https support for subdomain fuzzing

2020-10-07 11:53:57 +02:00 · 2020-10-07 11:53:57 +02:00 · fcb562e6df
commit fcb562e6df
parent 018eac82dd
1 changed files with 9 additions and 2 deletions
--- a/subdomainFuzz.sh
+++ b/subdomainFuzz.sh
@ -6,6 +6,13 @@ if [ $# -lt 1 ]; then
 fi

 DOMAIN=$1
+PROTOCOL="http"
+
+if [[ $DOMAIN = "https://*" ]]; then
+   PROTOCOL="https"
+fi
+
+DOMAIN=$(echo $DOMAIN | sed -e 's|^[^/]*//||' -e 's|/.*$||')

 echo "[ ] Resolving IP-Address…"
 output=$(resolveip $DOMAIN 2>&1)
@ -19,10 +26,10 @@ IP_ADDRESS=$(echo $output | head -n 1 |  awk '{print $NF}')
 echo "[+] IP-Address: ${IP_ADDRESS}"

 echo "[ ] Retrieving default site…"
-charcount=$(curl -s -L $DOMAIN | wc -m)
+charcount=$(curl -s -L "${PROTOCOL}://${DOMAIN}" -k | wc -m)
 echo "[+] Chars: ${charcount}"
 echo "[ ] Fuzzing…"

 ffuf --fs ${charcount} --fc 400,500 \
  -w /usr/share/wordlists/SecLists/Discovery/Web-Content/raft-large-words-lowercase.txt \
-  -u "http://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"
+  -u "${PROTOCOL}://${IP_ADDRESS}" -H "Host: FUZZ.${DOMAIN}"