├── screen.png ├── README.md ├── agents.txt └── deepsearch.py /screen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/prosecurity/DeepSearch/HEAD/screen.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | DeepSearch - Advanced Web Dir Scanner 2 | -- 3 | __DeepSearch__ is a simple command line tool for bruteforce directories and files in websites. 4 | 5 | ![screen](https://raw.githubusercontent.com/m4ll0k/DeepSearch/master/screen.png) 6 | 7 | Installation 8 | -- 9 | ```sh 10 | $ git clone https://github.com/m4ll0k/DeepSearch.git deepsearch 11 | $ cd deepsearch 12 | $ pip3 install requests 13 | $ python3 deepsearch.py 14 | 15 | ``` 16 | 17 | Usage 18 | -- 19 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt` 20 | 21 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -f` 22 | 23 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -b` 24 | 25 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -l` 26 | 27 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -p` 28 | 29 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -o 200,301,302` 30 | 31 | `python3 deepsearch.py -u http://testphp.vulnweb.com/ -e php -w wordlist.txt -x 501,502,503,401` 32 | 33 | `python3 deepsearch.py -u http://testphp.vulnweb.com/user-%1%/index.php -e php -w wordlist.txt` 34 | 35 | `python3 deepsearch.py -u http://testphp.vulnweb.com/id/%1%/index.html -e php -w wordlist.txt -f` 36 | -------------------------------------------------------------------------------- /agents.txt: -------------------------------------------------------------------------------- 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/4.0.5 Safari/531.22.7 2 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; en-au) AppleWebKit/525.8+ (KHTML, like Gecko) Version/3.1 Safari/525.6 3 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_2; it-it) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13 4 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_4; en-gb) AppleWebKit/528.4+ (KHTML, like Gecko) Version/4.0dp1 Safari/526.11.2 5 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_5; it-it) AppleWebKit/525.18 (KHTML, like Gecko) 6 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.16 (KHTML, like Gecko) 7 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/528.7+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 8 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_6; en-us) AppleWebKit/530.6+ (KHTML, like Gecko) Version/3.1.2 Safari/525.20.1 9 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_3; es-es) AppleWebKit/531.22.7 (KHTML, like Gecko) 10 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7; en-us) AppleWebKit/533.4 (KHTML, like Gecko) Version/4.1 Safari/533.4 11 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de-de) AppleWebKit/522.11.1 (KHTML, like Gecko) Version/3.0.3 Safari/522.12.1 12 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/521.32.1 (KHTML, like Gecko) Safari/521.32.1 13 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit/522.11.1 (KHTML, like Gecko) Safari/419.3 14 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en) AppleWebKit (KHTML, like Gecko) 15 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; it-it) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6 16 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; sv-se) AppleWebKit/523.12.2 (KHTML, like Gecko) Version/3.0.4 Safari/523.12.2 17 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; zh-tw) AppleWebKit/525.13 (KHTML, like Gecko) Version/3.1 Safari/525.13.3 18 | Mozilla/5.0 (Macintosh; U; PPC Mac OS; en-en) AppleWebKit/412 (KHTML, like Gecko) Safari/412 19 | Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-CH) AppleWebKit/419.2 (KHTML, like Gecko) Safari/419.3 20 | Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-ch) AppleWebKit/85 (KHTML, like Gecko) Safari/85 21 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/534.34 (KHTML, like Gecko) Dooble/1.40 Safari/534.34 22 | Mozilla/5.0 (Windows; U; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.1.2 Safari/525.21 23 | Mozilla/5.0 (Windows; U; Windows NT 5.0; en) AppleWebKit/522.12.1 (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2 24 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/528.8 (KHTML, like Gecko) 25 | Mozilla/4.