Repository: KathanP19/gaussrf
Branch: master
Commit: efd399dec7bd
Files: 4
Total size: 9.8 KB
Directory structure:
gitextract_310b9q4y/
├── README.md
├── burp.txt
├── install.sh
└── ssrf.sh
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# gaussrf
**It is now discontinued project, and not been maintained**
```
____________________ __ ________________________________
__ ____/__ |_ / / / __ ___/_ ___/__ __ \__ ____/
_ / __ __ /| | / / / _____ \_____ \__ /_/ /_ /_
/ /_/ / _ ___ / /_/ / ____/ /____/ /_ _, _/_ __/
\____/ /_/ |_\____/ /____/ /____/ /_/ |_| /_/
```
Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl and Filter Urls With OpenRedirection or SSRF Parameters. This Tool was built to present in Null Ahmedabad [Deep Dive into SSRF](https://null.co.in/event_sessions/3086-deep-dive-into-ssrf) you can get slides from the link.
## Prerequisites
* [GetAllUrls](https://github.com/lc/gau) - For Fetching Urls
* [Assetfinder](https://github.com/tomnomnom/assetfinder) - For Subdomain Enumeration
* [Drishti](https://github.com/devanshbatham/Drishti) - For check if url is live or not.
You can now use install.sh to install require tools, this tools where made in go it should be installed in your system and dont forget to set path of go properly.
```bash
$ sudo chmod +x install.sh
$ ./install.sh
```
### Installation
```bash
$ git clone https://github.com/KathanP19/gaussrf.git
$ cd gaussrf/
$ sudo chmod +x ssrf.sh
```
### Usage
Dont Forget to put your blind ssrf testing link or burp collab link in `burp.txt`
or you can use thi site [SSRFTest](https://ssrftest.com/) if you dont have BurpPro
```
____________________ __ ________________________________
__ ____/__ |_ / / / __ ___/_ ___/__ __ \__ ____/
_ / __ __ /| | / / / _____ \_____ \__ /_/ /_ /_
/ /_/ / _ ___ / /_/ / ____/ /____/ /_ _, _/_ __/
\____/ /_/ |_\____/ /____/ /____/ /_/ |_| /_/
Usage: For Using directly where subdomains will be found using Assetfinder
./ssrf.sh -d domain.com
./ssrf.sh -d domain.com -o output_directory
./ssrf.sh -d domain.com -ap
./ssrf.sh -d domain.com -o output_directory -ap
Usage: For Using list of Subdomains
./ssrf.sh -l subdomains.txt
./ssrf.sh -l subdomains.txt -o output_directory
./ssrf.sh -l subdomains.txt -ap
./ssrf.sh -l subdomains.txt -o output_directory -ap
```
```
Options are as follows
-d for direct letting assetfinder handle subdomain part
-l for using list of subdomains
-o for declaring output directory
-ap for using parameter appending feature
```
## Credits:
Thanks @tomnomom for [Assetfinder](https://github.com/tomnomnom)!
Thanks @devanshbatham for [Drishti](https://github.com/devanshbatham/Drishti)!
Thanks @lc for [GAU](https://github.com/lc/gau)!
Thanks @hussein98d for parameter appending feature.
### TODO list
~~Integrate [ffuf](https://github.com/ffuf/ffuf) to fuzz params with burp collab url.~~
~~Add Option For User to Add there own subdoamin list.~~
## Contributors
[@iNoSec2](https://github.com/iNoSec2) for adding output option.
================================================
FILE: burp.txt
================================================
http://[yourburpcollaburl]
================================================
FILE: install.sh
================================================
#!/bin/bash
echo "============================Installing Tools For GAUSSRF=========================="
echo " "
##Install Assetfinder
echo -e "\nINSTALLING \e[31m[assetfinder]\e[0m"
go get -u github.com/tomnomnom/assetfinder
echo -e "\nINSTALLING ASSETFINDER \e[32mFINISH\e[0m"
##Install GAU
echo -e "\nINSTALLING \e[31m[GAU]\e[0m"
go get -u github.com/lc/gau
echo -e "\nINSTALLING GAU \e[32mFINISH\e[0m"
##Installing Drishti
echo -e "\nINSTALLING \e[31m[Drishti]\e[0m"
git clone https://github.com/devanshbatham/Drishti
cd Drishti
pip3 install -r requirements.txt
rm raw_urls.txt
cd ..
