#!/bin/bash
## this tool to take parameters that have '=' and add 'FUZZ' at the end of '=' the ultimate goal of this tool is to perform fuzzing and checking of vulnerable parameters
domain=$1
url="https://web.archive.org/cdx/search/cdx?url=*."$domain"/*&output=txt&fl=original&collapse=urlkey&page=/"
if [[ -z "$domain" ]]; then
echo "Include the domain as an argument"
exit 1
fi
response=$(curl -s $url)
parameters=$(echo $response | grep -oE '.?://.?[^=]+=' | grep -vE '\?[^=]+$'| sort -u)
##Declare an empty array to store unique parameters
declare -a unique_parameters
declare -a urls
# check if the parameter is already in the array of unique parameters
for parameter in $parameters; do
if [[ ! " ${unique_parameters[@]} " =~ " ${parameter} " && ! "${parameter}" =~ .(png|jpg|jpeg|gif|webp|svg|css|js|ttf)$ && "${parameter}" =~ "=" ]]; then
parameter=${parameter//http:\/\/}
parameter=${parameter//https:\/\/}
parameter=${parameter//s:\/\/}
parameter=${parameter//:\/\/}
unique_parameters+=("$parameter")
fi
done
for url in "${unique_parameters[@]}"; do
if [[ ! " ${urls[@]} " =~ " ${url} " ]]; then
urls+=("$url")
fi
done
#Loop through the unique parameters and replace the value with the placeholder
for parameter in "${urls[@]}"; do
echo ${parameter}FUZZ | sort -u >> "$domain.txt"
done
Created
February 2, 2024 11:25
-
-
Save z0rs/86fbffbe1401b79b2a843ef57ae09716 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment