Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SpringBoot-Scan的一些建议 #13

Open
chinatelacom opened this issue Jan 30, 2024 · 3 comments
Open

SpringBoot-Scan的一些建议 #13

chinatelacom opened this issue Jan 30, 2024 · 3 comments

Comments

@chinatelacom
Copy link

你好,作者!
我觉得这个脚本是不是可以添加一些爬虫功能 而不是只爆破字典中的内容 比如一些spring未授权环境下 访问/actuator/ 里面会有一些非字典中的内容如 /actuator/nacosconfig 、/actuator/nacosdiscovery等 这种情况下感觉加上爬虫爬取/actuator/会好一些
@chinatelacom
Copy link
Author

还有就是有些网站访问不存在地址时返回的响应码为200 这时候会导致 Dir.txt中的所有内容都会存储到urlout.txt中 可不可以加上一个判断 如果返回包的hash一致则不保存
import hashlib
encountered_hashes = set()
valid_pages = []
content_hash = hashlib.md5(r.content).hexdigest()
if content_hash not in encountered_hashes:
# 如果是新的哈希值,保存页面内容并记录哈希值
valid_pages.append(r.content)
encountered_hashes.add(content_hash)
f2 = open("urlout.txt", "a")
f2.write(u + '\n')
f2.close()
else:
# 如果哈希值已存在,忽略该页面内容
print(f"已存在{url}")

@AabyssZG
Copy link
Owner

已经收到师傅的反馈,我会再优化优化相关的内容🤩
之前就已经想到对页面Hash进行校验的想法哈哈~

@chinatelacom
Copy link
Author

嗯嗯 期待更新😁

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@AabyssZG @chinatelacom