|
|
@@ -26,11 +26,12 @@ IP_ADDRESS=$(echo $output | head -n 1 | awk '{print $NF}')
|
|
|
echo "[+] IP-Address: ${IP_ADDRESS}"
|
|
|
|
|
|
echo "[ ] Retrieving default site…"
|
|
|
-charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k | wc -m)
|
|
|
-charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m)
|
|
|
-echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
|
|
|
+charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 | wc -m)
|
|
|
+charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k -m 5 | wc -m)
|
|
|
+charcountNonExistent=$(curl -s "${PROTOCOL}://$(uuidgen).${DOMAIN}" -k -m 5 | wc -m)
|
|
|
+echo "[+] Chars: ${charcountDomain}, ${charcountIpAddress}, ${charcountNonExistent}"
|
|
|
echo "[ ] Fuzzing…"
|
|
|
|
|
|
-ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400 --mc all \
|
|
|
+ffuf --fs ${charcountDomain},${charcountIpAddress},${charcountNonExistent} --fc 400 --mc all \
|
|
|
-w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt \
|
|
|
-u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}" "${@:2}"
|
Roman Hergenreder