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0) 26 | Mozilla/4.0 (Compatible; MSIE 4.0) 27 | Mozilla/4.0 (compatible; MSIE 4.01; Mac_PowerPC) 28 | Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) 29 | Mozilla/4.0 (compatible; MSIE 4.01; Windows 98) 30 | Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; DigExt) 31 | Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; Hotbar 3.0) 32 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE) 33 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC) 34 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; PPC) 35 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320; Sprint:PPC-6700; PPC; 240x320) 36 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone; 176x220) 37 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint;PPC-i830; PPC; 240x320) 38 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:PPC-i830; PPC; 240x320) 39 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SCH-i320; Smartphone; 176x220) 40 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint; SCH-i830; PPC; 240x320) 41 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SCH-i830; PPC; 240x320) 42 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SPH-ip320; Smartphone; 176x220) 43 | Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Sprint:SPH-ip830w; PPC; 240x320) 44 | Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) 45 | Mozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0) 46 | Mozilla/4.0 (compatible; MSIE 4.0; Windows 95) 47 | Mozilla/4.0 (compatible; MSIE 4.0; Windows 95; .NET CLR 1.1.4322; .NET CLR 2.0.50727) 48 | Mozilla/4.0 (compatible; MSIE 4.0; Windows 98) 49 | Mozilla/4.0 (compatible; MSIE 4.0; Windows NT) 50 | Mozilla/4.0 (compatible; MSIE 4.5; Mac_PowerPC) 51 | Mozilla/4.0 (compatible; MSIE 4.5; Windows 98;) 52 | Mozilla/4.0 (compatible; MSIE 4.5; Windows NT 5.1; .NET CLR 2.0.40607) 53 | Mozilla/4.0 (compatible; MSIE 5.00; Windows 98) 54 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) 55 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; MSIECrawler) 56 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461) 57 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Q312461; T312461) 58 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1) 59 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; SV1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727) 60 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.1) 61 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.3; Wanadoo 5.5) 62 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; Wanadoo 5.6) 63 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0) 64 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0; Hotbar 4.1.8.0) 65 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.4) 66 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6) 67 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 3.0) 68 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; Hotbar 4.2.8.0) 69 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.2.6; MSIECrawler) 70 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; DigExt) 71 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; Hotbar 4.1.8.0) 72 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; .NET CLR 1.0.3705) 73 | Mozilla/4.0 (compatible; MSIE 5.01; Windows NT; YComp 5.0.0.0) 74 | Mozilla/4.0 (compatible; MSIE 5.05; Windows 98; .NET CLR 1.1.4322) 75 | Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 3.51) 76 | Mozilla/4.0 (compatible; MSIE 5.05; Windows NT 4.0) 77 | Mozilla/4.0 (compatible; MSIE 5.0b1; Mac_PowerPC) 78 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98;) 79 | Mozilla/4.0(compatible; MSIE 5.0; Windows 98; DigExt) 80 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6) 81 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; YComp 5.0.2.6; yplus 1.0) 82 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; Hotbar 3.0) 83 | Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; YComp 5.0.2.4) 84 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT;) 85 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT) 86 