• Stars
    star
    166
  • Rank 227,748 (Top 5 %)
  • Language
    Shell
  • Created over 4 years ago
  • Updated about 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

gaussrf

It is now discontinued project, and not been maintained



____________________  __   ________________________________
__  ____/__    |_  / / /   __  ___/_  ___/__  __ \__  ____/
_  / __ __  /| |  / / /    _____ \_____ \__  /_/ /_  /_    
/ /_/ / _  ___ / /_/ /     ____/ /____/ /_  _, _/_  __/    
\____/  /_/  |_\____/      /____/ /____/ /_/ |_| /_/       
                                                           


Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters. This Tool was built to present in Null Ahmedabad Deep Dive into SSRF you can get slides from the link.

Prerequisites

You can now use install.sh to install require tools, this tools where made in go it should be installed in your system and dont forget to set path of go properly.

$ sudo chmod +x install.sh
$ ./install.sh

Installation

$ git clone https://github.com/KathanP19/gaussrf.git
$ cd gaussrf/
$ sudo chmod +x ssrf.sh

Usage

Dont Forget to put your blind ssrf testing link or burp collab link in burp.txt or you can use thi site SSRFTest if you dont have BurpPro

          ____________________  __   ________________________________
          __  ____/__    |_  / / /   __  ___/_  ___/__  __ \__  ____/
          _  / __ __  /| |  / / /    _____ \_____ \__  /_/ /_  /_
          / /_/ / _  ___ / /_/ /     ____/ /____/ /_  _, _/_  __/
          \____/  /_/  |_\____/      /____/ /____/ /_/ |_| /_/




Usage: For Using directly where subdomains will be found using Assetfinder
      ./ssrf.sh -d domain.com
      ./ssrf.sh -d domain.com -o output_directory
      ./ssrf.sh -d domain.com -ap
      ./ssrf.sh -d domain.com -o output_directory -ap

Usage: For Using list of Subdomains
      ./ssrf.sh -l subdomains.txt
      ./ssrf.sh -l subdomains.txt -o output_directory
      ./ssrf.sh -l subdomains.txt -ap
      ./ssrf.sh -l subdomains.txt -o output_directory -ap
Options are as follows 
  -d  for direct letting assetfinder handle subdomain part
  -l  for using list of subdomains
  -o  for declaring output directory
  -ap for using parameter appending feature

Credits:

Thanks @tomnomom for Assetfinder!

Thanks @devanshbatham for Drishti!

Thanks @lc for GAU!

Thanks @hussein98d for parameter appending feature.

TODO list

Integrate ffuf to fuzz params with burp collab url.

Add Option For User to Add there own subdoamin list.

Contributors

@iNoSec2 for adding output option.