From 59a10ddeada1b3646b7307a621e70b2b9c628631 Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Sun, 9 Aug 2020 16:49:02 +0200
Subject: [PATCH] wfuzz -> ffuf

---
 first_scan.sh    | 2 +-
 subdomainFuzz.sh | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/first_scan.sh b/first_scan.sh
index b8437a3..2a85fe4 100755
--- a/first_scan.sh
+++ b/first_scan.sh
@@ -22,7 +22,7 @@ if ! [[ $status == 0 ]] ; then
 fi
 
 echo "[+] Scanning for open ports…"
-PORTS=$(nmap -p- --min-rate=1000 -T4 ${IP_ADDRESS} | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
+PORTS=$(nmap -p- -T4 ${IP_ADDRESS} | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
 if [ -z "${PORTS}" ]; then
     echo "[-] No open ports found"
     exit
diff --git a/subdomainFuzz.sh b/subdomainFuzz.sh
index d9d8158..b1d2978 100755
--- a/subdomainFuzz.sh
+++ b/subdomainFuzz.sh
@@ -23,4 +23,6 @@ charcount=$(curl -s -L $DOMAIN | wc -m)
 echo "[+] Chars: ${charcount}"
 echo "[ ] Fuzzing…"
 
-wfuzz --hh ${charcount} --ip "${IP_ADDRESS}" --hc 400,500 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt "http://FUZZ.${DOMAIN}"
+ffuf --fs ${charcount} --fc 400,500 \
+  -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
+  -u "http://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"