ssrf

There are 11 repositories under ssrf topic.

• nahamsec / Resources-for-Beginner-Bug-Bounty-Hunters

  A list of resources for those interested in getting started in bug bounties

  bug-bounty-huntershackersxssbug-bountylearn2hackhackingpentestweb-securityeducationssrfbugbounty
  11596

• reddelexc / hackerone-reports

  Top disclosed reports from HackerOne

  writeupshackeronebugbountyreportsxssxxesql-injectioncsrfidorrcessrfsecurity
  Language:Python 4978

• swisskyrepo / SSRFmap

  Automatic SSRF fuzzer and exploitation tool

  ctfexploitationhacktoberfestpentestserver-side-request-forgeryssrfssrfmapvulnerability
  Language:Python 3393

• tarunkant / Gopherus

  This tool generates gopher link for exploiting SSRF and gaining RCE in various servers

  fastcgigithub-rcegophermemcachemysqlpostgresqlrceredissmtpssrfzabbix
  Language:Python 3226

• JoyChou93 / java-sec-code

  Java web common vulnerabilities and security code which is base on springboot and spring security

  javacodesecurityxxercedeserializetomcatsqlissrfrmicorsjsonpwebspelbenchmark
  Language:Java 2607

• cujanovic / SSRF-Testing

  SSRF (Server Side Request Forgery) testing resources

  ssrfpentestpentest-toolpentestingserver-side-request-forgery
  Language:Python 2442

• cn-panda / JavaCodeAudit

  Getting started with java code auditing 代码审计入门的小项目

  vulnerability-analysisssrfjavarcefastjsonjacksonxsssqlcodeweblogic
  Language:JavaScript 926

• incredibleindishell / SSRF_Vulnerable_Lab

  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack

  web-securityssrfattacklabexploitationserver-side-request-forgeryhacking
  Language:PHP 741

• YagamiiLight / Cerberus

  一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

  hacking-toolsql-injectionxsswafproxymiddlewaressrfpenetration-testingsecurity-toolswebsecuritypythonbypass
  Language:Python 648
• xxexploiter

  luisfontes19 / xxexploiter

  Tool to help exploit XXE vulnerabilities

  xxexeexmlexploitexploitationexternalentitiesssrffilereadexpectcommandexectionoobdtdcdata
  Language:TypeScript 571

• Dliv3 / redis-rogue-server

  Redis 4.x/5.x RCE

  redis-rogue-serverredisrcessrfremote-code-executionredis-unauthorized-access
  Language:Python 558

• Li4n0 / revsuit

  RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.

  pentest-toolssrfxxercereverse-connectionbug-bountydnslogoobout-of-band
  Language:Go 553

• bcoles / ssrf_proxy

  SSRF Proxy facilitates tunneling HTTP communications through servers vulnerable to Server-Side Request Forgery.

  ssrfproxyssrf-proxymagic
  Language:Ruby 475

• tangxiaofeng7 / SecExample

  JAVA 漏洞靶场 (Vulnerability Environment For Java)

  dockerjavaspringbootxss-vulnerabilityvulnerabilityssrfrcefastjsoncorssqlinjectioncsrf
  Language:HTML 474

• chennqqi / godnslog

  An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability

  dnslogxssssrfrcexxerfiwebscanvulnerability
  Language:Go 470

• sqlsec / ssrf-vuls

  国光的手把手带你用 SSRF 打穿内网靶场源码

  ssrfvulhubwebsecurity
  Language:PHP 402

• ImAyrix / fallparams

  Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist

  bug-bounty-huntersbugbountypenetration-testingpentestssrfweb-application-securityweb-securitywordlistwordlist-generatorxss
  Language:Go 401

• Th0h0 / autossrf

  Smart context-based SSRF vulnerability scanner.

  python3bugbountyssrfautomation
  Language:Python 357

• pikpikcu / XRCross

  XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities

  bugbountybugbounty-toolxss-vulnerabilityssrfxss-scannersubdomain-enumerationtakeover-subdomainrcesqlicorslfireconscannerscheck-subdomainscors-scanner
  Language:Shell 344

