Subdomain Fuzz: static IP

subdomainFuzz.sh

@@ -14,13 +14,19 @@ fi
 
 DOMAIN=$(echo $DOMAIN | sed -e 's|^[^/]*//||' -e 's|/.*$||')
 
-
-echo "[ ] Resolving IP-Address…"
-output=$(resolveip $DOMAIN 2>&1)
-status=$(echo $?)
-if ! [[ $status == 0 ]] ; then
-  echo "[-] ${output}"
-  exit
+if [ $# -lt 2 ]; then
+  echo "[ ] Resolving IP-Address…"
+  output=$(resolveip $DOMAIN 2>&1)
+  status=$(echo $?)
+  if ! [[ $status == 0 ]] ; then
+    echo "[-] ${output}"
+    exit
+  fi
+  IP_ADDRESS=$(echo $output | head -n 1 |  awk '{print $NF}')
+  echo "[+] IP-Address: ${IP_ADDRESS}"
+else
+  IP_ADDRESS=$2
+  echo "[+] Using IP-Address: ${IP_ADDRESS}"
 fi
 
 function sni () {
@@ -37,17 +43,15 @@ function sni () {
   echo $sni
 }
 
-IP_ADDRESS=$(echo $output | head -n 1 |  awk '{print $NF}')
-echo "[+] IP-Address: ${IP_ADDRESS}"
 echo "[ ] Retrieving default site…"
 rnd=$(uuidgen)
 sni=$(sni ${PROTOCOL} ${rnd}.${DOMAIN})
-charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 | wc -m)
 charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k -m 5 | wc -m)
 charcountNonExistent=$(curl -s "${PROTOCOL}://${rnd}.${DOMAIN}" --resolve "${sni}:${IP_ADDRESS}" -k -m 5 | wc -m)
+charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 | wc -m)
 echo "[+] Chars: ${charcountDomain}, ${charcountIpAddress}, ${charcountNonExistent}"
 echo "[ ] Fuzzing…"
 
 (set -x; ffuf --fs ${charcountDomain},${charcountIpAddress},${charcountNonExistent} --fc 400 --mc all \
   -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt \
-  -u "${PROTOCOL}://${DOMAIN}" -H "Host: FUZZ.${DOMAIN}" "${@:2}")
+  -u "${PROTOCOL}://${DOMAIN}" -H "Host: FUZZ.${DOMAIN}" "${@:2}")