Skip to content

Instantly share code, notes, and snippets.

@chrsjhnsn chrsjhnsn/aasa.sh
Last active Apr 19, 2019

Embed
What would you like to do?
Generates URL list from App-Site Association file
#!/bin/bash
# Requirements: httpie, jq
# Inspired by:
# https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/
echo 'Testing URL for AASA'
full=$1/.well-known/apple-app-site-association
check=`curl -sL -w "%{http_code}\n" "$full" -o /dev/null`
if [ $check -eq 200 ]
then
echo 'Staging Environment'
SILENT=true
rm -rf ./.aasatmp/
mkdir ./.aasatmp/
echo 'Gathering URL list'
SILENT=true
http --download $full --output ./.aasatmp/parse.me &> /dev/null
SILENT=false
echo 'Parsing URL list'
SILENT=true
function prepend() { while read line; do echo "${1}${line}"; done; }
jq '.applinks.details' ./.aasatmp/parse.me | grep "/" | sed 's/NOT //g' | sed 's/"//g' | sed 's/,//g' | sed 's/*//g' | tr -d ' ' | prepend $1 > ./.aasatmp/urls.txt
sort -u -o ./.aasatmp/urls.txt{,}
SILENT=false
echo 'Gathering status codes.'
echo '(This might take a while.)'
SILENT=true
cat ./.aasatmp/urls.txt | while read output
do
curl -sL -w "%{http_code}\n" "$output" -o /dev/null >> ./.aasatmp/status.txt
done
SILENT=false
echo 'Generating Output'
SILENT=true
paste -d',' ./.aasatmp/urls.txt ./.aasatmp/status.txt >> ./.aasatmp/body.txt
sort -u -o ./.aasatmp/body.txt{,}
echo 'URL,Status Code' > ./AASA$1.csv
cat ./.aasatmp/body.txt >> ./AASA$1.csv
#rm -rf ./.aasatmp/
SILENT=false
echo 'Complete'
echo 'Generating Preview'
echo ''
cat ./AASA$1.csv | column -t -s, | head -n 10
echo ''
echo 'Full results stored at ./AASA'$1'.csv'
else
echo 'No AASA at' $full
fi
@chrsjhnsn

This comment has been minimized.

Copy link
Owner Author

commented Apr 13, 2019

Inspired by NCC Group's blog post on enumerating interesting URLs with App-Site Association files, a la robots.txt.

No doubt the script could be cleaned up and made much more efficient, but I learned a lot from making this.

Requires jq and httpie.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.