gaussrf
It is now discontinued project, and not been maintained
____________________ __ ________________________________
__ ____/__ |_ / / / __ ___/_ ___/__ __ \__ ____/
_ / __ __ /| | / / / _____ \_____ \__ /_/ /_ /_
/ /_/ / _ ___ / /_/ / ____/ /____/ /_ _, _/_ __/
\____/ /_/ |_\____/ /____/ /____/ /_/ |_| /_/
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters. This Tool was built to present in Null Ahmedabad Deep Dive into SSRF you can get slides from the link.
Prerequisites
- GetAllUrls - For Fetching Urls
- Assetfinder - For Subdomain Enumeration
- Drishti - For check if url is live or not.
You can now use install.sh to install require tools, this tools where made in go it should be installed in your system and dont forget to set path of go properly.
$ sudo chmod +x install.sh
$ ./install.shInstallation
$ git clone https://github.com/KathanP19/gaussrf.git
$ cd gaussrf/
$ sudo chmod +x ssrf.shUsage
Dont Forget to put your blind ssrf testing link or burp collab link in burp.txt
or you can use thi site SSRFTest if you dont have BurpPro
____________________ __ ________________________________
__ ____/__ |_ / / / __ ___/_ ___/__ __ \__ ____/
_ / __ __ /| | / / / _____ \_____ \__ /_/ /_ /_
/ /_/ / _ ___ / /_/ / ____/ /____/ /_ _, _/_ __/
\____/ /_/ |_\____/ /____/ /____/ /_/ |_| /_/
Usage: For Using directly where subdomains will be found using Assetfinder
./ssrf.sh -d domain.com
./ssrf.sh -d domain.com -o output_directory
./ssrf.sh -d domain.com -ap
./ssrf.sh -d domain.com -o output_directory -ap
Usage: For Using list of Subdomains
./ssrf.sh -l subdomains.txt
./ssrf.sh -l subdomains.txt -o output_directory
./ssrf.sh -l subdomains.txt -ap
./ssrf.sh -l subdomains.txt -o output_directory -ap
Options are as follows
-d for direct letting assetfinder handle subdomain part
-l for using list of subdomains
-o for declaring output directory
-ap for using parameter appending feature
Credits:
Thanks @tomnomom for Assetfinder!
Thanks @devanshbatham for Drishti!
Thanks @lc for GAU!
Thanks @hussein98d for parameter appending feature.
TODO list
Integrate ffuf to fuzz params with burp collab url.
Add Option For User to Add there own subdoamin list.
Contributors
@iNoSec2 for adding output option.