search

maurosoria / dirsearch

Web path scanner
12.27k stars 2.32k forks source link

The target website exists index.php file but cannot scan out (v-0.4.3) #1287

Closed QQYYHH closed 1 month ago

QQYYHH commented 1 year ago

The target website exists index.php file but cannot scan out

dirsearch-v0.4.3

I set up a PHP website myself and created index.php, but I can't scan out index.php with my own wordlist. My wordlist content is as follows:

index.%EXT%
index.php/login
index.phps

The command I use is as follows:

python3 dirsearch.py -e php -w db/my.txt -u http://localhost:8888

The results of dirsearch-v0.4.3 is as follows, only appear [15:17:51] 404 - 543B - /index.phps


  _|. _ _  _  _  _ _|_    v0.4.3
 (_||| _) (/_(_|| (_| )

Extensions: php | HTTP method: GET | Threads: 30 | Wordlist size: 3

Output: /home/qyh/github/dirsearch-v0.4.3/reports/http_localhost_8888/_23-02-28_15-17-51.txt

Target: http://localhost:8888/

[15:17:51] Starting:
[15:17:51] 404 -  543B  - /index.phps

My PHP server log is as follows:

[Tue Feb 28 15:17:51 2023] 127.0.0.1:47994 [404]: GET /index.phps - No such file or directory
[Tue Feb 28 15:17:51 2023] 127.0.0.1:47994 Closing
[Tue Feb 28 15:17:51 2023] 127.0.0.1:48010 [200]: GET /index.php/login
[Tue Feb 28 15:17:51 2023] 127.0.0.1:48010 Closing
[Tue Feb 28 15:17:51 2023] 127.0.0.1:48014 [200]: GET /index.php
[Tue Feb 28 15:17:51 2023] 127.0.0.1:48014 Closing
[Tue Feb 28 15:23:38 2023] 127.0.0.1:39112 Accepted
[Tue Feb 28 15:23:38 2023] 127.0.0.1:39112 [200]: GET /index.php/login
[Tue Feb 28 15:23:38 2023] 127.0.0.1:39112 Closing

It can be seen from the log that Index.php is indeed accessed, but it has not appeared in the results of dirsearch-v0.4.3

Prady18 commented 1 year ago

It seems like you are trying to scan a website using a wordlist, but you are having trouble finding the index.php page. Here are some steps that might help you:

1.Make sure your web server is running and the website is accessible. You can check this by visiting the website in your web browser.

2.Check if the index.php page is accessible by typing the URL http://yourwebsite.com/index.php in your web browser. If you see the index.php page, then it's working.

3.If you can't find the index.php page using your wordlist, try using a different wordlist that includes common file names and extensions, such as admin.php, config.php, login.php, etc.

4.You can also try using a web vulnerability scanner tool like Nikto or OWASP ZAP to scan your website for vulnerabilities and find hidden files and directories.

             Regarding your specific wordlist, it looks like you have included some variations of the index.php filename. %EXT% is a placeholder that will be replaced with the file extension, so index.%EXT% will become index.php in this case. index.php/login might be a valid URL if you have a login directory inside the index.php file. index.phps is a file extension that is not commonly used, but it's worth checking if your web server supports it.

👾

shelld3v commented 1 year ago

Because http://localhost:8888/index.php had the same response as http://localhost:8888/, so dirsearch filtered it