-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathffuf.sh
More file actions
77 lines (64 loc) · 2.1 KB
/
ffuf.sh
File metadata and controls
77 lines (64 loc) · 2.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash
output=""
exts=""
wordlist=""
while getopts ":u:w:a:o:e:h" opt; do
case ${opt} in
u) u=$OPTARG ;;
w) wordlist=$OPTARG ;;
a) add=$OPTARG ;;
o) output="$OPTARG" ;;
e) exts=$OPTARG ;;
h)
echo "Usage: $0 -u <url> -w <wordlist_path> [-e <extensions>] [-a <ffuf options>] [-o <output file>]"
echo " -u Target URL with FUZZ"
echo " -w Full path to wordlist (e.g., ~/wordlists/fuzz.txt)"
echo " -e Extensions (e.g., .php,.bak) [optional]"
echo " -a Additional ffuf options [optional]"
echo " -o Output file name [optional]"
exit 0
;;
\?) echo "Invalid option: -$OPTARG" >&2; exit 1 ;;
:) echo "Option -$OPTARG requires an argument." >&2; exit 1 ;;
esac
done
if [[ -z "$u" || -z "$wordlist" ]]; then
echo "Error: -u (URL) and -w (wordlist path) are required." >&2
exit 1
fi
random=$RANDOM
temp_dir="/tmp/$random"
mkdir -p "$temp_dir"
# Build ffuf command
cmd=(ffuf -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" \
-mc all -fc 404,400 \
-w "$wordlist" -u "$u" \
-o "$temp_dir/results.json" -od "$temp_dir/bodies/" -of json)
# Add extensions if provided
if [[ -n "$exts" ]]; then
cmd+=(-e "$exts")
fi
# Add extra ffuf options if provided
if [[ -n "$add" ]]; then
IFS=' ' read -r -a add_opts <<< "$add"
cmd+=("${add_opts[@]}")
fi
# Run ffuf
"${cmd[@]}"
# Post-process results
ffufPostprocessing -result-file "$temp_dir/results.json" \
-bodies-folder "$temp_dir/bodies/" \
-new-result-file "$random.json"
# Format results
results=$(jq -r '"\(.config.method) \(.results[] | "\(.input.FUZZ) \(.url) \(.status) \(.length) \(.words) \(.lines) \(.redirectlocation)")"' "$random.json" | column -t | sort -k5,5nr)
# Output results
if [[ -n "$output" ]]; then
[[ $output != *.txt ]] && output="$output.txt"
echo "$results" | anew "$output"
else
echo "$results"
fi
# Send notification
[[ -n "$results" ]] && echo -e "FFUF Scan Results for $u:\n\n$results" | notify -silent
# Cleanup
rm -rf "$random.json" "$temp_dir"