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.0) 87 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.2; .NET CLR 1.1.4322) 88 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 5.9; .NET CLR 1.1.4322) 89 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 6.0; Trident/4.0; InfoPath.1; SV1; .NET CLR 3.0.04506.648; .NET4.0C; .NET4.0E) 90 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt) 91 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 3.0) 92 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; Hotbar 4.1.8.0) 93 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; .NET CLR 1.0.3705) 94 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.0.0) 95 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.5) 96 | Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; YComp 5.0.2.6) 97 | Mozilla/4.0 (compatible; MSIE 5.12; Mac_PowerPC) 98 | Mozilla/4.0 (compatible; MSIE 5.13; Mac_PowerPC) 99 | Mozilla/4.0 (compatible; MSIE 5.14; Mac_PowerPC) 100 | Mozilla/4.0 (compatible; MSIE 5.15; Mac_PowerPC) 101 | Mozilla/4.0 (compatible; MSIE 5.16; Mac_PowerPC) 102 | Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC) 103 | Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC Mac OS; en) 104 | Mozilla/4.0 (compatible; MSIE 5.21; Mac_PowerPC) 105 | Mozilla/4.0 (compatible; MSIE 5.22; Mac_PowerPC) 106 | Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC) 107 | Mozilla/4.0 (compatible; MSIE 5.2; Mac_PowerPC) 108 | Mozilla/4.0 (compatible; MSIE 5.5;) 109 | Mozilla/4.0 (compatible; MSIE 5.50; Windows 95; SiteKiosk 4.8) 110 | Mozilla/4.0 (compatible; MSIE 5.50; Windows 98; SiteKiosk 4.8) 111 | Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8) 112 | Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.8; SiteCoach 1.0) 113 | Mozilla/4.0 (compatible; MSIE 5.50; Windows NT; SiteKiosk 4.9; SiteCoach 1.0) 114 | Mozilla/4.0 (compatible; MSIE 5.5b1; Mac_PowerPC) 115 | Mozilla/4.0 (compatible;MSIE 5.5; Windows 98) 116 | Mozilla/4.0 (compatible; MSIE 5.5; Windows NT) 117 | Mozilla/4.0 (compatible; MSIE 5.5; Windows NT5) 118 | Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US) 119 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/4.0; GTB7.4; InfoPath.3; SV1; .NET CLR 3.1.76908; WOW64; en-US) 120 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; chromeframe/11.0.696.57) 121 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.1; SV1; .NET CLR 2.8.52393; WOW64; en-US) 122 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) chromeframe/10.0.648.205 123 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/11.0.696.57) 124 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; chromeframe/13.0.782.215) 125 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; FunWebProducts) 126 | Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; el-GR) 127 | Mozilla/5.0 (Windows; U; Windows NT 5.1; de-DE) Chrome/4.0.223.3 Safari/532.2 128 | Mozilla/5.0 (X11; CrOS i686 0.13.587) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.14 Safari/535.1 129 | Mozilla/5.0 (X11; CrOS i686 1193.158.0) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.75 Safari/535.7 130 | Mozilla/5.0 (X11; CrOS i686 12.0.742.91) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30 131 | Mozilla/5.0 (X11; CrOS i686 12.433.109) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30 132 | Mozilla/5.0 (X11; CrOS i686 12.433.216) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.105 Safari/534.30 133 | Mozilla/5.0 (X11; CrOS i686 13.587.48) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.43 Safari/535.1 134 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 135 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.824.0 Safari/535.1 136 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.02 137 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.52 138 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.53 139 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; en) Opera 8.54 140 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; pl) Opera 8.54 141 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; da) Opera 8.54 142 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.0 143 