From e0e5ce322875e0d2a3a7e10e64057717bc17c1bd Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Sun, 9 May 2021 22:46:29 +0200
Subject: [PATCH] subdomain fuzz update

---
 subdomainFuzz.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/subdomainFuzz.sh b/subdomainFuzz.sh
index 1628ad3..63af175 100755
--- a/subdomainFuzz.sh
+++ b/subdomainFuzz.sh
@@ -26,10 +26,11 @@ IP_ADDRESS=$(echo $output | head -n 1 |  awk '{print $NF}')
 echo "[+] IP-Address: ${IP_ADDRESS}"
 
 echo "[ ] Retrieving default site…"
-charcount=$(curl -s -L "${PROTOCOL}://${DOMAIN}" -k | wc -m)
-echo "[+] Chars: ${charcount}"
+charcountDomain=$(curl -s -L "${PROTOCOL}://${DOMAIN}" -k | wc -m)
+charcountIpAddress=$(curl -s -L "${PROTOCOL}://${IP_ADDRESS}" -k | wc -m)
+echo "[+] Chars: ${charcountDomain} and ${charcountIpAddress}"
 echo "[ ] Fuzzing…"
 
-ffuf --fs ${charcount} --fc 400,500 \
+ffuf --fs ${charcountDomain},${charcountIpAddress} --fc 400,500 --mc all \
   -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
   -u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"