diff --git a/subdomainFuzz.sh b/subdomainFuzz.sh index 7466a91..6333b95 100755 --- a/subdomainFuzz.sh +++ b/subdomainFuzz.sh @@ -26,11 +26,12 @@ IP_ADDRESS=$(echo $output | head -n 1 | awk '{print $NF}') echo "[+] IP-Address: ${IP_ADDRESS}" echo "[ ] Retrieving default site…" -charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k | wc -m) -charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m) -echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}" +charcountDomain=$(curl -s "${PROTOCOL}://${DOMAIN}" -k -m 5 | wc -m) +charcountIpAddress=$(curl -s "${PROTOCOL}://${IP_ADDRESS}" -k -m 5 | wc -m) +charcountNonExistent=$(curl -s "${PROTOCOL}://$(uuidgen).${DOMAIN}" -k -m 5 | wc -m) +echo "[+] Chars: ${charcountDomain}, ${charcountIpAddress}, ${charcountNonExistent}" echo "[ ] Fuzzing…" -ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400 --mc all \ +ffuf --fs ${charcountDomain},${charcountIpAddress},${charcountNonExistent} --fc 400 --mc all \ -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-110000.txt \ -u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}" "${@:2}"