In our last blog post, we delved into DirBuster and its utility in pinpointing particular phishing pages. In this installment, we’ll shift our attention to a Python script I’ve developed. This complimentary tool enables you to parse your unique paths and asynchronously verify the presence of those paths in a specific domain. Additionally, it provides the flexibility to designate a preferred proxy. The outcome is conveniently displayed in the terminal.
How to install
- Create a new folder, called “
phishbuster
“. - In that folder, create a new file called “
default_paths.tsv
“ - In the same folder, create a new file “
Scan.py
“
default_paths.tsv
Copy the data below and paste it into default_paths.tsv
. Save this file.
enabled path FALSE admin TRUE pay FALSE login
Scan.py code
Copy the code below and paste it into Scan.py
which we made previously. Save this file.
#By Reza Rafati #From Cyberwarzone.com #Feel free to use and edit. #Goal: Scans for specific paths on designated domains import aiohttp import asyncio import csv async def fetch_url(session, url, proxy=None, user_agent=None): headers = {'User-Agent': user_agent} if user_agent else None try: async with session.get(url, proxy=proxy, headers=headers) as response: return url, response.status except aiohttp.ClientError: return url, None async def parse_paths_async(file_path, proxy=None,user_agent=None): tasks = [] results = [] async with aiohttp.ClientSession() as session: with open(file_path, 'r') as file: reader = csv.reader(file, delimiter='\t') # Skip the header next(reader) for row in reader: path = row[1] url = target + "/" + path task = asyncio.create_task(fetch_url(session, url, proxy=proxy,user_agent=user_agent)) tasks.append(task) for task in asyncio.as_completed(tasks): result = await task results.append(result) return results file_path = 'default_paths.tsv' target = "https://cyberwarzone.com" selected_proxy = None selected_user_agent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36' #selected_proxy = 'http://proxy.example.com:8080' loop = asyncio.get_event_loop() results = loop.run_until_complete(parse_paths_async(file_path, proxy=selected_proxy,user_agent=selected_user_agent)) for url, status_code in results: if status_code is not None: if target in url: print(f"URL: {url} | Status Code: {status_code}") else: print(f"URL: {url} | Failed to fetch")
Start Run.py
Run the code with python Run.py
and wait for the output.