search

chainreactors / spray

Next Generation HTTP Dir/File Fuzz Tool
https://chainreactors.github.io/wiki/spray/
GNU General Public License v3.0
381 stars 27 forks source link

递归扫描不工作 #36

Closed pphuahua closed 1 month ago

pphuahua commented 2 months ago

某网站二级目录包含二级目录,如下所示: https://abc.com/test/ 且字典里含有test,通过命令 ./spray_darwin_arm64 -u https://abc.com/ -d path.txt --black-status=401,400,404,500,503 可以成功扫描到test目录

[+] [redirect] https://abc.com/test --> https://abc.com/test/ - 200 - 31851 - 325ms [XXX] [sim:19] [nginx] [XXX]

且test目录下含有license页面:https://abc.com/test/license(字典里同样含有license) 但是通过配置递归无法扫描到license ./spray_darwin_arm64 -u https://abc.com/ -d path.txt --black-status=401,400,404,500,503 --depth 2

通过以下命令同样不可以 /spray_darwin_arm64 -u https://abc.com/ -d path.txt --black-status=401,400,404,500,503 --recursive "current.IsDir() && current.Status == 200"

M09Ic commented 2 months ago

已确认问题, expr表达式库更新导致老的写法失效. 正在适配新的写法

M09Ic commented 2 months ago

image

pphuahua commented 1 month ago

在实际场景中,依旧无法实现递归扫描吗,方便加个联系方式吗

M09Ic commented 1 month ago

因为暂时还没发布新版本, 可以尝试使用dev分支自行编译.

联系方式可以邮件发送微信 m09ician@gmail.com 😊

M09Ic commented 1 month ago

done. https://github.com/chainreactors/spray/releases/tag/v0.9.8