cansina)\n- [weakfilescan](https://github.com/ring04h/weakfilescan)\n- [FileSensor](https://github.com/Xyntax/FileSensor)\n- [BBscan](https://github.com/lijiejie/BBScan)\n- [werdy](https://github.com/derv82/werdy)\n\n# 联系作者\n\nmail: xxlin.ujs@qq.com\n\n![donate](doc/donate.jpg)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FH4ckForJob%2Fdirmap","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FH4ckForJob%2Fdirmap","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FH4ckForJob%2Fdirmap/lists"}