In the penetration test process, scanning sensitive directory files is a very important thing, so next, we use java to do a directory scanning demo. Similarly, for network programming, the following classes are used:

Next, the HTTP urlconnection class is divided into request and response according to the HTTP request. In this way, it is more convenient to operate the HTTP protocol directly.

The request class is as follows:

The response class is as follows:

There are two classes, so next step into the main topic. In scanning, it is generally the fastest to use the head method, because there is no need to wait to get HTTP body, that is, HTML, JS, CSS and other data.

The code is as follows:

The agent is used here, and the package is grabbed with burpsusuite to check whether it is correct. Sure enough, some of them are OK.

PS: if you don't know how to use a proxy, please read another article, Java writing proxy server (burp intercepts demo)

But one thing we need to pay attention to is that 302 jump is forbidden. For example, we visit:

Http://www.baidu.com/xxx.html, this "XXX. HTML" page does not exist, so in order to avoid 404 errors, the server will directly redirect to another page, generally the "error" page, as shown in the following figure:

This page does not exist, but if 302 jump is not prohibited, status code 200 will still be returned! , as shown in the figure below.

So we can call request. Setinstancefollowredirects (false) to disable 302 auto jump, as shown in the figure below, no problem.

Next, you can do a multi-threaded scan. I won't say it one by one. Can't it be IO and status.