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; de) Opera 8.01 144 | Mozilla/5.0 (Macintosh; Intel Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27 145 | Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en) Opera 8.51 146 | Mozilla/5.0 (Windows 98; U; en) Opera 8.54 147 | Mozilla/5.0 (Windows ME; U; en) Opera 8.51 148 | Mozilla/5.0 (Windows NT 5.0; U; de) Opera 8.50 149 | Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0 150 | Mozilla/5.0 (Windows NT 5.1; U; de) Opera 8.50 151 | Mozilla/5.0 (Windows NT 5.1; U; de) Opera 8.52 152 | Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 153 | Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.52 154 | Mozilla/5.0 (Windows NT 5.1; U; de; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 11.00 155 | Mozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 156 | Mozilla/5.0 (Windows NT 5.1; U; en-GB; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.61 157 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.0 158 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01 159 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.02 160 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 161 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.51 162 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.52 163 | Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.53 164 | Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.22 165 | Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.24 166 | Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.26 167 | Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 9.51 168 | Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11 169 | Mozilla/5.0 (Windows NT 5.1; U; es-la; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 Opera 9.27 170 | Mozilla/5.0 (Windows NT 5.1; U; Firefox/3.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 171 | Mozilla/5.0 (Windows NT 5.1; U; Firefox/4.5; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 172 | Mozilla/5.0 (Windows NT 5.1; U; Firefox/5.0; en; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 Opera 10.53 173 | Opera/8.00 (Windows NT 5.1; U; en) 174 | Opera/8.01 (Macintosh; PPC Mac OS X; U; en) 175 | Opera/8.01 (Macintosh; U; PPC Mac OS; en) 176 | Opera/8.01 (Windows NT 5.0; U; de) 177 | Opera/8.01 (Windows NT 5.1; U; de) 178 | Opera/8.01 (Windows NT 5.1; U; en) 179 | Opera/8.01 (Windows NT 5.1; U; fr) 180 | Opera/8.01 (Windows NT 5.1; U; pl) 181 | Opera/9.51 (X11; Linux i686; U; Linux Mint; en) 182 | Opera/9.52 (Macintosh; Intel Mac OS X; U; pt) 183 | Opera/9.52 (Macintosh; Intel Mac OS X; U; pt-BR) 184 | Opera/9.52 (Macintosh; PPC Mac OS X; U; fr) 185 | Opera/9.80 (Windows NT 5.1; U;) Presto/2.7.62 Version/11.01 186 | Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.00 187 | Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.5.22 Version/10.50 188 | Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.7.39 Version/11.00 189 | Opera/9.80 (Windows NT 5.1; U; sk) Presto/2.5.22 Version/10.50 190 | Opera/9.80 (Windows NT 5.1; U; zh-cn) Presto/2.2.15 Version/10.00 191 | Opera/9.80 (Windows NT 5.1; U; zh-sg) Presto/2.9.181 Version/12.00 192 | Opera/9.80 (Windows NT 5.1; U; zh-tw) Presto/2.8.131 Version/11.10 193 | Opera/9.80 (Windows NT 5.2; U; en) Presto/2.2.15 Version/10.00 194 | Opera/9.80 (Windows NT 5.2; U; en) Presto/2.6.30 Version/10.63 195 | Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51 196 | Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.6.30 Version/10.61 197 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9.2.22) Gecko/20110902 Firefox/3.6.22 198 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; it; rv:1.9b4) Gecko/2008030317 Firefox/3.0b4 199 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 200 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 FBSMTWB 201 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; de; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 GTB5 202 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 203 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6;en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 204 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2) Gecko/20091218 Firefox 3.6b5 