jthack/info_disc_silver_bullet.sh

## info_disc_silver_bullet.sh
# Before the first run, read the comments and change the script for your company
# Before anything, install ffuf with `go install github.com/ffuf/ffuf@latest`

# Change the WEBROOT variable below to the location of the webroot
WEBROOT=/var/www/html/CHANGE/ME
# This changes to the webroot directory
cd $WEBROOT
# This makes a directory for storing the files used for this script. Change it to be whatever path you want.
PROJPATH=/home/changeme/project
mkdir -p $PROJPATH
# This finds all the files and writes their paths to the file
find . -name "*" -print | cut -d/ -f2- > $PROJPATH/all_files.txt
# Change to projpath director
cd $PROJPATH
# This fuzzes for all the files and matches 200 response code and saves output in the file. You can use ffuf's other nice outputs if desired but it will break the rest of the script.
ffuf -c -u https://example.com/FUZZ -w all_files.txt -mc 200 -ac -o output.csv
# The first run of this will put all exposed paths into the file. After that, only newly exposed files will be output.
cat output.csv | cut -d, -f2 | anew all_exposed_paths.txt
# You can now review all_exposed_pathss.txt or output.csv or to make sure nothing is exposed that shouldn't be.
# Alternatively (what I recommend) is to pipe the output of the previous command into a slack or discord hook. If you do that, comment out the last line and use this one. Here's my tool I use to send messages to slack (it's 3 lines of code): https://github.com/jthack/toslack
cat output.csv | cut -d, -f2 | anew all_exposed_paths.txt | to_slack
	# Before the first run, read the comments and change the script for your company
	# Before anything, install ffuf with `go install github.com/ffuf/ffuf@latest`

	# Change the WEBROOT variable below to the location of the webroot
	WEBROOT=/var/www/html/CHANGE/ME
	# This changes to the webroot directory
	cd $WEBROOT
	# This makes a directory for storing the files used for this script. Change it to be whatever path you want.
	PROJPATH=/home/changeme/project
	mkdir -p $PROJPATH
	# This finds all the files and writes their paths to the file
	find . -name "*" -print \| cut -d/ -f2- > $PROJPATH/all_files.txt
	# Change to projpath director
	cd $PROJPATH
	# This fuzzes for all the files and matches 200 response code and saves output in the file. You can use ffuf's other nice outputs if desired but it will break the rest of the script.
	ffuf -c -u https://example.com/FUZZ -w all_files.txt -mc 200 -ac -o output.csv
	# The first run of this will put all exposed paths into the file. After that, only newly exposed files will be output.
	cat output.csv \| cut -d, -f2 \| anew all_exposed_paths.txt
	# You can now review all_exposed_pathss.txt or output.csv or to make sure nothing is exposed that shouldn't be.
	# Alternatively (what I recommend) is to pipe the output of the previous command into a slack or discord hook. If you do that, comment out the last line and use this one. Here's my tool I use to send messages to slack (it's 3 lines of code): https://github.com/jthack/toslack
	cat output.csv \| cut -d, -f2 \| anew all_exposed_paths.txt \| to_slack