echo -e "\nINSTALLING Drishti \e[32mFINISH\e[0m"
##Install qsreplace
echo -e "\nINSTALLING \e[31m[QSreplace]\e[0m"
go get -u github.com/tomnomnom/qsreplace
echo -e "\nINSTALLING Qsreplace \e[32mFINISH\e[0m"
##Install ffuf
echo -e "\nINSTALLING \e[31m[FFUF]\e[0m"
go get github.com/ffuf/ffuf
echo -e "\nINSTALLING FFUF \e[32mFINISH\e[0m"
echo "=============================Done Installing Tools================================="
================================================
FILE: ssrf.sh
================================================
#!/bin/bash
red=`tput setaf 1`
reset=`tput sgr0`
logo(){
echo "${red}
____________________ __ ________________________________
__ ____/__ |_ / / / __ ___/_ ___/__ __ \__ ____/
_ / __ __ /| | / / / _____ \_____ \__ /_/ /_ /_
/ /_/ / _ ___ / /_/ / ____/ /____/ /_ _, _/_ __/
\____/ /_/ |_\____/ /____/ /____/ /_/ |_| /_/
${reset}"
}
subs(){
logo
##Getting SubDomains
echo -e "\nRUNNING \e[31m[assetfinder]\e[0m"
assetfinder --subs-only $domain > $output_directory/$domain/$domain.assetfinder.txt
cat $output_directory/$domain/$domain.assetfinder.txt | sort -u > $output_directory/$domain/subs.txt
echo "FOUND SUBDOMAINS [$(cat $output_directory/$domain/subs.txt | wc -l)]"
echo -e "RUNNING ASSETFINDER \e[32mFINISH\e[0m"
}
list(){
logo
echo "Its the list of subdomains"
cp $param $output_directory/$domain/subs.txt
}
recon(){
##Starting GETALLURLS
echo -e "\nRUNNING \e[31m[GAU]\e[0m"
cat $output_directory/$domain/subs.txt | gau > $output_directory/$domain/$domain.urls.txt
echo -e "RUNNING GAU \e[32mFINISH\e[0m"
echo "${red} ---------------COLLECTED URLS OF SUBDOMAINS--------------- ${reset}"
##Filter Urls to check with drishti
echo -e "\n\e[31m[Filtering Urls with params]\e[0m"
cat $output_directory/$domain/$domain.urls.txt | grep "=http" | tee $output_directory/$domain/$domain.urls_with_params.txt
echo -e "Filtering Urls with params completed \e[32mFINISH\e[0m"
##Cleaning the list for urls
echo -e "\nChecking for Live Urls \e[31m[LIST]\e[0m"
cp $output_directory/$domain/$domain.urls_with_params.txt ./Drishti/
mv ./Drishti/$domain.urls_with_params.txt ./Drishti/raw_urls.txt
cd ./Drishti
python3 drishti.py
cd ..