205 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.23) Gecko/20110920 Firefox/3.6.23 206 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; he; rv:1.9.1b4pre) Gecko/20100405 Firefox/3.6.3plugin1 207 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2 208 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; de-AT; rv:1.9.1.8) Gecko/20100625 Firefox/3.6.6 209 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.12pre) Gecko/20080122 Firefox/2.0.0.12pre 210 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.13) Gecko/20080313 Firefox 211 | Mozilla/5.0 (X11; Arch Linux i686; rv:2.0) Gecko/20110321 Firefox/4.0 212 | Mozilla/5.0 (X11; FreeBSD amd64; rv:5.0) Gecko/20100101 Firefox/5.0 213 | Mozilla/5.0 (X11; FreeBSD i686) Firefox/3.6 -------------------------------------------------------------------------------- /deepsearch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # -*- coding: utf-8 -*- 3 | # -------------------------------------- 4 | # DeepSearch - Advanced Web Dir Scanner 5 | # by Momo (m4ll0k) Outaadi 6 | # -------------------------------------- 7 | 8 | import os 9 | import re 10 | import sys 11 | import time 12 | import random 13 | import requests 14 | import urllib3 15 | import socket 16 | import getopt 17 | import requests 18 | import concurrent.futures 19 | from urllib.parse import urlparse 20 | 21 | # -- colors -- 22 | R = "\033[%s;31m"; G = "\033[%s;32m" 23 | Y = "\033[%s;33m"; B = "\033[%s;34m" 24 | M = "\033[%s;35m"; C = "\033[%s;36m" 25 | W = "\033[%s;37m"; E = "\033[0m" 26 | 27 | # -- time format -- 28 | strftime = "%H:%M:%S" 29 | 30 | # -- banner -- 31 | banner= r''' 32 | {l} 33 | DeepSearch - Advanced Web Dir Scanner 34 | Momo (m4ll0k) Outaadi 35 | {y}https://github.com/m4ll0k{r} 36 | {e} 37 | '''.format(l='-'*40,e='-'*40,y=Y%0,r=E) 38 | 39 | # -- kwargs var -- 40 | kwargs = { 41 | 'cookie':None,'ragent':False, 42 | 'delay':None,'timeout':None, 43 | 'hostname':False,'redirect':False, 44 | 'proxy':None,'threads':5, 45 | 'dict':None,'tolower':False, 46 | 'toupper':False,'force' :False, 47 | 'maxretries' :2,'headers':None, 48 | 'exclude': None,'only': None, 49 | 'extension': None,'wordlist':None 50 | } 51 | 52 | def warn(string,exit=False): 53 | print('{red}[!] {string}{end}'.format( 54 | red=R%0,string=string,end=E)) 55 | if exit: sys.exit(0) 56 | 57 | # -- random user-agent 58 | def randomAgent(): 59 | path = os.path.join(os.path.abspath('.'),'agents.txt') 60 | agents = [x.strip() for x in open(path,'rb')] 61 | return agents[random.randint(0,len(agents)-1)] 62 | 63 | # -- request class -- 64 | class Request(object): 65 | def __init__(self,kwargs): 66 | self.host = None 67 | self.ip = None 68 | self.port = None 69 | self.headers = {} 70 | self.protocol = None 71 | self.basePath = None 72 | self.agent = randomAgent() 73 | self.cookie = kwargs['cookie'] 74 | self.ragent = kwargs['ragent'] 75 | self.proxy = kwargs['proxy'] 76 | self.delay = kwargs['delay'] 77 | self.timeout = kwargs['timeout'] 78 | self.redirect = kwargs['redirect'] 79 | self.maxRetries = kwargs['maxretries'] 80 | self.byhostname = kwargs['hostname'] 81 | self.set_headers = kwargs['headers'] 82 | self.session = requests.Session() 83 | 84 | def path(self,_path,_word): 85 | # check path 86 | if _word.endswith('/'): _word = _word[:-1] 87 | if not _path.startswith('/'): _path = '/'+_path 88 | 89 | if r'%%' in _path: 90 | return _path.replace(r'%%',_word) 91 | 92 | elif re.search(r'\%(\S*)\%',_path,re.I): 93 | return re.sub(r'\%(\S*)\%',_word,_path) 94 | 95 | else: 96 | if _path.endswith('/') and _word.startswith('/'): 97 | try: 98 | if _word.split('.')[1]: 99 | # end with ext 100 | return _path + _word[1:] 101 | except IndexError: 102 | # dir 103 | return _path + _word[1:] + '/' 104 | elif not _path.endswith('/') and not _word.startswith('/'): 105 | try: 106 | if _word.split('.')[1]: 107 | return _path + '/' + _word 108 | except IndexError: 109 | return _path + '/' + _word + '/' 110 | else: 111 | try: 112 | if _word.split('.')