Skip to content

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

Notifications You must be signed in to change notification settings

KathanP19/gaussrf

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 

Repository files navigation

gaussrf

It is now discontinued project, and not been maintained



____________________  __   ________________________________
__  ____/__    |_  / / /   __  ___/_  ___/__  __ \__  ____/
_  / __ __  /| |  / / /    _____ \_____ \__  /_/ /_  /_    
/ /_/ / _  ___ / /_/ /     ____/ /____/ /_  _, _/_  __/    
\____/  /_/  |_\____/      /____/ /____/ /_/ |_| /_/       
                                                           


Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters. This Tool was built to present in Null Ahmedabad Deep Dive into SSRF you can get slides from the link.

Prerequisites

You can now use install.sh to install require tools, this tools where made in go it should be installed in your system and dont forget to set path of go properly.

$ sudo chmod +x install.sh
$ ./install.sh

Installation

$ git clone https://github.com/KathanP19/gaussrf.git
$ cd gaussrf/
$ sudo chmod +x ssrf.sh

Usage

Dont Forget to put your blind ssrf testing link or burp collab link in burp.txt or you can use thi site SSRFTest if you dont have BurpPro

          ____________________  __   ________________________________
          __  ____/__    |_  / / /   __  ___/_  ___/__  __ \__  ____/
          _  / __ __  /| |  / / /    _____ \_____ \__  /_/ /_  /_
          / /_/ / _  ___ / /_/ /     ____/ /____/ /_  _, _/_  __/
          \____/  /_/  |_\____/      /____/ /____/ /_/ |_| /_/




Usage: For Using directly where subdomains will be found using Assetfinder
      ./ssrf.sh -d domain.com
      ./ssrf.sh -d domain.com -o output_directory
      ./ssrf.sh -d domain.com -ap
      ./ssrf.sh -d domain.com -o output_directory -ap

Usage: For Using list of Subdomains
      ./ssrf.sh -l subdomains.txt
      ./ssrf.sh -l subdomains.txt -o output_directory
      ./ssrf.sh -l subdomains.txt -ap
      ./ssrf.sh -l subdomains.txt -o output_directory -ap
Options are as follows 
  -d  for direct letting assetfinder handle subdomain part
  -l  for using list of subdomains
  -o  for declaring output directory
  -ap for using parameter appending feature

Credits:

Thanks @tomnomom for Assetfinder!

Thanks @devanshbatham for Drishti!

Thanks @lc for GAU!

Thanks @hussein98d for parameter appending feature.

TODO list

Integrate ffuf to fuzz params with burp collab url.

Add Option For User to Add there own subdoamin list.

Contributors

@iNoSec2 for adding output option.

About

Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages