-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMethodCheck2.sh
141 lines (125 loc) · 4.59 KB
/
MethodCheck2.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# Filename: MethodCheck2.sh
# Purpose: Check target first http:// then https://<domain as $1> for the various http methods looking for non 403 type reponses
#!/bin/bash
# Define HTTP methods and ANSI color codes
HTTPMethods=(GET POST PUT DELETE HEAD CONNECT OPTIONS TRACE PATCH TRACK PROPFIND PROPPATCH COPY MOVE LOCK UNLOCK MKCOL)
DARK_GREY="\033[1;30m"
BRIGHT_WHITE="\033[1;37m"
NC="\033[0m" # No Color
# Ensure the output directory exists
mkdir -p MethOut
# Function to display the list of HTTP methods
display_methods() {
echo "Available HTTP Methods:"
for method in "${HTTPMethods[@]}"; do
echo "- $method"
done
}
# Function to send requests using randomly selected HTTP methods and save cookies
StagePkt() {
domain=$1
domain_cleaned=$(echo "$domain" | sed 's/[^a-zA-Z0-9]/-/g') # Clean domain name for use in filenames
echo "Sending requests to $domain using randomly selected HTTP methods..."
counter=0
while true; do
# Increment file counter properly
while [[ -f "MethOut/${method}-${domain_cleaned}-cookie-jar-$counter.log" ]]; do
((counter++))
done
# Pick a random HTTP method
method=${HTTPMethods[$RANDOM % ${#HTTPMethods[@]}]}
echo "Using method: $method"
# Perform a curl request, follow redirects, save the cookie jar
response=$(curl -s -L -I -X $method -c "MethOut/${method}-${domain_cleaned}-cookie-jar-$counter.log" "$domain" -o response_headers.txt -w "%{http_code}")
http_code=${response: -3} # Extract status code from curl output
# Print method, response code, and URL with color
echo -e "${DARK_GREY}[${BRIGHT_WHITE}*${DARK_GREY}]${NC} Method: $method, Response: \"${http_code}\", Domain: $domain"
# Wait for a bit before the next request (adjust timing as necessary)
sleep 1
done
}
# Main script logic
case "$1" in
LIST)
display_methods
;;
HELP)
echo "Usage:"
echo "$0 [domain] - Run the script with a domain to test HTTP methods."
echo "$0 LIST - Display the list of available HTTP methods."
echo "$0 HELP - Display this help message."
;;
*)
if [[ -n "$1" ]]; then
StagePkt "$1"
else
echo "Error: No domain provided. Type '$0 HELP' for usage information."
fi
;;
esac
Example output:
After chmod +x MethodCheck2.sh
./MethodCheck2.sh msn.com
sing method: PROPPATCH
[*] Method: PROPPATCH, Response: "405", Domain: msn.com
Using method: UNLOCK
[*] Method: UNLOCK, Response: "405", Domain: msn.com
Using method: COPY
[*] Method: COPY, Response: "405", Domain: msn.com
Using method: PUT
[*] Method: PUT, Response: "411", Domain: msn.com
Using method: TRACE
[*] Method: TRACE, Response: "405", Domain: msn.com
Using method: LOCK
[*] Method: LOCK, Response: "405", Domain: msn.com
Using method: HEAD
[*] Method: HEAD, Response: "404", Domain: msn.com
Using method: OPTIONS
sing method: POST
[*] Method: POST, Response: "411", Domain: msn.com
Using method: TRACE
[*] Method: TRACE, Response: "405", Domain: msn.com
Using method: GET
[*] Method: GET, Response: "200", Domain: msn.com
Using method: UNLOCK
[*] Method: UNLOCK, Response: "405", Domain: msn.com
Using method: GET
[*] Method: GET, Response: "200", Domain: msn.com
Using method: HEAD
[*] Method: HEAD, Response: "404", Domain: msn.com
Using method: PUT
[*] Method: PUT, Response: "411", Domain: msn.com
Using method: LOCK
[*] Method: LOCK, Response: "405", Domain: msn.com
Using method: DELETE
[*] Method: DELETE, Response: "405", Domain: msn.com
Using method: PATCH
[*] Method: PATCH, Response: "405", Domain: msn.com
Using method: UNLOCK
[*] Method: UNLOCK, Response: "405", Domain: msn.com
Using method: PUT
[*] Method: PUT, Response: "411", Domain: msn.com
Using method: GET
[*] Method: GET, Response: "200", Domain: msn.com
Using method: CONNECT
[*] Method: CONNECT, Response: "400", Domain: msn.com
Using method: POST
[*] Method: POST, Response: "411", Domain: msn.com
Using method: TRACE
[*] Method: TRACE, Response: "405", Domain: msn.com
Using method: PATCH
[*] Method: PATCH, Response: "405", Domain: msn.com
Using method: POST
[*] Method: POST, Response: "411", Domain: msn.com
Using method: TRACE
[*] Method: TRACE, Response: "405", Domain: msn.com
Using method: TRACK
[*] Method: TRACK, Response: "405", Domain: msn.com
Using method: PUT
[*] Method: PUT, Response: "411", Domain: msn.com
It should cycle thru http then https . the best way of doing this is
http://
https://
http://www.
https://www.
You can see .. things are starting to get interesting with the non 403 errors. Look for those