[1]: 113 | return _path + _word 114 | except IndexError: 115 | return _path + _word + '/' 116 | return _word 117 | 118 | def req(self,url,word): 119 | len_max = 0 120 | proxies = None 121 | response = None 122 | # urlparse 123 | parsed = urlparse(url) 124 | if parsed.scheme not in ['http','https']: 125 | parsed = urlparse('http://'+url) 126 | # parts 127 | self.protocol = parsed.scheme 128 | if ':' in parsed.netloc: 129 | self.host,self.port = parsed.netloc.split(':') 130 | else: 131 | self.host = parsed.netloc 132 | self.basePath = parsed.path +'?'+ parsed.query if parsed.query != '' else parsed.path 133 | # headers 134 | self.headers['Host'] = self.host 135 | self.headers['User-Agent'] = self.agent 136 | if self.ragent is True: 137 | self.headers['User-Agent'] = randomAgent() 138 | self.headers['Accept-Language'] = 'en-US,en;q=0.8,en-US;q=0.5,en;q=0.3' 139 | self.headers['Accept-Encoding'] = 'gzip, deflate' 140 | self.headers['Keep-Alive'] = '300' 141 | self.headers['Connection'] = 'keep-alive' 142 | self.headers['Cache-Control'] = 'max-age=0' 143 | if self.cookie is not None: 144 | self.headers['Cookie'] = self.cookie 145 | # headers 146 | if self.set_headers != None: 147 | if '\\n' in self.set_headers: 148 | for header in self.set_headers.split('\\n'): 149 | key,value = header.split(':') 150 | self.headers[key] = value 151 | else: 152 | key,value = self.set_headers.split(':') 153 | self.headers[key] = value 154 | # by hostname 155 | if self.byhostname is True: 156 | try: 157 | if self.ip == None: 158 | self.ip = socket.gethostbyname(self.host) 159 | else: 160 | pass 161 | except socket.gaierror as e: 162 | print('Couldn\'t resolve DNS') 163 | # make base path 164 | self.basePath = self.path(self.basePath,word) 165 | # make url 166 | try: 167 | if self.ip != None: 168 | url = '{protocol}://{netloc}{path}'.format( 169 | protocol = self.protocol, 170 | netloc = self.ip+':'+self.port if self.port != None else self.ip, 171 | path = self.basePath 172 | ) 173 | else: 174 | url = '{protocol}://{netloc}{path}'.format( 175 | protocol = self.protocol, 176 | netloc = parsed.netloc, 177 | path = self.basePath 178 | ) 179 | except Exception as e: 180 | print(e) 181 | # make proxy 182 | if self.proxy != None: 183 | proxies = { 184 | 'http' : self.proxy, 185 | 'https' : self.proxy 186 | } 187 | # urljoin 188 | while len_max < self.maxRetries: 189 | try: 190 | resp = requests.packages.urllib3.disable_warnings( 191 | urllib3.exceptions.InsecureRequestWarning 192 | ) 193 | resp = self.session.get( 194 | url = url, 195 | verify = False, 196 | proxies = proxies, 197 | headers = self.headers, 198 | timeout = self.timeout, 199 | allow_redirects = self.redirect 200 | ) 201 | response = resp 202 | # delay 203 | if self.delay is not None: 204 | time.sleep(self.delay) 205 | try: 206 | if response != None or response != "": 207 | break 208 | except NameError: 209 | pass 210 | except requests.exceptions.TooManyRedirects as e: 211 | warn('Too many redirects: %s'%(e),1) 212 | except requests.exceptions.SSLError as e: 213 | warn('SSL Error connecting to server. Try the -b/--host flag to connect by hostname',1) 214 | except requests.ConnectionError as e: 215 | if self.proxy is not None: 216 | warn('Error with proxy: %s'%(e)) 217 | len_max += 1 218 | if len_max > self.maxRetries: 219 | warn(e,1) 220 | continue 221 | except (requests.exceptions.ConnectTimeout, 222 | requests.exceptions.ReadTimeout, 223 | requests.exceptions.Timeout, 224 | socket.timeout) as e: 225 | len_max += 1 226 | if len_max > self.maxRetries: 227 | warn(e,1) 228 | continue 229 | 230 | if len_max > self.maxRetries: 231 | warn('Connection Timeout: There was a problem in the request to: %s'%url,1) 232 | return response 233 | 234 | def Test(url): 235 | try: 236 | resp = requests.packages.urllib3.disable_warnings( 237 | urllib3.exceptions.InsecureRequestWarning 238 | ) 239 | resp = requests.get(url, 240 | verify=False, 241 | headers={'User-Agent':'Mozilla/5.0'}, 242 | allow_redirects=False 243 | ) 244 | except Exception as e: 245 | warn('Failed to establish a connection.',1) 246 | 247 | def LenHtml(content): 248 | f_len = len(content) 249 | if f_len <= 1023: 250 | return "%sB"%(f_len) 251 | else: 252 | return "%sKB"%(int(f_len/1000)) 253 | 254 | def ProcessPrint(resp,exclude,only,word): 255 | url = resp.url 256 | content = resp.content 257 | code = resp.status_code 