ssrf
Server-Side Request Forgery detection, payload generation, bypasses.
Load with: use ssrf
Quick example
use ssrf
result = ssrfb("./example")
prn(result)Functions
Basic payloads
ssrfb(callback_url)
Performs the operation. Takes callback_url.
Internal service scanning
ssrfi(callback_url)
Performs the operation. Takes callback_url.
Bypass techniques
ssrfb(callback_url)
Performs the operation. Takes callback_url.
ssrfb(ip, callback_url)
Performs the operation. Takes ip, callback_url.
ssrfb(callback_url)
Performs the operation. Takes callback_url.
Protocol smuggling
ssrfg(payload)
Performs the operation. Takes payload.
ssrff(callback_url)
Performs the operation. Takes callback_url.
ssrfd(command)
Performs the operation. Takes command.
ssrfl(callback_url)
Performs the operation. Takes callback_url.
ssrfs(path)
Performs the operation. Takes path.
Cloud metadata extraction
ssrfc()
Performs the operation.
Time-based detection
ssrfi(url, param, target_url, delay_secs)
Performs the operation. Takes url, param, target_url, delay_secs.
Response analysis
ssrfa(response)
Performs the operation. Takes response.
Blind SSRF detection
ssrfb(callback_domain)
Performs the operation. Takes callback_domain.
URL parser confusion
ssrfu(url, param)
Performs the operation. Takes url, param.
Redis/Elasticsearch/Memcached command injection via SSRF
ssrfr(command)
Creates from another format. Takes command.
ssrfe(query)
Performs the operation. Takes query.
Notes
- SSRF detection and mitigation. Use only on systems you own.