如果不想输出403的状态码到文件里面，应该怎么操作

lovelyjuice commented 3 months ago

我现在用的是.\spray_windows_amd64.exe -l all_url.txt -d dict.txt --pool 400 --rate-limit 1 --black-status 400,410,403,404,500,501,502,503 -f spray_result.txt，但是spray_result里面依旧会有其他状态码的结果

M09Ic commented 3 months ago

我随便找了个网站测试似乎是正常运作。是否能提供具体案例测试?

.\spray.exe -u http://39.98.123.122:80
[warn] not set any dictionary, use default dictionary: https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
[*] [pool] task: http://39.98.123.122:80, total 9645 words, 20 threads, proxy:  , 2024-05-06 15:31.15
[+] [index] http://39.98.123.122:80/ - 302 - 0 - 71ms [txt data] [nginx]  --> http://39.98.123.122/login;jsessionid=E5E1D6DB015517B8D5EE1DD99F5C990A
[+] [redirect] http://39.98.123.122:80/TEqNEdCzaIkuvkMh --> http://39.98.123.122:80/login;jsessionid=AC2102B8BED57E1294161220F878726E - 200 - 3887 - 34ms [云仓MIS-用户中心] [nginx]
[+] [word] http://39.98.123.122:80/favicon.ico - 404 - 1396 - 42ms [云仓MIS-用户中心] [nginx]
[+] [word] http://39.98.123.122:80/flow/registries - 200 - 65 - 38ms [nginx]
[+] [word] http://39.98.123.122:80/META-INF/app-config.xml - 404 - 682 - 40ms [HTTP Status 404 – Not Found] [nginx] [tomcat:8.5.57]
[+] [word] http://39.98.123.122:80/static.. - 404 - 555 - 47ms [404 Not Found] [nginx]
[+] [word] http://39.98.123.122:80/static/api/swagger.yaml - 404 - 153 - 39ms [404 Not Found] [nginx]
[+] [redirect] http://39.98.123.122:80/static --> http://39.98.123.122:80/static/ - 403 - 153 - 44ms [403 Forbidden] [nginx]
[+] [redirect] http://39.98.123.122:80/v3 --> http://39.98.123.122:80/v3/ - 403 - 555 - 34ms [403 Forbidden] [nginx]

.\spray.exe -u http://39.98.123.122:80  --black-status +404,+400
39.98.123.122:80
[warn] not set any dictionary, use default dictionary: https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
[*] [pool] task: http://39.98.123.122:80, total 9645 words, 20 threads, proxy:  , 2024-05-06 15:30.50
[+] [index] http://39.98.123.122:80/ - 302 - 0 - 83ms [txt data] [nginx]  --> http://39.98.123.122/login;jsessionid=7EDBDFD0EA65FB77C7E888A9ED643D30
[+] [redirect] http://39.98.123.122:80/bNOHaKtUscbGlMaR --> http://39.98.123.122:80/login;jsessionid=5AED8790678A817316A9D657F542ADC2 - 200 - 3887 - 47ms [云仓MIS-用户中心] [nginx]
[+] [word] http://39.98.123.122:80/flow/registries - 200 - 65 - 31ms [nginx]
[+] [redirect] http://39.98.123.122:80/static --> http://39.98.123.122:80/static/ - 403 - 555 - 41ms [403 Forbidden] [nginx]

 .\spray.exe -u http://39.98.123.122:80  --black-status +404,+400,+403
39.98.123.122:80
[warn] not set any dictionary, use default dictionary: https://github.com/maurosoria/dirsearch/blob/master/db/dicc.txt
[*] [pool] task: http://39.98.123.122:80, total 9645 words, 20 threads, proxy:  , 2024-05-06 15:34.13
[+] [index] http://39.98.123.122:80/ - 302 - 0 - 69ms [txt data] [nginx]  --> http://39.98.123.122/login;jsessionid=5DAD831DC0EAFFFFCE76C08771944382
[+] [redirect] http://39.98.123.122:80/RhyskjEANQistNGT --> http://39.98.123.122:80/login;jsessionid=0659F38271B666E5AB11790B65CC5CD0 - 200 - 3887 - 36ms [云仓MIS-用户中心] [nginx]
[+] [word] http://39.98.123.122:80/flow/registries - 200 - 65 - 36ms [nginx]

lovelyjuice commented 3 months ago

应该是我搞错了，403确实没有输出到文件里面

chainreactors / spray

如果不想输出403的状态码到文件里面，应该怎么操作 #34