FProbe : Domains/Subdomains & Probe For Working Http/Https Server

FProbe is a took to take list of domains/subdomains and probe for working http/https server.

Installation

GO111MODULE=on go get -u github.com/theblackturtle/fprobe

Features

  • Take a list of domains/subdomains and probe for working http/https server.
  • Optimize RAM and CPU in runtime.
  • Support special ports for each domain
  • Verbose in JSON format with some additional headers, such as Status Code, Content Type, Location.

Usage

Usage
*******
-c int Concurrency (default 50)
-i string Input file (default is stdin) (default “-“)
-l Use ports in the same line (google.com,2087,2086)
-p value add additional probe (proto:port)
-s skip the default probes (http:80 and https:443)
-t int Timeout (seconds) (default 9)
-v Turn on verbose

Basic Usage

  • Stdin input

❯ cat domains.txt | fprobe

  • File input

❯ fprobe -i domains.txt

Also Read – R00kie-Kr00kie : PoC Exploit For The CVE-2019-15126 Kr00k Vulnerability

Concurrency

❯ cat domains.txt | fprobe -c 200

Use Inline Ports

If you want to use special ports for each domain, you can use the -l flag. You can parse Nmap/Masscan output and reformat it to use this feature.

  • Input (domains.txt)

>>google.com,2087,2086,8880,2082,443,80,2052,2096,2083,8080,8443,2095,2053 >>yahoo.com,2087,2086,8880,2082,443,80,2052,2096,2083,8080,8443,2095,2053 >>sport.yahoo.com,2086,443,2096,2053,8080,2082,80,2083,8443,2052,2087,2095,8880

  • Command

❯ cat domains.txt | fprobe -l

Timeout

❯ cat domains.txt | fprobe -t 10

Special Ports

❯ cat domains.txt | fprobe -p http:8080 -p https:8443

Use To Check Working Urls

❯ echo ‘https://google.com/path1?param=1’ | fprobe
https://google.com/path1?param=1

Use the built-in ports collection (Include 80, 443 by default)

  • Medium: 8000, 8080, 8443
  • Large: 81, 591, 2082, 2087, 2095, 2096, 3000, 8000, 8001, 8008, 8080, 8083, 8443, 8834, 8888
  • XLarge: 81, 300, 591, 593, 832, 981, 1010, 1311, 2082, 2087, 2095, 2096, 2480, 3000, 3128, 3333, 4243, 4567, 4711, 4712, 4993, 5000, 5104, 5108, 5800, 6543, 7000, 7396, 7474, 8000, 8001, 8008, 8014, 8042, 8069, 8080, 8081, 8088, 8090, 8091, 8118, 8123, 8172, 8222, 8243, 8280, 8281, 8333, 8443, 8500, 8834, 8880, 8888, 8983, 9000, 9043, 9060, 9080, 9090, 9091, 9200, 9443, 9800, 9981, 12443, 16080, 18091, 18092, 20720, 28017

❯ cat domains.txt | fprobe -p medium/large/xlarge

Skip Default Probes

If you don’t want to probe for HTTP on port 80 or HTTPS on port 443, you can use the -s flag.

❯ cat domains.txt | fprobe -s

Verbose

The verbose output will be format in JSON format with some additional headers, such as Status Code, Content Type, Location.

❯ cat domains.txt | fprobe -v

>>{“site”:”http://google.com”,”status_code”:301,”server”:”gws”,”content_type”:”text/html; charset=UTF-8″,”location”:”http://www.google.com/”} >>{“site”:”https://google.com”,”status_code”:301,”server”:”gws”,”content_type”:”text/html; charset=UTF-8″,”location”:”https://www.google.com/”}

Credit: tomnomnom

R K

Recent Posts

ModTask – Task Scheduler Attack Tool

ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…

17 hours ago

HellBunny : Advanced Shellcode Loader For EDR Evasio

HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…

17 hours ago

SharpRedirect : A Lightweight And Efficient .NET-Based TCP Redirector

SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…

17 hours ago

Flyphish : Mastering Cloud-Based Phishing Simulations For Security Assessments

Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…

2 days ago

DeLink : Decrypting D-Link Firmware Across Devices With A Rust-Based Library

A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…

2 days ago

LLM Lies : Hallucinations Are Not Bugs, But Features As Adversarial Examples

LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…

2 days ago