{"id":13844217,"url":"https://github.com/Mosuan/FileScan","last_synced_at":"2025-07-11T22:31:00.705Z","repository":{"id":37470750,"uuid":"99882383","full_name":"Mosuan/FileScan","owner":"Mosuan","description":"FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描","archived":false,"fork":false,"pushed_at":"2021-07-19T11:11:35.000Z","size":12,"stargazers_count":261,"open_issues_count":2,"forks_count":60,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-21T16:40:20.927Z","etag":null,"topics":["filescan","infoscan","python"],"latest_commit_sha":null,"homepage":"http://www.0aa.me","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mosuan.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-10T04:47:55.000Z","updated_at":"2024-09-22T10:42:14.000Z","dependencies_parsed_at":"2022-09-05T21:10:51.280Z","dependency_job_id":null,"html_url":"https://github.com/Mosuan/FileScan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/Mosuan/FileScan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mosuan%2FFileScan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mosuan%2FFileScan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mosuan%2FFileScan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mosuan%2FFileScan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mosuan","download_url":"https://codeload.github.com/Mosuan/FileScan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mosuan%2FFileScan/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264909966,"owners_count":23682096,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["filescan","infoscan","python"],"created_at":"2024-08-04T17:02:37.636Z","updated_at":"2025-07-11T22:31:00.461Z","avatar_url":"https://github.com/Mosuan.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"# FileScan V1\r\n\r\n\u003e FileScan: 敏感文件扫描 / 二次判断降低误报率 / 扫描内容规则化 / 多目录扫描\r\n\r\n**程序只供交流，请勿用于非法用途，否则产生的一切后果自行承担！！!**\r\n\r\n依赖\r\n----\r\n```\r\npip install requests\r\n```\r\n\r\n运行方式\r\n----\r\n```\r\npython filescan.py http://www.0aa.me\r\npython filescan.py http://www.0aa.me/0aa/index.php\r\n```\r\n\r\n结构\r\n----\r\n - reque.py **requests发送请求**\r\n - filescan.py **入口文件，扫描结果相关**\r\n - rule_parse.py **解析规则**\r\n - backup_rule.py **扫描规则**\r\n\r\n验证方式\r\n----\r\n - 返回状态码\r\n - 返回内容正则判断\r\n - 返回header\r\n - 返回内容大小\r\n\r\n**如果你只是想使用，不想添加规则，那么下面的东西你就不用看了。**\r\n\r\n规则\r\n----\r\n\r\n\r\n    # 规则名字，可以随便写\r\n        \"url_backup\": {\r\n            # 是否每个目录都扫描 目前这个功能没有，后面会写\r\n            \"dir\": True,\r\n            # 是否需要拼接文件后缀名，dict有写filename的时候为True\r\n            \"suffix\": True,\r\n            # 规则\r\n            \"name\":[{\r\n                # 真规则的文件名\r\n                \"rule_true\":[\r\n                    # zip rar\r\n                    \"[DOMAIN]\", \"[HOST]\", \"[HOSTNAME]\", \"[TIME]\", \"[DOMAIN]1\", \"[HOST]1\", \"[HOSTNAME]1\", \"[TIME]1\",\r\n                    \"web\", \"webroot\", \"WebRoot\", \"website\", \"bin\", \"bbs\", \"shop\", \"www\", \"wwww\",\r\n                    1, 2, 3, 4, 5, 6, 7, 8, 9,\r\n                    \"www1\", \"www2\", \"www3\", \"www4\", \"default\", \"log\", \"logo\", \"kibana\", \"elk\", \"weblog\",\r\n                    \"mysql\", \"ftp\", \"FTP\", \"MySQL\", \"redis\", \"Redis\",\r\n                    \"cgi\", \"php\", \"jsp\",\r\n                    \"access\", \"error\", \"logs\", \"other_vhosts_access\",\r\n                    \"database\", \"sql\",\r\n                ],\r\n                # 假规则的文件名，当一个漏洞真规则被判断存在的时候，就要用假规则去二次验证是否存在了\r\n                \"rule_false\": \"fuckcar10240x4d53\"\r\n            }],\r\n            # 文件后缀名\r\n            \"filename\": [\r\n                \"rar\", \"zip\", \"tar.gz\", \"tar.gtar\", \"tar\", \"tgz\", \"tar.bz\", \"tar.bz2\", \"bz\", \"bz2\", \"boz\", \"3gp\", \"gz2\"\r\n            ],\r\n            # 判断是否存在\r\n            \"result\": {\r\n                # 返回页面大小\r\n                \"length\": 50,\r\n                # 返回状态码\r\n                \"status_code\": [200],\r\n                # 返回header\r\n                \"header\":{\r\n                    # 返回header里面的字段名\r\n                    \"Content-Type\":[\r\n                        # 字段值 可用正则\r\n                        \"application\\/x-gzip\", \"text\\/plain\", \"application\\/x-bzip\", \"application\\/bacnet-xdd+zip\", \"application\\/x-gtar\",\"application\\/x-compressed\", \"application\\/x-rar-compressed\", \"application\\/x-tar\", \"application\\/zip\", \"application\\/force-download\",\"application\\/.*file\", \"application\\/.*zip\", \"application\\/.*rar\", \"application\\/.*tar\", \"application\\/.*down\"\r\n                    ]\r\n                }\r\n            }\r\n        }\r\n\r\n\r\n看起来可能有些复杂，认真点看，其实不难，我认为很好理解。\r\n\r\n规则里面的`rule_true`字段里面的几个替换符的意思如下:\r\n程序会将你传入的url用`urlparse`库解析出host，大概的意思就是下面这样：\r\n如url: http://www.0aa.me\r\n - [DOMAIN]   == 0aa.me\r\n - [HOST]    == www.0aa.me\r\n - [HOSTNAME] == 0aa\r\n - [TIME] 这个特殊一点，根据你扫描的日期，获取前几天的日期（默认前两天），如：今天20170809，会生成三种格式：\r\n```\r\n2017—08-09 / 2017—08-08 / 2017—08-07\r\n\r\n2017_08_09 / 2017_08_08 / 2017_08_07\r\n\r\n20170809 / 20170808 / 20170807\r\n```\r\n\r\n配置相关\r\n----\r\n**如果你想扫描更前面的日期，可以配置：**\r\n```\r\nrule_parse.py 里面的 self.timenum 变量\r\n```\r\n\r\n**限速：**\r\n```\r\nfilescan.py 里面的 self.sleep_time 变量\r\n```\r\n\r\n**请求timeout时间：**\r\n```\r\nreque.py 里面的 self.timeout 变量\r\n```\r\n\r\n效果\r\n----\r\n注：图中的url是我绑的host\r\n\r\n![run filescan][1]\r\n\r\n![result][2]\r\n\r\n**最后再说一次：程序只供交流，请勿用于非法用途，否则产生的一切后果自行承担！！!**\r\n\r\n**最后的最后感谢下：**\r\n[北斗Team的所有挖掘机工程师][3]\r\n[Saline大表哥][4]\r\n[Redfree师傅][5]\r\n\r\n\r\n  [1]: http://www.0aa.me/usr/uploads/2017/08/1738764841.png\r\n  [2]: http://www.0aa.me/usr/uploads/2017/08/4102254597.png\r\n  [3]: https://secboom.com/\r\n  [4]: http://0cx.cc/\r\n  [5]: http://py4.me/blog/\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMosuan%2FFileScan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FMosuan%2FFileScan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FMosuan%2FFileScan/lists"}