• teknogeek / ssrf-sheriff

  A simple SSRF-testing sheriff written in Go

  gossrfbugbounty
  Language:Go 332
• Egyscan

  dragonked2 / Egyscan

  Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:

  cybersecurityscannervulnerability-scannerscommand-linecross-site-scriptinginjectionpythonrceremotesqlinjectionvulnerabilityvulnerability-detectionxsssql-injection-remote-code-execution-cross-siteremote-code-executionsql-injectioncommand-injectionlfissrfxxe-injection
  Language:Python 300

• MindPatch / lorsrf

  Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load :artificial_satellite: :crab:

  ssrfbruteforcebugbountywebsecuritypenetration-testingrustpentestingfuzzinghackingblindssrf
  Language:Rust 296

• Tr3jer / dnsAutoRebinding

  ssrf、ssrfIntranetFuzz、dnsRebinding、recordEncode、dnsPoisoning、Support ipv4/ipv6

  dnsrebindingssrf
  Language:Python 217

• random-robbie / Jira-Scan

  CVE-2017-9506 - SSRF

  bugbountyjirassrf
  Language:Python 190

• ryandamour / ssrfuzz

  SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities

  bugbountysecurityssrf
  Language:Go 185

• herwonowr / exprolog

  ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)

  proxylogoncve-2021-26855cve-2021-27065rcepocssrfmicrosoft-exchangemicrosoft-exchange-proxylogon
  Language:Python 183

• dwisiswant0 / proxylogscan

  A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

  proxylogoncve-2021-26855cve-2021-27065microsoft-exchangemicrosoft-exchange-serverssrfmicrosoft-exchange-proxylogon
  Language:Go 161

• storenth / lazyrecon

  Wicked sick v2.0 script is intended to automate your reconnaissance process in an organized fashion.

  arsenalbhusabugbountyfuzzinginfoseclfiosintreconreconnaissancesecurity-automationsqlissrfvulnerability-scanner
  Language:Shell 150

• blackhatethicalhacking / SSRFPwned

  Checks for SSRF using built-in custom Payloads after fetching URLs from Multiple Passive Sources & applying complex patterns aimed at SSRF

  hackingbugbountyredteamssrfssrf-tool
  Language:Shell 131

• 0xAwali / Blind-SSRF

  Nuclei Templates to reproduce Cracking the lens's Research

  ssrfblindssrfnucleinuclei-templatesbugbountyweb-security
  127

• BitTheByte / Eagle

  Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities

  xssssrfbugbountycvetakeoverpythonhackingftpbugcrowdhackerone
  Language:Python 126

• doyensec / safeurl

  A Server Side Request Forgery (SSRF) protection library. Made with 🖤 by Doyensec LLC.

  appsecgosecssrf
  Language:Go 107

• alibaba / seckit

  阿里巴巴安全SDK，提供SSRF、JDBC、XXE防护能力

  securityssrfxxe
  Language:Java 105

• terjanq / Flag-Capture

  Solutions and write-ups from security-based competitions also known as Capture The Flag competition

  ctfcompetitionxss-injectioncss-injectionwebsql-injectioncsrfssrfcapture-the-flag
  Language:HTML 102

• kljunowsky / CVE-2022-41040-POC

  CVE-2022-41040 - Server Side Request Forgery (SSRF) in Microsoft Exchange Server

  bug-bountybugbountycve-2022-41040exploithackingmicrosoftmicrosoft-exchangepocproof-of-conceptsecurityssrf
  Language:Python 90
• Ai-Security-URL

  AiGptCode / Ai-Security-URL

  functions to exploit common web application vulnerabilities such as SQL Injection, Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and Path Traversal.

  hackingkalipythonsqlinjectionssrfurlwebdevelopmentxssaiftphacking-toolmalwareransomwaresshtrojanwebsitewindows
  Language:Python 88