-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrfuzzer
106 lines (88 loc) · 3.12 KB
/
rfuzzer
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
#!/bin/bash
# Function to print usage information
usage() {
echo "Usage: $0 -i inputfile -o outputfile [--full] [-e | --endpoint] [-f | --fuzz] [-h | --help]"
echo ""
echo "Options:"
echo " -i, --input Provide the input file."
echo " -o, --output Specify the name of the output file."
echo " --full Add the 'FUZZ' keyword after all '=' in a URL."
echo " -e, --endpoint Shorten the URL by removing data after '=' and add 'FUZZ' at the end of the parameter."
echo " -f, --fuzz Fuzz the output recursively using a specified wordlist."
echo " -h, --help Display this help message and exit."
exit 0
}
# Parse command-line arguments
inputfile=""
outputfile=""
full_mode=false
endpoint_mode=false
fuzz_mode=false
while [[ "$#" -gt 0 ]]; do
case $1 in
-i|--input) inputfile="$2"; shift ;;
-o|--output) outputfile="$2"; shift ;;
--full) full_mode=true ;;
-e|--endpoint) endpoint_mode=true ;;
-f|--fuzz) fuzz_mode=true ;;
-h|--help) usage ;;
*) echo "Unknown parameter passed: $1"; usage ;;
esac
shift
done
# Check if inputfile and outputfile are provided
if [ -z "$inputfile" ] || [ -z "$outputfile" ]; then
echo "Error: Input file and output file are required."
usage
fi
# Check if input file exists
if [ ! -f "$inputfile" ]; then
echo "Error: The input file $inputfile does not exist."
exit 1
fi
# If fuzz mode is enabled, prompt for wordlist
if $fuzz_mode; then
read -p "Enter the path to the wordlist file: " wordlist
if [ ! -f "$wordlist" ]; then
echo "Error: The wordlist file $wordlist does not exist."
exit 1
fi
fi
# If only -i and -o are provided, modify URLs and save to output
if [ "$full_mode" = false ] && [ "$endpoint_mode" = false ] && [ "$fuzz_mode" = false ]; then
# Read the input file content
text=$(<"$inputfile")
# Regex pattern to match URLs
url_pattern='https\?://[^[:space:]]\+'
# Replace original URLs with modified URLs in the text
modified_text=$(echo "$text" | sed "s|\($url_pattern\)|\1/FUZZ|g")
# Save the modified text to the output file
echo "$modified_text" > "$outputfile"
echo "Modified text has been saved to $outputfile."
exit 0
fi
# Process the input file based on the selected mode
if $full_mode; then
url=$(sed 's/=/=FUZZ/g' "$inputfile")
echo "$url" > "$outputfile"
echo "Output saved to $outputfile."
elif $endpoint_mode; then
url=$(sed 's/=.*/=FUZZ/' "$inputfile")
echo "$url" > "$outputfile"
echo "Output saved to $outputfile."
fi
# If fuzz mode is enabled
if $fuzz_mode; then
if [ ! -s "$outputfile" ]; then
echo "Error: Output file is empty. Please check your input or processing options."
exit 1
fi
echo "Fuzzing with the specified wordlist..."
# Initialize or clear the fuzzed.txt file
> fuzzed.txt
# Read each URL from the output file and run ffuf
while IFS= read -r url; do
ffuf -u "$url" -w "$wordlist" -c -v -mc 200,302,301 | tee -a fuzzed.txt
done < "$outputfile"
echo "Fuzzing results saved to fuzzed.txt."
fi