Metasploit搜索网站目录结构

实验环境

准备工作

1. 攻击机准备工作

   1.1 安装Metasploit，默认安装在“C:\metasploit-framework”

操作步骤

1. 运行msfconsole.bat，打开Metasploit控制台

2. 搜索并找到“auxiliary/scanner/http/dir_scanner”，调用该攻击模块

   msf > use auxiliary/scanner/http/dir_scanner
   msf auxiliary(scanner/http/dir_scanner) >
   

3. 设置搜索并发线程数50

   msf auxiliary(scanner/http/dir_scanner) > set threads 50
   threads => 50
   

4. 设置攻击目标为“www.testfire.net”

   msf auxiliary(scanner/http/dir_scanner) > set rhosts www.testfire.net
   rhosts => www.testfire.net
   

5. 发起攻击

   msf auxiliary(scanner/http/dir_scanner) > exploit
   [-] Warning: The Windows platform cannot reliably support more than 16 threads
   
   [-] Thread count has been adjusted to 16
   
   [*] Detecting error code
   
   [*] Using code '404' as not found for 65.61.137.117
   
   [+] Found http://65.61.137.117:80/Admin/ 403 (65.61.137.117)
   
   [+] Found http://65.61.137.117:80/admin/ 403 (65.61.137.117)
   
   [+] Found http://65.61.137.117:80/bank/ 200 (65.61.137.117)
   
   [+] Found http://65.61.137.117:80/images/ 403 (65.61.137.117)
   
   [+] Found http://65.61.137.117:80/static/ 403 (65.61.137.117)
   
   [*] Scanned 1 of 1 hosts (100% complete)
   
   [*] Auxiliary module execution completed
   

6. 扫描出了该网站的管理员目录、银行和图片等关键目录