Skanda scans the ports on the server, using SSRF vulnerability. Select any SSRF vulnerable request in IronWASP logs, right click and run this module. Select the vulnerable injection points(GET/POST parameters) and session plugins if any are required. Port Status will be printed in the CLI. This first version is able to do port scan of the server. Future versions will able to scan and exploit the intranet of the vulnerable server.
- Exploits SSRF vulnerability.
- Specially crafted payloads.
- Does a port scan on the vulnerable server and list out the port status.
- Error and time delay based analysis of payloads results in port status.
- Port Status :
- Closed: where the port is closed.
- Open: the port status is determined based on the error message received when connecting to the port.
- Open (Blind XSPA): The port status is determined based on the response time.
- Skanda also gives the user the ability to customize the scan.
- Instead of running the scan for all the ports, user can make the scan, port specific.
- [Skanda.docx] (https://github.com/jayeshchauhan/SKANDA/blob/master/Skanda.docx) is an article written by me, to use Skanda efficiently. Download, at your will.