import regex
import argparse
import requests
import time
import os
import threading
import random
execPath = os.getcwd()
currentPath = os.path.dirname(os.path.abspath(file))
os.chdir(currentPath)
FUZZ_PLACE_HOLDER = '??????'
TIMEOUT_DELAY = 5
LOCK = threading.Lock()
parser = argparse.ArgumentParser()
parser.add_argument("--file", "-f", type=str, required=False, help='file of all URLs to be tested against SSRF')
parser.add_argument("--url", "-u", type=str, required=False, help='url to be tested against SSRF')
parser.add_argument("--threads", "-n", type=int, required=False, help='number of threads for the tool')
parser.add_argument("--output", "-o", type=str, required=False, help='output file path')
parser.add_argument("--oneshot", "-t", action='store_true', help='fuzz with only one basic payload - to be activated in case of time constraints')
parser.add_argument("--verbose", "-v", action='store_true', help='activate verbose mode')
args = parser.parse_args()
if not (args.file or args.url):
parser.error('No input selected: Please add --file or --url as arguments.')
if not os.path.isdir('output'):
os.makedirs('output')
if os.path.isdir('output/threadsLogs'):
os.system("rm -r output/threadsLogs")
os.makedirs('output/threadsLogs')
if args.output:
outputFile = open(os.path.join(execPath, args.output), "a")
else:
outputFile = open("output/ssrf-result.txt", "a")
if args.file:
allURLs = [line.replace('\n', '') for line in open(os.path.join(execPath, args.file), "r")]
regexParams = regex.compile('(?<=(access|dbg|debug|edit|grant|clone|exec|execute|load|make|modify|reset|shell|toggle|adm|root|cfg|dest|redirect|uri|path|continue|url|window|next|data|site|html|validate|domain|callback|return|host|port|to|out|view|dir|show|navigation|open|file|document|folder|pg|php_path|doc|img|filename|file_name|image)=)(.*)(?=(&|$))', flags=regex.IGNORECASE)
extractInteractionServerURL = "(?<=] )([a-z0-9][a-z0-9][a-z0-9].*)"
def getFileSize(fileID):
interactionLogs = open(f"output/threadsLogs/interaction-logs{fileID}.txt", "r")
return len(interactionLogs.read())
def getInteractionServer():
id = random.randint(0, 999999)
os.system(f"interactsh-client -pi 1 &> output/threadsLogs/interaction-logs{id}.txt &")
time.sleep(2)
interactionServer = None
while not interactionServer:
interactionLogs = open(f"output/threadsLogs/interaction-logs{id}.txt", "r")
fileContent = interactionLogs.read()
pastInteractionLogsSize = len(fileContent)
interactionServer = regex.search(extractInteractionServerURL, fileContent)
time.sleep(2)
interactionServer = interactionServer.group()
return interactionServer, id
def exception_verbose_message(exceptionType):
if args.verbose:
if exceptionType == "timeout":
print("\nTimeout detected... URL skipped")
elif exceptionType == "redirects":
print("\nToo many redirects...")
import regex
import argparse
import requests
import time
import os
import threading
import random
execPath = os.getcwd()
currentPath = os.path.dirname(os.path.abspath(file))
os.chdir(currentPath)
FUZZ_PLACE_HOLDER = '??????'
TIMEOUT_DELAY = 5
LOCK = threading.Lock()
parser = argparse.ArgumentParser()
parser.add_argument("--file", "-f", type=str, required=False, help='file of all URLs to be tested against SSRF')
parser.add_argument("--url", "-u", type=str, required=False, help='url to be tested against SSRF')
parser.add_argument("--threads", "-n", type=int, required=False, help='number of threads for the tool')
parser.add_argument("--output", "-o", type=str, required=False, help='output file path')
parser.add_argument("--oneshot", "-t", action='store_true', help='fuzz with only one basic payload - to be activated in case of time constraints')
parser.add_argument("--verbose", "-v", action='store_true', help='activate verbose mode')
args = parser.parse_args()
if not (args.file or args.url):
parser.error('No input selected: Please add --file or --url as arguments.')
if not os.path.isdir('output'):
os.makedirs('output')
if os.path.isdir('output/threadsLogs'):
os.system("rm -r output/threadsLogs")
os.makedirs('output/threadsLogs')
if args.output:
outputFile = open(os.path.join(execPath, args.output), "a")
else:
outputFile = open("output/ssrf-result.txt", "a")
if args.file:
allURLs = [line.replace('\n', '') for line in open(os.path.join(execPath, args.file), "r")]
regexParams = regex.compile('(?<=(access|dbg|debug|edit|grant|clone|exec|execute|load|make|modify|reset|shell|toggle|adm|root|cfg|dest|redirect|uri|path|continue|url|window|next|data|site|html|validate|domain|callback|return|host|port|to|out|view|dir|show|navigation|open|file|document|folder|pg|php_path|doc|img|filename|file_name|image)=)(.*)(?=(&|$))', flags=regex.IGNORECASE)
extractInteractionServerURL = "(?<=] )([a-z0-9][a-z0-9][a-z0-9].*)"
def getFileSize(fileID):
interactionLogs = open(f"output/threadsLogs/interaction-logs{fileID}.txt", "r")
return len(interactionLogs.read())
def getInteractionServer():
id = random.randint(0, 999999)
os.system(f"interactsh-client -pi 1 &> output/threadsLogs/interaction-logs{id}.txt &")
time.sleep(2)
interactionServer = None
while not interactionServer:
interactionLogs = open(f"output/threadsLogs/interaction-logs{id}.txt", "r")
fileContent = interactionLogs.read()
pastInteractionLogsSize = len(fileContent)
interactionServer = regex.search(extractInteractionServerURL, fileContent)
time.sleep(2)
def exception_verbose_message(exceptionType):
if args.verbose:
if exceptionType == "timeout":
print("\nTimeout detected... URL skipped")
elif exceptionType == "redirects":
print("\nToo many redirects...")