Last active
October 26, 2020 08:46
-
-
Save seajaysec/e3038789d6ce7172c55cd6c456ba1617 to your computer and use it in GitHub Desktop.
Generates URL list from App-Site Association file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Requirements: httpie, jq | |
# Inspired by: | |
# https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/ | |
echo 'Testing URL for AASA' | |
full=$1/.well-known/apple-app-site-association | |
check=`curl -sL -w "%{http_code}\n" "$full" -o /dev/null` | |
if [ $check -eq 200 ] | |
then | |
echo 'Staging Environment' | |
SILENT=true | |
rm -rf ./.aasatmp/ | |
mkdir ./.aasatmp/ | |
echo 'Gathering URL list' | |
SILENT=true | |
http --download $full --output ./.aasatmp/parse.me &> /dev/null | |
SILENT=false | |
echo 'Parsing URL list' | |
SILENT=true | |
function prepend() { while read line; do echo "${1}${line}"; done; } | |
jq '.applinks.details' ./.aasatmp/parse.me | grep "/" | sed 's/NOT //g' | sed 's/"//g' | sed 's/,//g' | sed 's/*//g' | tr -d ' ' | prepend $1 > ./.aasatmp/urls.txt | |
sort -u -o ./.aasatmp/urls.txt{,} | |
SILENT=false | |
echo 'Gathering status codes.' | |
echo '(This might take a while.)' | |
SILENT=true | |
cat ./.aasatmp/urls.txt | while read output | |
do | |
curl -sL -w "%{http_code}\n" "$output" -o /dev/null >> ./.aasatmp/status.txt | |
done | |
SILENT=false | |
echo 'Generating Output' | |
SILENT=true | |
paste -d',' ./.aasatmp/urls.txt ./.aasatmp/status.txt >> ./.aasatmp/body.txt | |
sort -u -o ./.aasatmp/body.txt{,} | |
echo 'URL,Status Code' > ./AASA$1.csv | |
cat ./.aasatmp/body.txt >> ./AASA$1.csv | |
#rm -rf ./.aasatmp/ | |
SILENT=false | |
echo 'Complete' | |
echo 'Generating Preview' | |
echo '' | |
cat ./AASA$1.csv | column -t -s, | head -n 10 | |
echo '' | |
echo 'Full results stored at ./AASA'$1'.csv' | |
else | |
echo 'No AASA at' $full | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Inspired by NCC Group's blog post on enumerating interesting URLs with App-Site Association files, a la robots.txt.
No doubt the script could be cleaned up and made much more efficient, but I learned a lot from making this.
Requires
jq
andhttpie
.