// *=========================================================================
// * Intro 扫描网站敏感目录的js脚本
// * Usage 把本脚本wwwcan.js、字典文件Dictionary.txt放在同一目录下
// 在命令提示符下输入:Cscript.exe wwwcan.js www.baidu.com
// 扫描结果保存在同目录下的Result.txt文件中
// * Author 雨中风铃
// * WEB http://hi.baidu.com/yanfei6
// *=========================================================================
function getResponse(strURL)
{
var strResult;
try
{
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
WinHttpReq.SetTimeouts(30000, 30000, 30000, 30000);
WinHttpReq.Open("GET", strURL, false);
WinHttpReq.Send();
strResult = strURL + " -> "
strResult += WinHttpReq.Status + " " + WinHttpReq.StatusText;
}
catch (objError)
{
strResult = objError.description;
}
WScript.Echo(strResult);
if (WinHttpReq.Status != 404) SaveResult(strResult);
}
function ScanPath(strURL)
{
var ForReading = 1;
var fso = new ActiveXObject("Scripting.FileSystemObject");
var filename = "Dictionary.txt";
var f = fso.OpenTextFile(filename, ForReading);
while (!f.AtEndOfStream)
{
var r = f.ReadLine().replace(/^\s+|\s+$/g,"");
if (r.length == 0 ) continue;
getResponse(strURL + r);
}
f.Close();
}
function SaveResult(strURL)
{
var ForAppending = 8;
var fso = new ActiveXObject("Scripting.FileSystemObject");
var filename = "Result.txt";
var f = fso.OpenTextFile(filename, ForAppending, true);
f.WriteLine(strURL);
f.Close();
}
function CheckInput()
{
var strURL;
objArgs = WScript.Arguments;
if (objArgs.length != 1) WScript.Quit(1);
strURL = objArgs(0);
if (strURL.substr(0, 7).toLowerCase() != "http://")
{
strURL = "http://" + strURL;
}
if (strURL.charAt(strURL.length-1) != "/")
{
strURL = strURL + "/";
}
return strURL;
}
var strURL = CheckInput();
ScanPath(strURL);
---------------------------------------代码完毕,以下是收集的字典文件Dictionary.txt(来自南非教主)-----------------------------------
admin.asp
adminlogin.asp
admin_index.asp
admin_left.asp
admin_login.asp
admin_main.asp
adminup.asp
admin_up.asp
admin_upload.asp
admin_upfile.asp
admin_uploads.asp
admin_upfiles.asp
ad_login.asp
ad_admin.asp
ad_upload.asp
ad_upfile.asp
addpic.asp
addimg.asp
add_img.asp
add_form.asp
add_pic.asp
user.asp
userlogin.asp
user_index.asp
user_left.asp
user_login.asp
user_main.asp
userup.asp
user_up.asp
user_upload.asp
user_upfile.asp
user_uploads.asp
user_upfiles.asp
backup.asp
backupdb.asp
conn.asp
config.asp
dir.asp
install.asp
login.asp
login1.asp
logon.asp
main.asp
manage.asp
photomanager.asp?pictype=../images/photo
pic_upload.asp
setup.asp
Neeao_sql_user.asp
tool.asp
tools.asp
upimage.asp
upimg.asp
upimgs.asp
upimages.asp
upload.asp
uploada.asp
uploadfile.asp
upload1.asp
uploadface.asp
upload_dialog.asp
upload_file.asp
upload_face.asp
upload_flash.asp
upload_form.asp
upload_other.asp
upload_class.asp
upload_photo.asp
upload_photos.asp
upload_pic.asp
upload_Product.asp
upload_soft.asp
upload_files.asp
uploadpic.asp
upfile.asp
upfilea.asp
upfile1.asp
upfile2.asp
upfiles.asp
Upfile_pic.asp?mytype=tour
upfile_other.asp
upfile_photo.asp
upfile_soft.asp
upfile_flash.asp
upfile_dialog.asp
upfile_softpic.asp
up.asp
ups.asp
up1.asp
upme.asp
1.asp
2.asp
11.asp
diy.asp
diy1.asp
data.mdb
%23data.mdb
www.rar
web.rar
wwwroot.rar
user.rar
include.rar
inc.rar
new.rar
news.rar
新建 文本文档.txt
用户密码.txt
密码.txt
帐号密码.txt
使用说明.txt
说明.txt
使用手册.txt
程序说明.txt
系统说明.txt
程序说明.txt
安装说明.txt
安装必读.txt
安装手册.txt
管理员.txt
管理.txt
1.txt
2.txt
123.txt
11.txt
robots.txt
新建 Microsoft Word 文档.doc
使用说明.doc
说明.doc
使用手册.doc
程序说明.doc
系统说明.doc
程序说明.doc
安装说明.doc
安装必读.doc
安装手册.doc
admin
admin1
admin2
admin123
admins
admin888
adm
administrator
administrators
adminusers
asp
Backup
Back
Bak
boss
CN
Chinese
CuteSoft_Client
cuteeditor
Data
databackup
databack
database
datas
db
dbbackup
dbback
dbbak
EN
English
eweb
eWebEditor
eWebEdit
Editor
Edit
FCKEditor
guanli
Houtai
htadmin
htguali
houtaiguanli
HTML
HTMLEdit
HTMLEditor
INC
Include
Login
Logins
Logon
Main
Manage
Manager
Management
Manages
Member
Master
Masters
Nadmin
NEW
NEWS
NEWSadmin
NEWadmin
southidceditor
southeditor
southedit
System
sysadm
SYSadmin
Sys_admin
szwyadmin
Temp
TextEditor
Up
upfile
upfiles
Upload
uploads
User
Users
userfiles
WEB
web_admin
web_manage
WebEdit
WebEditor
WebMaster
Webadmin
Webadmins
webdata
web_data
WebManage
WebManages
WebLogin
WWW