🖊️ Author: Nairuz Abulhul
🌐 Blog: R3dbuck3t
The command performs content discovery by replacing the "FUZZ" keyword in the URL with entries from the specified wordlist. The -fc flag for filtering response size or a list of sizes using commas to separate them.
ffuf -w namelist.txt -u <http://10.129.184.109> -H "HOST: FUZZ.inlanefreight.htb" -fs 10918
Clean up the Ffuf output with grep and AWK.
cat vhosts | grep FUZZ | awk {'print $3'}
Bash script to append original domain name to the identified subdomains
for i in $(cat vhost1); do echo $i.inlanefreight.htb ; done > vhost1
The namelist.txt is the list from Seclist - https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/namelist.txt . The command runs the list to identify virtual hosts for the domain “inlanefreight.htb” that uses the provided IP address 10.129.141.252
cat namelist.txt | while read vhost; do echo "\\n========\\nFound Subdomain: ${vhost}\\n========="; curl -s -I <http://10.129.141.252> -H "HOST: ${vhost}.inlanefreight.htb" | grep "Content-Length: "; done > output
The grep command again and filter for the lines that contain the text “Content-Length:”. Then, we use the uniq command to remove any duplicate lines in a text file, and the -c flag to count the number of times each unique line occurs.
cat output | grep "Content-Length:" | uniq -c
The command greps the string and print the number of lines leading context. Specify the number of the lines with -B option. [before-context]
cat output | grep -B 4 "Content-Length: 103"