OpenDoor - OWASP Directory Access Scanner

 

OpenDoor es una aplicación que se encarga de escanear un sitio web para encontrar métodos de login, directorios o posibles puntos de acceso al sitio. Tiene licencia GPL y se ha creado con fines educativos e informativos.

El escáner se realiza mediante un diccionario que viene incluido en la herramienta, y por lo tanto puede ser modificado a nuestro gusto, proporcionándonos una gran ventaja a la hora pruebas.

En la versión actual, el diccionario incluye 21631 directorios y 101000 subdominios, bastante denso y muy útil. El único requisito para que funcione es tener instalado Python 2.7.x en adelante.

Características:
- multithreading
- filesystem log
- detect redirects
- random user agent
- random proxy from proxy list
- verbose mode
- subdomains scanner
- HTTP/HTTPS support

Instalación:

En primer lugar, clonaremos el repositorio oficial de que se encuentra en github.

Tras ello, debemos instalar las dependencias. En la carpeta que hemos obtenido tras la descarga ejecutaremos el siguiente comando:

Una vez tengamos las dependencias instaladas, podemos empezar. para usar la herramienta ejecutamos opendoor.py (debe tener permisos).

Uso básico:

Help:

Como veis, es una herramienta más, pero destaca por su potente diccionario y su usabilidad. Está el repositorio oficial en GitHub:

https://github.com/stanislav-web/OpenDoor

Local installation and run

 git clone https://github.com/stanislav-web/OpenDoor.git
 cd OpenDoor/
 pip install -r requirements.txt
 chmod +x opendoor.py

 python3 opendoor.py --host http://www.example.com

Global installation (Preferably for OS distributions)

 git clone https://github.com/stanislav-web/OpenDoor.git
 cd OpenDoor/
 python3 setup.py build && python3 setup.py install

 opendoor --host http://www.example.com

Updates

 python3 opendoor.py --update
 opendoor --update 

v3.4.47-rc Gained more Power! (05.07.2017)

- Added IPs lookup for subdomains scan - Added missing HTTP statuses - Bugfix: encoding errors (supported cp1251,utf8,utf16) for body analyze - Bugfix: allow to use both --random-list & --extension params - Directory closing slash has been removed - Support Internationalized Domain Names IDNA - Removed --indexof (-i) params - Add --ignore-extensions -i param to ignore selected extension - Added --sniff param to process responses - indexof (detect Apache Index Of/ directories) - file (detect large files) - collation (heurisic detect invalid web pages) - skipempty (skip empty valid pages) - Internal dictionaries has been filtered out. Delete all duplicates - Added +990 unique directories (36931)

Help

usage: opendoor.py [-h] [--host HOST] [-p PORT] [-m METHOD] [-t THREADS] [-d DELAY] [--timeout TIMEOUT] [-r RETRIES] [--accept-cookies] [--debug DEBUG] [--tor] [--torlist TORLIST] [--proxy PROXY] [-s SCAN] [-w WORDLIST] [--reports REPORTS] [--reports-dir REPORTS_DIR] [--random-agent] [--random-list] [--prefix PREFIX] [-e EXTENSIONS] [-i IGNORE_EXTENSIONS] [--sniff SNIFF] [--update] [--version] [--examples] [--docs] [--wizard [WIZARD]] optional arguments: -h, --help show this help message and exit required named options: --host HOST Target host (ip); --host http://example.com Application tools: --update Update from CVS --version Get current version --examples Examples of usage --docs Read documentation --wizard [WIZARD] Run wizard scanner from your config Debug tools: --debug DEBUG Debug level 1 - 3 Reports tools: --reports REPORTS Scan reports (json,std,txt,html) --reports-dir REPORTS_DIR Path to custom reports dir Request tools: -p PORT, --port PORT Custom port (Default 80) -m METHOD, --method METHOD Request method (use HEAD as default) -d DELAY, --delay DELAY Delay between requests threading --timeout TIMEOUT Request timeout (30 sec default) -r RETRIES, --retries RETRIES Max retries to reconnect (default 3) --accept-cookies Accept and route cookies from responses --tor Using built-in proxylist --torlist TORLIST Path to custom proxylist --proxy PROXY Custom permanent proxy server --random-agent Randomize user-agent per request Sniff tools: --sniff SNIFF Response sniff plugins (indexof,collation,file,skipempty) Stream tools: -t THREADS, --threads THREADS Allowed threads Wordlist tools: -s SCAN, --scan SCAN Scan type scan=directories or scan=subdomains -w WORDLIST, --wordlist WORDLIST Path to custom wordlist --random-list Shuffle scan list --prefix PREFIX Append path prefix to scan host -e EXTENSIONS, --extensions EXTENSIONS Force use selected extensions for scan session -e php,json e.g -i IGNORE_EXTENSIONS, --ignore-extensions IGNORE_EXTENSIONS Ignore extensions for scan session -i aspx,jsp e.g