258 | word = '/'+word if not word.startswith('/') else word 259 | if exclude != None: 260 | if str(code) not in exclude: 261 | pprint(url,code,content,word) 262 | elif only != None: 263 | if str(code) in only: 264 | pprint(url,code,content,word) 265 | else: 266 | pprint(url,code,content,word) 267 | 268 | def pprint(url,code,content,word): 269 | if code == 200: 270 | print('{g}[{t}] {code} - {len_}\t- {url}{e}'.format( 271 | g=G%0,t=time.strftime(strftime),e=E, 272 | code=code,len_=LenHtml(content),url=word)) 273 | elif code in [301,302]: 274 | print('{m}[{t}] {code} - {len_}\t- {word} -> {url}{e}'.format( 275 | m=M%0,t=time.strftime(strftime),e=E, 276 | code=code,len_=LenHtml(content),word=word,url=url)) 277 | elif code == 401: 278 | print('{y}[{t}] {code} - {len_}\t- {url}{e}'.format( 279 | y=Y%0,t=time.strftime(strftime),e=E, 280 | code=code,len_=LenHtml(content),url=word)) 281 | else: 282 | if code != 404: 283 | print('{w}[{t}] {code} - {len_}\t- {url}{e}'.format( 284 | w=W%0,t=time.strftime(strftime),e=E, 285 | code=code,len_=LenHtml(content),url=word) 286 | ) 287 | 288 | def usage(exit=False,ban=False): 289 | if ban != False: 290 | print(banner) 291 | print('''Usage: deepsearch.py [OPTIONS]\n 292 | -u --url\t\tTarget URL (e.g: http://site.com) 293 | -U --url-list\t\tScan multiple targets given in a text file 294 | -b --host\t\tMake request by hostname 295 | -e --extension\t\tExtensions list separated by comma (e.g: php,asp) 296 | -w --wordlist\t\tSet wordlist, (e.g: wl.txt) 297 | -r --random-agent\tUse random User-Agent 298 | -c --cookies\t\tSet HTTP Cookie header value 299 | -H --headers\t\tSet HTTP Headers (e.g: "Accept: ..\\nTag: 123") 300 | -f --force\t\tForce extension for every wordlist entry 301 | -x --exclude\t\tExclude status code separated by comma (e.g: 400,500) 302 | -l --lowercase\t\tForce lowercase for every wordlist entry 303 | -p --uppercase\t\tForce uppercase for every wordlist entry 304 | -R --redirect\t\tIgnore redirection attemps 305 | -d --delay\t\tDelay in seconds between each HTTP request 306 | -P --proxy\t\tUse a proxy to connect to the target URL 307 | -o --only\t\tShow only status code separated by comma (e.g: 200,302) 308 | -t --threads\t\tMax number of concurrent HTTP requests 309 | -T --timeout\t\tSeconds to wait before timeout connection 310 | -h --help\t\tShow this banner and exit 311 | ''') 312 | if exit: sys.exit(0) 313 | 314 | def ProcessWord(word,toupper=False,tolower=False,force=False,extension=None): 315 | word = word.decode('utf-8') 316 | word_2 = word 317 | if word != None: 318 | if toupper: word_2 = str(word).upper() 319 | if tolower: word_2 = str(word).lower() 320 | if force: 321 | if type(extension) is list: 322 | for ext in extension: 323 | if ext.startswith('.'): 324 | return word_2+ext 325 | return word_2 +'.'+ext 326 | elif type(extension) is str: 327 | if extension.startswith('.'): 328 | return word_2+extension 329 | return word_2+'.'+extension 330 | else: 331 | return word_2 332 | return word 333 | return None 334 | 335 | class Fuzzer(Request): 336 | def __init__(self,kwargs): 337 | Request.__init__(self,kwargs) 338 | self.kwargs = kwargs 339 | self.threads = kwargs['threads'] 340 | self.exclude = kwargs['exclude'] 341 | self.only = kwargs['only'] 342 | 343 | def fuzzer(self,url,word): 344 | word = ProcessWord( 345 | word,self.kwargs['toupper'], 346 | self.kwargs['tolower'],self.kwargs['force'],self.kwargs['extension']) 347 | if word != None: 348 | resp = self.req(url,word) 349 | ProcessPrint(resp,self.exclude,self.only,word) 350 | 351 | def ExtInToList(exts): 352 | if len(exts.split(',')) == 1: 353 | return exts 354 | elif len(exts.split(',')) > 1: 355 | return exts.split(',') 356 | 357 | def CheckWordlist(wl): 358 | if os.path.exists(wl): 359 | if os.path.isdir(wl): 360 | print('"%s" is a directory...'%(wl)) 361 | return wl 362 | else: 363 | print('"%s" not found path...'