Giters

z3dc0ps / BBSSRF

BBSSRF - Bug Bounty SSRF is a powerful tool to check SSRF OOB connection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

BBSSRF - Bug Bounty SSRF

Version 1.0

Summary

BBSSRF - Bug Bounty SSRF is a powerful tool to check SSRF OOB connection.

Features

The testing field must contain "BBSSRF" and this tool will automatically change it to dynamically generated payloads.

  • Generating dynamic payloads ✅
  • Testing Single URL ✅
  • Testing URLs list ✅
  • Testing request file ✅
  • STDIN input supported ✅
  • Threading requests ✅
  • Intercept request using proxy ✅

Installation

git clone https://github.com/z3dc0ps/BBSSRF
cd BBSSRF
python bbssrf.py -h

Usage

Note - Testing field must be replaced with "BBSSRF"

# Single URL
python3 bbssrf.py -b http://collaborator.com -u http://example.com/index.php?url=BBSSRF

# Multiple URLs
python3 bbssrf.py -b http://collaborator.com -f urllist.txt

# Request File
python3 bbssrf.py -b http://collaborator.com -r request.req

# STDIN input
cat urllist.txt | python3 bbssrf.py -b http://collaborator.com -s

# Proxy
python3 bbssrf.py -b http://collaborator.com -r request.req -x http://127.0.0.1:8080

Video

bbssrf.mp4

Credit

This tool was inspired by Thomas Houhou's autossrf.py.

Thanks to all Contributors

All contributions are welcomed.

About

BBSSRF - Bug Bounty SSRF is a powerful tool to check SSRF OOB connection

Languages

Language:Python 100.0%