HackingScripts/subdomainFuzz.sh

#!/bin/bash

if [ $# -lt 1 ]; then
  echo "Invalid usage: $0 <domain>"
  exit
fi

DOMAIN=$1
PROTOCOL="http"

if [[ $DOMAIN = https://* ]]; then
   PROTOCOL="https"
fi

DOMAIN=$(echo $DOMAIN | sed -e 's|^[^/]*//||' -e 's|/.*$||')

echo "[ ] Resolving IP-Address…"
output=$(resolveip $DOMAIN 2>&1)
status=$(echo $?)
if ! [[ $status == 0 ]] ; then
  echo "[-] ${output}"
  exit
fi

IP_ADDRESS=$(echo $output | head -n 1 |  awk '{print $NF}')
echo "[+] IP-Address: ${IP_ADDRESS}"

echo "[ ] Retrieving default site…"
charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 | wc -m)
charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k -m 5 | wc -m)
charcountNonExistent=$(curl -s "${PROTOCOL}://$(uuidgen).${DOMAIN}" -k -m 5 | wc -m)
echo "[+] Chars: ${charcountDomain}, ${charcountIpAddress}, ${charcountNonExistent}"
echo "[ ] Fuzzing…"

(set -x; ffuf --fs ${charcountDomain},${charcountIpAddress},${charcountNonExistent} --fc 400 --mc all \
  -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt \
  -u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}" "${@:2}")
subdomain fuzzing 2020-06-02 14:35:52 +02:00			`#!/bin/bash`

			`if [ $# -lt 1 ]; then`
			`echo "Invalid usage: $0 <domain>"`
			`exit`
			`fi`

			`DOMAIN=$1`
https support for subdomain fuzzing 2020-10-07 11:53:57 +02:00			`PROTOCOL="http"`

some bugfixes 2021-07-17 17:44:21 +02:00			`if [[ $DOMAIN = https://* ]]; then`
https support for subdomain fuzzing 2020-10-07 11:53:57 +02:00			`PROTOCOL="https"`
			`fi`

			`DOMAIN=$(echo $DOMAIN \| sed -e 's\|^[^/]//\|\|' -e 's\|/.$\|\|')`
subdomain fuzzing 2020-06-02 14:35:52 +02:00
			`echo "[ ] Resolving IP-Address…"`
			`output=$(resolveip $DOMAIN 2>&1)`
			`status=$(echo $?)`
			`if ! [[ $status == 0 ]] ; then`
			`echo "[-] ${output}"`
			`exit`
			`fi`

			`IP_ADDRESS=$(echo $output \| head -n 1 \| awk '{print $NF}')`
			`echo "[+] IP-Address: ${IP_ADDRESS}"`

			`echo "[ ] Retrieving default site…"`
subdomain fuzzing adjustment 2023-09-10 11:15:00 +02:00			`charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 \| wc -m)`
			`charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k -m 5 \| wc -m)`
			`charcountNonExistent=$(curl -s "${PROTOCOL}://$(uuidgen).${DOMAIN}" -k -m 5 \| wc -m)`
			`echo "[+] Chars: ${charcountDomain}, ${charcountIpAddress}, ${charcountNonExistent}"`
subdomain fuzzing 2020-06-02 14:35:52 +02:00			`echo "[ ] Fuzzing…"`

new functions 2023-10-01 11:23:05 +02:00			`(set -x; ffuf --fs ${charcountDomain},${charcountIpAddress},${charcountNonExistent} --fc 400 --mc all \`
Project re-structuring (python naming conventions) 2022-01-23 22:09:12 +01:00			`-w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt \`
new functions 2023-10-01 11:23:05 +02:00			`-u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}" "${@:2}")`