This bash script is designed to quickly filter subdomains for ffuf, optimizing the process of identifying viable targets by automatically filtering out subdomains with invalid status codes. This script simplifies the first steps in penetration testing and security assessment tasks.
- Automatically filters subdomains with invalid status codes.
- Interactive GUI prompts to set the target and protocol (HTTP/HTTPS) via Zenity.
- Uses
ffuf(Fuzz Faster U Fool) for rapid fuzzing and filtering. - Dynamically adjusts filters based on initial fuzzing results.
To use this script, you'll need the following:
- Bash shell (Unix/Linux environment)
zenityfor GUI input dialogsffufinstalled and available in your system path- Access to
/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txtor a similar list of subdomains
To install the script, follow these steps:
- Clone the repository or download the 'subdomains' script.
- Make the script executable and move it to a directory in your PATH for easy execution:
chmod +x subdomains sudo cp subdomains /bin/subdomains
To run the script, simply type subdomains in your terminal. The script will proceed through several steps:
- Set Target Domain: You will be prompted to enter the target domain if it is not set as an environment variable.
- Select Protocol: Choose between HTTP and HTTPS for the target.
- Initial Fuzzing: The script runs a short
ffufsession to gather initial data. - Analysis: Analyzes the initial fuzz output to create filter strings for common values.
- Refined Fuzzing: Re-runs
ffufwith the generated filters to refine the results. - Cleanup: Removes temporary files created during the script execution.
Running the script from the command line:
subdomainsContributions to the subdomain-script are welcome. Please submit pull requests or open issues to suggest improvements or report bugs.
This project is licensed under the FAFO License