cp ./Drishti/Results-200.txt $output_directory/$domain/
rm ./Drishti/raw_urls.txt
echo "FOUND POSSIBLE SSRF URLS [$(cat $output_directory/$domain/Results-200.txt | wc -l)]"
echo -e "Checking for Live Urls \e[32mFINISH\e[0m"
##FUZZ
echo -e "\nHope You Have Added Burp Collab Url In burp.txt Fuzzing\e[31m[LIST]\e[0m"
cat $output_directory/$domain/Results-200.txt | qsreplace FUZZ > $output_directory/$domain/fuzzable.txt
ffuf -w "$output_directory/$domain/fuzzable.txt:URL" -w burp.txt -u URLFUZZ -v
echo "${red} --------------DONE---------------- ${reset}"
}
param(){
echo -e "\n\e[31m[Making List of Appened SSRF Params And Fire Them]\e[0m"
ser=`cat burp.txt`
cat $output_directory/$domain/Results-200.txt | sort | uniq | grep "?" | qsreplace -a | qsreplace $ser > $output_directory/$domain/appended_params.txt
sed -i "s|$|\&dest=$ser\&redirect=$ser\&uri=$ser\&path=$ser\&continue=$ser\&url=$ser\&window=$ser\&next=$ser\&data=$ser\&reference=$ser\&site=$ser\&html=$ser\&val=$ser\&validate=$ser\&domain=$ser\&callback=$ser\&return=$ser\&page=$ser\&feed=$ser\&host=$ser&\port=$ser\&to=$ser\&out=$ser\&view=$ser\&dir=$ser\&show=$ser\&navigation=$ser\&open=$ser|g" $output_directory/$domain/appended_params.txt
echo -e "\nTOTAL NUMBER OF URLS APPENED WITH PARAMS [$(cat $output_directory/$domain/appended_params.txt | wc -l)]"
echo "${red}-----------------------Check Your Server for Potential Callbacks------------------------- ${reset}"
ffuf -w $output_directory/$domain/appended_params.txt -u FUZZ -t 50
echo "${red} --------------DONE---------------- ${reset}"
}
killit(){
logo
echo "Usage: For Using directly which will find domains using Assetfinder"
echo " ./ssrf.sh -d domain.com"
echo " ./ssrf.sh -d domain.com -o output_directory"
echo " ./ssrf.sh -d domain.com -ap"
echo " ./ssrf.sh -d domain.com -o output_directory -ap"
echo " "
echo "Usage: For Using list of Subdomains"
echo " ./ssrf.sh -l subdomains.txt"
echo " ./ssrf.sh -l subdomains.txt -o output_directory"
echo " ./ssrf.sh -l subdomains.txt -ap"
echo " ./ssrf.sh -l subdomains.txt -o output_directory -ap"
exit 1
}
if [ -z "$1" ];then
killit
else
while [ -n "$1" ]; do
case "$1" in
-d) domain="$2"
if [[ $3 == '-o' && $5 == "-ap" ]];then
output_directory="$4/gaussrf/recon/"
mkdir -p "$output_directory"/"$domain"
subs $domain
recon $domain
param $domain
elif [[ $3 == "-o" ]]
then
output_directory="$4/gaussrf/recon/"
mkdir -p "$output_directory"/"$domain"
subs $domain
recon $domain
elif [[ $3 == "-ap" ]]
then
output_directory="recon"
mkdir -p "$output_directory"/"$domain"
subs $domain
recon $domain
param $domain
else
output_directory="recon"
mkdir -p "$output_directory"/"$domain"
subs $domain
recon $domain
fi
shift
break
;;
-l) param="$2"
echo -n "What's is your target name : "
read domain
if [[ $3 == '-o' && $5 == "-ap" ]];then
output_directory="$4/gaussrf/recon/"
mkdir -p "$output_directory"/"$domain"
list
recon $domain
param $domain
elif [[ $3 == "-o" ]]
then
output_directory="$4/gaussrf/recon/"
mkdir -p "$output_directory"/"$domain"
list
recon $domain
elif [[ $3 == "-ap" ]]
then
output_directory="recon"
mkdir -p "$output_directory"/"$domain"
list
recon $domain
param $domain
else
output_directory="recon"
mkdir -p "$output_directory"/"$domain"
list
recon $domain
fi
shift
break
;;
*) echo "Option $1 not recongnized" ;;
esac
shift
done
fi
gitextract_310b9q4y/ ├── README.md ├── burp.txt ├── install.sh └── ssrf.sh
Condensed preview — 4 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (11K chars).
[
{
"path": "README.md",
"chars": 3054,
"preview": "# gaussrf\n**It is now discontinued project, and not been maintained**\n```\n\n\n____________________ __ _________________"
},
{
"path": "burp.txt",
"chars": 27,
"preview": "http://[yourburpcollaburl]\n"
},
{
"path": "install.sh",
"chars": 1021,
"preview": "#!/bin/bash\n\necho \"============================Installing Tools For GAUSSRF==========================\"\necho \" \"\n\n##Insta"
},
{
"path": "ssrf.sh",
"chars": 5947,
"preview": "#!/bin/bash\n\nred=`tput setaf 1`\nreset=`tput sgr0`\n\nlogo(){\n echo \"${red}\n\n ____________________ __ _________"
}
]
About this extraction
This page contains the full source code of the KathanP19/gaussrf GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 4 files (9.8 KB), approximately 3.1k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.