%(wl)) 364 | 365 | def ExcInToList(exc): 366 | if len(exc.split(',')) == 1: 367 | return [exc] 368 | elif len(exc.split(',')) > 1: 369 | return exc.split(',') 370 | 371 | def OnlyInToList(only): 372 | if len(only.split(',')) == 1: 373 | return [only] 374 | elif len(only.split(',')) > 1: 375 | return only.split(',') 376 | 377 | def ReadFile(path): 378 | return [x.strip() for x in open(path,'rb')] 379 | 380 | def CheckURL(url): 381 | parsed = urlparse(url) 382 | if parsed.scheme not in ['http','https','ftp','']: 383 | warn('The scheme "%s" not supported. Please check your URL'%(parsed.scheme),1) 384 | if parsed.netloc == '': 385 | warn('Please check your URL and try...',1) 386 | return url 387 | 388 | def main(): 389 | url = None 390 | urls = None 391 | is_multiple = False 392 | word_cmd = [ 393 | 'url=','url_list=','host','extension=','wordlist=', 394 | 'random-agent','cookies=','headers=','force', 395 | 'exclude=','uppercase','lowercase','redirect','delay=', 396 | 'proxy=','only=','threads=','timeout=','help' 397 | ] 398 | single_cmd = 'u:U:e:w:c:H:x:d:P:o:t:T:brflpRh' 399 | try: 400 | opts,args = getopt.getopt(sys.argv[1:],single_cmd,word_cmd) 401 | except getopt.GetoptError as e: 402 | usage(True,False) 403 | for i in range(len(opts)): 404 | if(opts[i][0] in('-u','--url')): url = opts[i][1] 405 | if(opts[i][0] in('-U','--url-list')): urls = CheckWordlist(opts[i][1]) 406 | if(opts[i][0] in('-b','--host')): kwargs['hostname'] = True 407 | if(opts[i][0] in('-e','--extension')): kwargs['extension'] = ExtInToList(opts[i][1]) 408 | if(opts[i][0] in('-w','--wordlist')): kwargs['wordlist'] = CheckWordlist(opts[i][1]) 409 | if(opts[i][0] in('-r','--random-agent')): kwargs['ragent'] = True 410 | if(opts[i][0] in('-c','--cookies')): kwargs['cookie'] = opts[i][1] 411 | if(opts[i][0] in('-H','--headers')): kwargs['headers'] = opts[i][1] 412 | if(opts[i][0] in('-f','--force')): kwargs['force'] = True 413 | if(opts[i][0] in('-x','--exclude')): kwargs['exclude'] = ExcInToList(opts[i][1]) 414 | if(opts[i][0] in('-l','--lowercase')): kwargs['tolower'] = True 415 | if(opts[i][0] in('-p','--uppercase')): kwargs['toupper'] = True 416 | if(opts[i][0] in('-R','--redirect')): kwargs['redirect'] = True 417 | if(opts[i][0] in('-d','--delay')): kwargs['delay'] = float(opts[i][1]) 418 | if(opts[i][0] in('-P','--proxy')): kwargs['proxy'] = opts[i][1] 419 | if(opts[i][0] in('-t','--threads')): kwargs['threads'] = int(opts[i][1]) 420 | if(opts[i][0] in('-o','--only')): kwargs['only'] = OnlyInToList(opts[i][1]) 421 | if(opts[i][0] in('-t','--threads')): kwargs['threads'] = 2 if opts[i][1] == 1 else int(opts[i][1]) 422 | if(opts[i][0] in('-T','--timeout')): kwargs['timeout'] = float(opts[i][1]) 423 | if(opts[i][0] in('-h','--help')):usage(True,True) 424 | print(banner) 425 | if len(sys.argv) <= 2: 426 | usage(True,False) 427 | if kwargs['extension'] == None: 428 | sys.exit(print('No extension specified. You must specify at least one extension with -e/--extension')) 429 | if kwargs['wordlist'] == None: 430 | sys.exit(print('No wordlist specified. Please specify the wordlist with -w/--wordlist')) 431 | words = ReadFile(kwargs['wordlist']) 432 | header = '%sExtension: %s%s%s'%(Y%1,M%1,kwargs['extension'],E) 433 | header += ' | ' 434 | header += '%sThreads: %s%s%s'%(Y%1,M%1,kwargs['threads'],E) 435 | header += ' | ' 436 | header += '%sWords: %s%s%s\n'%(Y%1,M%1,len(words),E) 437 | print(header) 438 | if urls != None: 439 | is_multiple = True 440 | print('%sScanning multiple targets...%s'%(Y%1,E)) 441 | urls = ReadFile(urls) 442 | else: 443 | print('%sTarget: %s%s%s'%(Y%1,M%1,url,E)) 444 | urls = [url] 445 | print('\n%s[%s] Starting...%s'%(Y%1,time.strftime(strftime),E)) 446 | for u in urls: 447 | CheckURL(u) 448 | Test(u) 449 | if is_multiple:u=u.decode('utf-8') 450 | if is_multiple: 451 | CheckURL(u) 452 | print('\n%sTarget: %s%s%s'%(Y%1,M%1,u,E)) 453 | try: 454 | ThreadPool = concurrent.futures.ThreadPoolExecutor(int(kwargs['threads'])) 455 | thread = (ThreadPool.submit(Fuzzer(kwargs).fuzzer,u,w) for w in words) 456 | for i,_ in enumerate(concurrent.futures.as_completed(thread)): 457 | print('%s'%(words[i].decode('utf-8')),end='\r') 458 | print('%s'%(' '*len(words[i].decode('utf-8'))),end='\r') 459 | _.result() 460 | except KeyboardInterrupt as e: 461 | sys.exit(0) 462 | # -- main -- 463 | try: 464 | main() 465 | except KeyboardInterrupt as e: 466 | warn(e,1) --------------------------------------------------------------------------------