2020-06-02 14:35:52 +02:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
if [ $# -lt 1 ]; then
|
|
|
|
|
echo "Invalid usage: $0 <domain>"
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
DOMAIN=$1
|
2020-10-07 11:53:57 +02:00
|
|
|
PROTOCOL="http"
|
|
|
|
|
|
|
|
|
|
if [[ $DOMAIN = "https://*" ]]; then
|
|
|
|
|
PROTOCOL="https"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
DOMAIN=$(echo $DOMAIN | sed -e 's|^[^/]*//||' -e 's|/.*$||')
|
2020-06-02 14:35:52 +02:00
|
|
|
|
|
|
|
|
echo "[ ] Resolving IP-Address…"
|
|
|
|
|
output=$(resolveip $DOMAIN 2>&1)
|
|
|
|
|
status=$(echo $?)
|
|
|
|
|
if ! [[ $status == 0 ]] ; then
|
|
|
|
|
echo "[-] ${output}"
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
IP_ADDRESS=$(echo $output | head -n 1 | awk '{print $NF}')
|
|
|
|
|
echo "[+] IP-Address: ${IP_ADDRESS}"
|
|
|
|
|
|
|
|
|
|
echo "[ ] Retrieving default site…"
|
2021-05-31 14:13:01 +02:00
|
|
|
charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k | wc -m)
|
|
|
|
|
charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m)
|
2021-05-09 22:46:29 +02:00
|
|
|
echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
|
2020-06-02 14:35:52 +02:00
|
|
|
echo "[ ] Fuzzing…"
|
|
|
|
|
|
2021-05-12 15:58:19 +02:00
|
|
|
ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400 --mc all \
|
2020-08-09 16:49:02 +02:00
|
|
|
-w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
|
2020-10-07 11:53:57 +02:00
|
|
|
-u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"
|
