FProbe is a took to take list of domains/subdomains and probe for working http/https server.
Installation
GO111MODULE=on go get -u github.com/theblackturtle/fprobe
Features
Status Code
, Content Type
, Location
.Usage
Usage
*******
-c int Concurrency (default 50)
-i string Input file (default is stdin) (default “-“)
-l Use ports in the same line (google.com,2087,2086)
-p value add additional probe (proto:port)
-s skip the default probes (http:80 and https:443)
-t int Timeout (seconds) (default 9)
-v Turn on verbose
Basic Usage
❯ cat domains.txt | fprobe
❯ fprobe -i domains.txt
Also Read – R00kie-Kr00kie : PoC Exploit For The CVE-2019-15126 Kr00k Vulnerability
Concurrency
❯ cat domains.txt | fprobe -c 200
Use Inline Ports
If you want to use special ports for each domain, you can use the -l
flag. You can parse Nmap/Masscan output and reformat it to use this feature.
>>google.com,2087,2086,8880,2082,443,80,2052,2096,2083,8080,8443,2095,2053 >>yahoo.com,2087,2086,8880,2082,443,80,2052,2096,2083,8080,8443,2095,2053 >>sport.yahoo.com,2086,443,2096,2053,8080,2082,80,2083,8443,2052,2087,2095,8880
❯ cat domains.txt | fprobe -l
Timeout
❯ cat domains.txt | fprobe -t 10
Special Ports
❯ cat domains.txt | fprobe -p http:8080 -p https:8443
Use To Check Working Urls
❯ echo ‘https://google.com/path1?param=1’ | fprobe
https://google.com/path1?param=1
Use the built-in ports collection (Include 80, 443 by default)
❯ cat domains.txt | fprobe -p medium/large/xlarge
Skip Default Probes
If you don’t want to probe for HTTP on port 80 or HTTPS on port 443, you can use the -s
flag.
❯ cat domains.txt | fprobe -s
Verbose
The verbose output will be format in JSON format with some additional headers, such as Status Code
, Content Type
, Location
.
❯ cat domains.txt | fprobe -v
>>{“site”:”http://google.com”,”status_code”:301,”server”:”gws”,”content_type”:”text/html; charset=UTF-8″,”location”:”http://www.google.com/”} >>{“site”:”https://google.com”,”status_code”:301,”server”:”gws”,”content_type”:”text/html; charset=UTF-8″,”location”:”https://www.google.com/”}
Credit: tomnomnom
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…